Merge pull request #101 from abbra/increase-gss-buffers

Increase buffer size for GSSAPI exchanges

.cirrus.yml

@@ -0,0 +1,48 @@
+env:
+  CIRRUS_CLONE_DEPTH: 1
+
+freebsd_13_task:
+  freebsd_instance:
+    image_family: freebsd-13-3
+  install_script:
+    - pkg install -y autoconf automake
+    - ./package/setup-configure
+  basic_script: &basic
+    - "[ -f Makefile ] && make distclean"
+    - ./configure || { cat config.log; exit 1; }
+    - make
+    - make test
+  uds_script: &uds
+    - "[ -f Makefile ] && make distclean"
+    - ./configure --with-trust-uds-cred --with-uds || { cat config.log; exit 1; }
+    - make
+    - make test
+  pam_ssl_script: &pamssl
+    - "[ -f Makefile ] && make distclean"
+    - ./configure --with-pam --with-openssl || { cat config.log; exit 1; }
+    - make
+    - make test
+  gssapi_script: &gssapi
+    - "[ -f Makefile ] && make distclean"
+    - ./configure --with-gssapi || { cat config.log; exit 1; }
+    - make
+    - make test
+
+linux_gcc_task:
+  container:
+    image: gcc:latest
+  install_script:
+    - ./package/setup-configure
+  basic_script: *basic
+  uds_script: *uds
+  pam_ssl_script: *pamssl
+
+#macos_task:
+#  osx_instance:
+#    image: mojave-xcode-10.1
+#  install_script:
+#    - brew install autoconf automake
+#    - ./package/setup-configure
+#  basic_script: *basic
+#  uds_script: *uds
+#  pam_ssl_script: *pamssl

.gitignore

@@ -0,0 +1 @@
+*.[ch]~

FAQ

@@ -1,25 +1,49 @@
-		
+
 				Conserver FAQ
 				=============
 
 This is the Conserver FAQ.  Any suggestions/corrections/etc should be
 directed to faq@conserver.com.  The FAQ answers the following questions:
 
-    1) Where can I find the software?
-    2) How do I deal with these serial ports?
-    3) How can I tell what compile-time defaults were used?
-    4) What does "conserver: getservbyname: conserver: No such file or
+    1) What is conserver?
+    2) Where can I find the software?
+    3) How do I deal with these serial ports?
+    4) How can I tell what compile-time defaults were used?
+    5) What does "conserver: getservbyname: conserver: No such file or
        directory" mean (or something close to that)?
-    5) What does "console: gethostbyname: console: host lookup error"
+    6) What does "console: gethostbyname: console: host lookup error"
        mean (or something close to that)?
-    6) How do I set up a serial port for no parity?
+    7) How do I set up a serial port for no parity?
+    8) Is "Conserver" a Trademark or Registered Trademark?
+    9) When I connect to a console, it says it is down.  Why?
+   10) Is there a technical reason why --with-maxmemb's default is 16?
+       I've changed mine to 96.
+   99) OK, things just don't seem to work.  Help?!?
 
 
- 1) Where can I find the software?
+ 1) What is conserver?
+
+    From an email I quickly wrote to a potential user (I'll try and
+    clean it up and make it a little clearer sometime soon):
+
+    Conserver is an application that allows multiple users to watch a
+    serial console at the same time.  It can log the data, allows users
+    to take write-access of a console (one at a time), and has a
+    variety of bells and whistles to accentuate that basic
+    functionality.  The idea is that conserver will log all your serial
+    traffic so you can go back and review why something crashed, look
+    at changes (if done on the console), or tie the console logs into a
+    monitoring system (just watch the logfiles it creates).  With
+    multi-user capabilities you can work on equipment with others,
+    mentor, train, etc.  It also does all that client-server stuff so
+    that, assuming you have a network connection, you can interact with
+    any of the equipment from home or wherever.
+
+ 2) Where can I find the software?
 
     The latest version can be found at http://www.conserver.com/
 
- 2) How do I wire/hook up serial ports?
+ 3) How do I wire/hook up serial ports?
 
     David "Zonker" Harris has a wonderful set of pages that talk about
     hooking up many types of terminal servers, equipment, etc.  It also
@@ -30,35 +54,133 @@ directed to faq@conserver.com.  The FAQ answers the following questions:
     http://www.stokely.com/.  Just look around and be amazed at what
     you'll find!
 
- 3) How can I tell what compile-time defaults were used?
+ 4) How can I tell what compile-time defaults were used?
 
     The compile-time defaults can be found by running conserver and
     console with the -V flag.  Simple as that.
 
- 4) What does "conserver: getservbyname: conserver: No such file or
+ 5) What does "conserver: getservbyname: conserver: No such file or
     directory" mean (or something close to that)?
 
     When conserver was compiled, it was told to use the /etc/services
     entry of "conserver" (what came after getservbyname:).  You'll need
     to either recompile conserver and hard-code a port number (using
-    PORT instead of SERVICE in conserver/cons.h) or enter "conserver"
-    in /etc/services.
+    --with-port=<num>) or enter "conserver" in /etc/services.
 
- 5) What does "console: gethostbyname: console: host lookup error"
+ 6) What does "console: gethostbyname: console: host lookup error"
     mean (or something close to that)?
 
     When the console command was compiled, it was told to use the
     hostname "console" (what came after gethostbyname:) as the master
-    conserver host.  You'll need to either recompile console with the
-    appropriate name of your conserver host or add an alias of "console".
-    In most cases, adding an alias is my suggestion.
+    conserver host.  You'll need to either reconfigure with the
+    appropriate name of your conserver host (--with-master=<name>) or
+    add an alias of "console".  In most cases, adding an alias is my
+    suggestion.
 
- 6) How do I set up a local serial port for no parity?
+ 7) How do I set up a local serial port for no parity?
 
-    The conserver.cf man page will have this in the 6.17 release,
-    but the answer is to use a 'p' after the baud rate.  So, '9600p'
-    is 9600 baud, no parity.
+    The manpage has the answer to this question.  For those that don't
+    want to read it, here are some guidelines.  For pre-7.2.2, you'd
+    want to use a 'p' after the baud rate ("9600p", for example).  For
+    7.2.2 thru 7.2.7, you can use an 'n'.  For 8.0.0 and beyond, you use
+    'parity none;'.
 
-#
-#  $Id: FAQ,v 1.2 2000-12-13 12:20:03-08 bryan Exp $
-#
+ 8) Is "Conserver" a trademark or registered trademark?
+
+    The best answer I can give is "not as far as I know".  A couple of
+    quick searches through the source code doesn't find any claim of a
+    trademark.  I've never done a registered trademark search, but if
+    it had been registered (by a previous author), I'm sure it would be
+    mentioned.  But I'm no lawyer and don't deal with these types of
+    things, so I'm not exactly sure what I'm taking about and my answer
+    becomes a very vague "not as far as I know".
+
+ 9) When I connect to a console, it says it is down.  Why?
+
+    There are multiple reasons why this might happen.  First, see if it's
+    just a remnant of some other temporary problem.  Try and bring the
+    console up by doing a '^Eco' from the client.  If that doesn't work,
+    there's a more serious problem which, hopefully, the conserver logfile
+    will explain.  Check the log for any permission problems, connection
+    refused messages, etc.  You might get more useful information in
+    the log by using the -v option or even by enabling debugging with
+    -D (ideally that shouldn't be necessary).  Depending on the type of
+    console, your system might be out of pseudo-terminals, another process
+    might have a terminal server port occupied (another console server or
+    telnet session), or there was an unseen typo in a path or hostname.
+    The logfile should show hints of things like this and other issues.
+
+10) Is there a technical reason why --with-maxmemb's default is 16?
+    I've changed mine to 96.
+
+    The following is an array of things you need to think about when
+    adjusting --with-maxmemb.  It's a bit long, but it's an important
+    question.
+
+    The big reason (and the main reason for conserver spawning multiple
+    processes) is the maximum number of open files a process can have.
+    Each console can have a few file descriptors associated with it
+    (device, logfile, connected users, and listening socket).  So, each
+    process will have about ( 2 * consoles + users + 1 ) open files
+    (--with-maxmemb sets the maximum number of consoles per process
+    in the equation).  Although most current operating systems allow a
+    large number of open files per process, the general assumption is
+    it's still pretty low.
+
+    You also have the speed of your conserver host vs the rates at which
+    data could be streaming to it.  Go back a decade and this was probably
+    more of an issue than today, but it's still something to think about.
+
+    And then you have the problem of delays.  If any of the 96 console
+    connections "lock up", it'll delay all activity on the 96 consoles.
+    With 16, there's less of an impact.  This can be an issue once the
+    server is up or during startup.  Also, with 16 consoles per process,
+    you get a bit more parallelization during startup.
+
+    So, is there any reason not to up the number to 96?  No.  Assuming you
+    know the risks and weigh things appropriately.  If I remember right,
+    I've upped the number to 48 at some sites.  But that was mainly to
+    reduce the memory footprint in older versions of the code which had
+    statically allocated buffers.  No need to worry about that with the
+    current code.  Personally, I wouldn't change from 16 unless there
+    was a really good reason (like wanting to only have one child process
+    for firewall rules or some such reason).
+
+99) OK, things just don't seem to work.  Help?!?
+
+    Yes, this is a pretty vague question, but here are a few tips that
+    might help.
+
+    - Is your low-level serial connection correct?  Incorrect cables,
+      adapters, wiring, etc. could be the issue.  Using a signal tracer
+      or attaching other equipment that's known to work (like a laptop)
+      might be enlightening.  Check out
+      http://www.conserver.com/consoles/msock.html for basic serial
+      information (or http://www.conserver.com/consoles/ for even more
+      info).
+
+    - Can you talk to the serial port with different software?  Try
+      using tip or minicom or another application to make sure you can
+      interact with the port.  If you're not seeing the right info
+      here, there may be a baud rate issue, a lack of a getty (or
+      equivalent) running on the host or...*shrug*.  But, if you've
+      determined that you already have a valid low-level signal
+      connection, you shouldn't have to worry about that level of
+      problem.
+
+    - So, you're getting the proper interaction from other
+      applications, but not conserver?  Are the port name and baud rate
+      correct in the conserver.cf file?  When you start conserver
+      (adding -v doesn't hurt), are there any warnings/errors?  Is the
+      port in the "up" state when you use "console -u"?  If not, what
+      happens when you connect and then do a "^eco" escape sequence to
+      bring it up?  What does the conserver process say when you do
+      this?  These are the types of things I look at first.  If that
+      doesn't help you determine the problem, others will want to see
+      this info (and possibly the same steps with both the client and
+      server using the -D option) to be able to help.  Posting your
+      questions to the users mailing list is probably your next step.
+
+    - Have you tried a search on the conserver site (it searches
+      mailing list traffic as well) to see if someone else has gone
+      through the same problem?

INSTALL

@@ -1,73 +1,277 @@
-				INSTALL
-				=======
+                                INSTALL
+                                =======
+
+Upgrading?
+
+    Whenever you upgrade I suggest you upgrade both the client and
+    server.  Most times, however, you can get away without upgrading
+    the client (it's usually a fairly static piece of code).  I'll
+    document any dependencies here, but check the CHANGES file for any
+    new features added to the client if you're considering *not*
+    upgrading.
+
+    Version 8.1.3
+	- The '^Ec;' sequence won't work correctly with 8.1.2 (where it
+	  was introduced).
+
+    Version 8.1.2
+	- The 'devicesubst' and 'execsubst' formats have changed from
+	  8.1.1.  It's fairly simple to update your config file to the
+	  new format...just check the conserver.cf manpage.  Sorry for
+	  having to change things, but it's for a good reason (I should
+	  have though ahead when designing the original format).
+
+    Version 8.1.0
+
+	- The client/server protocol has changed to better protect 8-bit
+	  data and to allow programs invoked with '^Ec|' not have to
+	  worry about accidentally sending the escape sequence to the
+	  server.  Though it will look like things are mostly
+	  backward-compatible, don't count on it and just upgrade.
+
+    Version 8.0.2
+
+	- I've added a '^Ec;' sequence to allow the client to signal the
+	  server as to when it's ready to see console data.  Without
+	  this, verbose consoles will prevent clients from attaching
+	  (the client sees unexpected data).  An 8.0.2 client should be
+	  compatible with an 8.0.1 server, but an 8.0.1 client is not
+	  compatible with an 8.0.2 server.
+
+    Version 8.0.1
+
+	- There's a slight client/server protocol change to implement
+	  the new 'initcmd' console option.  If you use this
+	  functionality with an 8.0.0 client, you'll run into a
+	  compatibility problem while the 'initcmd' command is running.
+
+    Version 8.0.0
+
+	- The client/server protocol has been rearchitected.  You *MUST*
+	  use an 8.0.0 client with an 8.0.0 server.  No combination of
+	  client/server will work with pre-8.0.0 code.
+
+	- Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires
+	  you to change your conserver.cf and conserver.passwd files
+	  because both of the file formats have changed.
+
+	  The conserver.cf file changes are so major that there is a
+	  convert program available in the conserver subdirectory.  Just
+	  run './conserver/convert <old-cf-file>' and it will attempt a
+	  conversion to the new format, sending it to stdout.  Any errors
+	  will be printed to stderr.  There are a couple of things
+	  you might need to adjust.  First are the user access lists.
+	  If you are restricting users to certain consoles in your old
+	  conserver.passwd file, you'll need to move those restrictions
+	  into the new conserver.cf file.  Restrictions are set with the
+	  'ro' and 'rw' tags in the configuration file.  Second are the
+	  'access' blocks.  What get produced by the convert program
+	  will be functionally equivalent to the old behavior, but you
+	  may be able to tune things to better suit your environment.
+
+	  The conserver.passwd file's console restrictions have moved,
+	  as described above.  So to convert the conserver.passwd file,
+	  all you really need to do is something like:
+
+		awk -F: '{print $1 ":" $2}' <old-passwd-file>
+
+	  If you have comments or continuation lines in your file,
+	  you'll have to do a bit more cleanup to strip out the third
+	  field (which is what the awk command is intending to do).
+
+	- Conserver no longer trusts reverse DNS information by default.
+	  If you use the --with-trustrevdns configure flag, you can
+	  re-enable the use of gethostbyaddr() [I don't recommended it,
+	  however].  If you are using domain names in access lists,
+	  you'll either need to change those to use hostnames and/or ip
+	  addresses/ranges or use the --with-trustrevdns flag.  For
+	  example, if you have (in the
+	  8.0.0 format):
+
+		allowed conserver.com;  # allow *.conserver.com
+
+	  then you'll need to worry about this change.  If you only use
+	  full hostnames, you shouldn't have to do anything.
+
+    Version 7.2.4
+
+        - If SSL support is compiled into the code, older versions of
+          the client and server are, by default, incompatible because
+          encrypted connections are a requirement.  Use of the -E flag in
+          the client and/or server can work around this (but I discourage
+          this - please upgrade the clients and servers instead).
+
+    Version 7.2.0
+
+        - The code related to broadcast messages in the client (-b) has
+          changed.  If you want the username to come across properly in
+          the broadcast message, you'll need to make sure you upgrade
+          to the 7.2.0 client.
+
+    Version 7.1.1
+
+        - Both conserver.passwd and conserver.cf file parsing behaves
+          the same now.  Both use leading whitespace as a continuation
+          line indicator - if you have leading whitespace on a line
+          (aside from comments) you probably should remove it.
+
+    Version 7.1.0
+
+        - The client/server protocol has changed.  You *MUST* use a
+          7.1.0 client with a 7.1.0 and above server.  A 7.1.0 client
+          is *not* backward compatible with a pre-7.1.0 server.
+
+        - Some of the flags in the client (-d, -D, and -r) and server
+          (-n) have been given new identities to make the client and
+          server flags more uniform.
+
+        - The conserver.passwd file now uses the first username match
+          to determine access rights - if you have multiple instances
+          of a username in an existing password file, they must be
+          combined into one to continue to work.
+
 
 Quickie Instructions
 
-	- Edit 'conserver/cons.h' (if necessary)
+    - Download conserver (http://www.conserver.com/) and unpack
 
-	- Run 'make'
+    - Run './configure'
 
-	- If all is well, run 'make install install.man'
+    - Run 'make'
 
-	- Now set up config files, etc. (see below)
+    - Run 'make test'
 
-    Things will install in /usr/local.  If you'd like to use a different
-    prefix, use 'make PREFIX=/your/path install'.
+    - If all is well, run 'make install'
+
+    - Now set up config files, etc. (see below)
 
 
 Detailed Instructions
 
-    - First thing to do is set up a custom conserver/cons.h file.  If you
-      like all the defaults provided in conserver/port.h, your set.
-      Just use the default cons.h cons.h file.  Here are some of the
-      more important #defines to look for:
+    - First thing to do is determine if you want different defaults.  A
+      './configure --help' will show you the basics.  If you like all
+      the defaults shown, you're set.  If not, here are the conserver
+      unique options:
 
-	PORT or SERVICE		- Socket used to communicate
-	HOST			- Hostname of console server
-	CONFIG			- Config file path
-	PASSWD_FILE		- Password file path
-	MAXMEMB			- Number of consoles per child process
-	MAXGRP			- Number of child processes
+        --with-port=PORT        Specify port number [conserver]
+        --with-base=PORT        Base port for secondary channel [0]
+        --with-master=MASTER    Specify master server hostname [console]
+        --with-ccffile=CFFILE   Specify client config filename
+                                [SYSCONFDIR/console.cf]
+        --with-cffile=CFFILE    Specify config filename [SYSCONFDIR/conserver.cf]
+        --with-pwdfile=PWDFILE  Specify password filename
+                                [SYSCONFDIR/conserver.passwd]
+        --with-logfile=LOGFILE  Specify log filename [/var/log/conserver]
+        --with-pidfile=PIDFILE  Specify PID filepath [/var/run/conserver.pid]
+        --with-maxmemb=MAXMEMB  Specify maximum consoles per process [16]
+        --with-timeout=TIMEOUT  Specify connect() timeout in seconds [10]
+        --with-trustrevdns      Trust reverse DNS information
+        --with-extmsgs          Produce extended messages
+        --with-rpath            Use -R as well as -L for libraries
+        --with-cycladests       (deprecated - noop) Build for a Cyclades TS
+        --with-uds[=DIR]        Use Unix domain sockets for client/server
+                                communication [/tmp/conserver]
+        --with-trust-uds-cred   Trust UDS credentials obtained via socket
+        --with-libwrap[=PATH]   Compile in libwrap (tcp_wrappers) support
+        --with-openssl[=PATH]   Compile in OpenSSL support
+        --with-req-server-cert  Require server SSL certificate by client
+        --with-gssapi[=PATH]    Compile in GSS-API support
+        --with-striprealm       retry username without @REALM with gss-api
+                                authentication
+        --with-freeipmi[=PATH]  Compile in FreeIPMI support
+        --with-dmalloc[=PATH]   Compile in dmalloc support
+        --with-pam              Enable PAM support
+        --with-ipv6             (experimental) Use IPv6 for client/server
+                                communication
 
-    - Now run 'make'.  If you're platform is supported you'll get a nice
-      message about "Configuring for ..." and the programs should compile.
-      If not, you'll have to adjust the settings, or slightly worse,
-      port the software.  For adjusting the settings (like using a
-      different compiler or something), check out the .settings file.
-      'make config', which is done for you, symlinks it to port/<ostype>.
-      If you have to port the software, follow the instructions you
-      received.
+      Not surprisingly, some match the old conserver/cons.h items...here
+      they are for reference:
 
-    - Once things build, you can run 'make install install.man'.
-      This will put things into the /usr/local tree.  If you'd like
-      things deposited elsewhere, you can use 'make PREFIX=/your/path
-      install install.man'.  We like to use something like 'make
-      PREFIX=/tools/conserver install install.man'.
+        PORT or SERVICE         - Socket used to communicate
+        HOST                    - Hostname of console server
+        CONFIG                  - Config file path
+        PASSWD_FILE             - Password file path
+        MAXMEMB                 - Number of consoles per child process
+
+      A couple of notes.  First, --with-libwrap will add tcp_wrappers
+      lookups to all socket connections in the server.  --with-openssl
+      will add encryption between the client and server when you connect
+      to a console.  --with-uds will cause the client and server to use
+      unix domain sockets for their communication, eliminating the
+      tcp communication they normally do (which means --with-master and
+      --with-port are not used).  --with-dmalloc should only be used to
+      do memory allocation debugging and not used in production.
+
+    - Run './configure'.  This will detect system specific
+      information.  The --prefix option will redirect where things are
+      installed.  Other options are available as well...try
+      './configure --help'.
+
+    - Now run 'make'.  Hopefully things will compile.
+
+    - To test your binaries, run 'make test'.  If there are problems, it
+      should mean something is wrong, but check the output differences
+      to make sure it wasn't a temporary failure.  I tried to make the
+      tests generic, but I may have missed something.
+
+    - Once things build, you can run 'make install'.
+
+    - If you'd like to build the autologin application, you'll need to
+      run 'make autologin'.  If you'd like it installed, use 'make
+      autologin.install'.
 
     - Now that the binaries are in place, we need to set up the
       configuration files and such.
 
-      If you used a blank cons.h file or defined a service name (SERVICE
-      token above), you'll need to enter a definition in your services
-      file (directly, via NIS, or whatever).  Here's what we use:
+      + Does your conserver master hostname exist?  This is the
+        hostname specified with the --with-master option.  By default
+        the hostname is "console", so make sure it's in DNS, hosts
+        files, or whatever.
 
-	    console      782/tcp      conserver    # console server
+      + If you used a symbolic name for the --with-port option (by
+        default it uses "conserver", so the answer would be yes),
+        you'll need to enter a definition in your services file
+        (directly, via NIS, or whatever).  Here's what we use:
 
-      If you defined PORT, you shouldn't have to worry about this step.
+            console      782/tcp    conserver    # console server
 
-      Next, make sure conserver runs during boot.  The init script
-      we use under Solaris is installed in <PREFIX>/etc/conserver.rc.
-      Use that or some form of it for your own /etc/init.d script or an
-      entry in startup files (/etc/rc, /etc/rc.local, or whatever).
+        If you used a number, you shouldn't have to worry about this
+        step.
 
-      Now for the fun stuff.  You need to create a conserver.cf and
-      conserver.passwd file.  Those are defined with the CONFIG and
-      PASSWD_FILE settings.  If you ever need to know what values
-      were compiled into conserver, run 'conserver -V'.  See the
-      conserver.cf/INSTALL file for instructions on setup of these files.
+      + Next, make sure conserver runs during boot.  The init script we
+	use under Solaris is installed in
+	<DATADIR>/examples/conserver/conserver.rc.  Use that or some
+	form of it for your own /etc/init.d script or an entry in
+	startup files (/etc/rc, /etc/rc.local, or whatever).
+
+      + Now for the fun stuff.  You need to create a conserver.cf and
+        conserver.passwd file.  Those are defined with the
+        --with-cffile and --with-pwdfile settings.  If you ever need to
+        know what values were compiled into conserver, run 'conserver
+        -V'.  See the conserver.cf/INSTALL file for instructions on
+        setup of these files.
 
     - That's it!  Just start up the console server and enjoy!
 
-#
-#  $Id: INSTALL,v 1.6 2000-03-02 02:26:50-08 bryan Exp $
-#
+
+Other Information And Gotchas
+
+    - Potential GCC bug
+
+        Adam Morris <AMorris@providence.org> reported a problem with
+        the following line in console/console.c:
+
+            if ((in_addr_t) (-1) == pPort->sin_addr.s_addr) {
+
+        This tickles a GCC bug under HP-UX 11.11 using GCC 3.0.2 in
+        64-bit mode with optimization enabled (-O).  The bug could
+        possibly be provoked in other combinations as well.  His fix is
+        to change the line to:
+
+            if ((in_addr_t) (-1) == inet_addr(pcToHost)) {
+
+        It's also reported that newer versions of the compiler fix the
+        issue, so if you happen to have problems with the client
+        connecting to servers, you might be tickling this bug and you
+        can upgrade the compiler, turn off the optimization, or apply
+        this code change.

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2000, conserver.com
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LICENSES

@@ -0,0 +1,115 @@
+Since this piece of software has had many contiributors, there is a
+"chain" of licensing information embedded in the files.  I've copied
+what I could find here so that it's easy to reference.  The entire
+bundle of software is guided by these licensing statements.
+
+----------------------------------------------------------------------------
+
+Copyright (c) 2000, conserver.com
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  - Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+  - Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the
+    distribution.
+
+  - Neither the name of conserver.com nor the names of its contributors
+    may be used to endorse or promote products derived from this
+    software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+----------------------------------------------------------------------------
+
+Copyright (c) 1998, GNAC, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  - Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+  - Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the
+    distribution.
+
+  - Neither the name of GNAC, Inc. nor the names of its contributors
+    may be used to endorse or promote products derived from this
+    software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+----------------------------------------------------------------------------
+
+Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
+47907.  All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. Neither the authors nor Purdue University are responsible for any
+   consequences of the use of this software.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission.  Credit to the authors and Purdue
+   University must appear in documentation and sources.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+4. This notice may not be removed or altered.
+
+----------------------------------------------------------------------------
+
+Copyright (c) 1990 The Ohio State University.
+All rights reserved.
+
+Redistribution and use in source and binary forms are permitted
+provided that: (1) source distributions retain this entire copyright
+notice and comment, and (2) distributions including binaries display
+the following acknowledgement:  ``This product includes software
+developed by The Ohio State University and its contributors''
+in the documentation or other materials provided with the distribution
+and in all advertising materials mentioning features or use of this
+software. Neither the name of the University nor the names of its
+contributors may be used to endorse or promote products derived
+from this software without specific prior written permission.
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+----------------------------------------------------------------------------

LICENSES.md

@@ -0,0 +1,104 @@
+License Clarification
+=====================
+
+The licenses attached to this software ([LICENSES](LICENSES)) are supposed
+to paint a simple concept: that this software was built for the open source
+community and they result in a license compatible with [LICENSE](LICENSE).
+
+Unfortunately, the real world steps in and troubles can arise.  This note
+has been moved over from the [INSTALL](INSTALL) file:
+
+    The Debian folks have conserver distributed with the package
+    names of conserver-client and conserver-server.  They are in
+    the distribution "sid" and the "non-free" part (because the
+    Ohio State license doesn't explicitly allow for modification to
+    the code, even though it's totally implied and the intention of
+    the author - I've even got proof in email!  Oh well, can't
+    blame the Debian folks for being cautious - they've been burned
+    before, apparently).
+
+Here's a copy of the message I exchanged with Thomas A. Fine (original
+author at OSU) in 2001 that is referenced above:
+
+    Date: Wed, 27 Jun 2001 19:47:18 -0400 (EDT)
+    To: bryan@conserver.com
+    From: "Thomas A. Fine" <fine@head-cfa.harvard.edu>
+    Subject: Re: A conserver license question...
+    
+    > Hi Tom,
+    > 
+    > I had a little "problem" crop up that I was hoping you could help me
+    > with.  A guy out in net-land is trying to put a debian package together
+    > of the code I've been releasing (based on your original work) and they
+    > don't like part of the Ohio State license.  I've attached the message
+    > below.
+    > 
+    > I'm not sure what can be done.  One thought was a message from you that
+    > I could put with the code stating that modifications are ok would
+    > work.  Or maybe just modifying the original license statement.  Heck, I
+    > don't even know if either are 100% legal.  Maybe I need to talk to
+    > someone at Ohio State.
+    > 
+    > Well, if you have any ideas or suggestions, please let me know.  Don't
+    > know if I ever got a chance to thank you for the great stuff you
+    > started!  Thank you!  ;-)
+    
+    Well, if I knew then what I know now, I would have copyrighted it
+    under my own name, and not under OSU, and then I could change it.
+    Since I don't work there anymore, strictly speaking, I can't change
+    it.
+    
+    However, IMHO, this license allows modifications, without explicitly
+    stating it.  I can state without a doubt that this was my intention
+    at the time (and hence, OSU's intention, since I put in the copyright
+    while working for OSU).
+    
+    But also, since it allows use of the source, and since the statement
+    required for inclusion says "includes software ..." it seems pretty
+    clear that modification was both allowed and expected.  You can't
+    really use sources if you aren't changing them, and you certainly
+    can't include this software in some other product without making
+    modifications.
+    
+    As I recall, I more or less used the copyright that Berkeley was using
+    back then for there BSD-related software, so I'm surprised there's a
+    problem with it.
+    
+    I have to point out that version 1.2, available at
+    http://hea-www.harvard.edu/~fine/Tech/cs1.2/
+    is distributed entirely without copyright notices.  Interesting, no?
+    So I guess I could add a copyright notice to that.  But would I then
+    be violating the OSU copyright that I wrote for 1.1?  Since it is
+    a different version, I could probably write a new copyright notice 
+    and license and be free and clear.
+    
+    There's also Purdue's versions of the software.  It's mentioned on my
+    console server web page at
+    http://hea-www.harvard.edu/~fine/Tech/console-server.html
+    
+    So, pass this on to the people you're working with and let me know how
+    you want to proceed.
+    
+    	 tom
+
+In addition, a post to the Conserver Users mailing list in May 2020 contained:
+
+    From: Paul Wise via users <users@conserver.com>
+    To: users@conserver.com
+    Subject: Re: license change?
+    Date: Mon, 25 May 2020 12:42:28 +0800
+    
+    On Thu, 2019-07-04 at 10:20 +0200, Bryan Stansell via users wrote:
+    > So, it's more the lack of explicitly stating the code can be
+    > modified.
+    
+    Since then I talked to one of RedHat's lawyers and they mentioned that
+    they have dealt with this problem too and also concluded that these
+    licenses were intended to cover modification. The current wording of
+    the initial part of the BSD license reflects an attempt to correct an
+    earlier mistake (i.e. someone pointed out the error and Berkeley added
+    "with or without modification"). Also the anti-endorsement clause
+    implies a right to modify.
+
+Hopefully corporations (or, I suppose, their lawyers) will be happy with the
+explanation above and become comfortable with the stated license.

Makefile

@@ -1,42 +0,0 @@
-#	$Id: Makefile,v 1.8 2000-03-06 18:08:31-08 bryan Exp $
-#
-#	Master Makefile
-#
-
-SUBDIRS=conserver console conserver.cf
-
-all clean install install.man: FRC
-	@if [ ! -f .settings ]; then \
-	    echo "Running a 'make config' for you"; \
-	    ${MAKE} config; \
-	fi
-	@if [ -f .settings ]; then \
-    	    s=`cat .settings | grep -v '^#'`; \
-	    settings=`echo $$s`; \
-	    if [ -n "${PREFIX}" ]; then settings="'PREFIX=${PREFIX}' $$settings"; fi; \
-	    for s in ${SUBDIRS}; do \
-		( cd $$s; eval ${MAKE} $$settings $@ ) \
-	    done; \
-	else \
-	    echo; \
-	    echo "There is a problem with your platform type.  Try running"; \
-	    echo "'make config' and look into the errors"; \
-	    echo; \
-	    exit; \
-	fi
-	@if [ "$@" = "clean" ]; then rm .settings; fi
-
-config:
-	@p=`port/system 2>/dev/null`; \
-	if [ -n "$$p" ]; then \
-	    rm -f .settings; \
-	    ln -s port/$$p .settings; \
-	    echo "Configured for $$p"; \
-	else \
-	    echo "*** Can't determine system type."; \
-	    echo "*** See ./port for porting issues."; \
-	fi
-
-FRC:
-
-SHELL=/bin/sh

Makefile.in

@@ -0,0 +1,54 @@
+### Path settings
+datarootdir = @datarootdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+mandir = @mandir@
+libdir = @libdir@
+includedir = @includedir@
+sysconfdir = @sysconfdir@
+
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+SUBDIRS = conserver console conserver.cf
+
+all:
+	for n in $(SUBDIRS); do \
+		( cd $$n && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1; \
+	done
+
+autologin:
+	( cd autologin && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1;
+
+autologin.install:
+	( cd autologin && $(MAKE) install $(MAKE_FLAGS) ) || exit 1;
+
+chat:
+	( cd contrib/chat && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1;
+
+chat.install:
+	( cd contrib/chat && $(MAKE) install $(MAKE_FLAGS) ) || exit 1;
+
+test:
+	( cd test && ./dotest ) || exit 1
+
+install:
+	for n in $(SUBDIRS); do \
+		( cd $$n && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1; \
+	done
+
+clean:
+	for n in $(SUBDIRS); do \
+		( cd $$n && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1; \
+	done
+
+distclean:
+	for n in $(SUBDIRS); do \
+		( cd $$n && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1; \
+	done
+	rm -f config.cache config.log config.status config.h Makefile
+
+.PHONY: autologin autologin.install clean distclean install all test

PROTOCOL

@@ -0,0 +1,302 @@
+			   Conserver Protocol
+			   ==================
+
+
+What Is This?
+-------------
+
+The following is an attempt to describe the client/server protocol used
+between the server (conserver) and the client (console).  This document
+bases its information on conserver version 8.1.4, as it's the release
+currently available.  If there are changes to the client/server
+protocol, the INSTALL file should reference them and, ideally, this
+document will be updated.
+
+The information is looked at from the point of the server, since it's
+the server that controls all information and triggers actions on the
+client (like a suspend).  The client's perspective should be obvious
+from this information.
+
+
+SSL
+---
+
+The client and server can negotiate an SSL connection.  As far as the
+code is concerned, the SSL "layer" is transparent.  Data is sent and
+received just as if it was unencrypted.  Therefore, aside bringing up
+the SSL connection, the SSL bits are unimportant from a protocol
+standpoint.  The client and server still send and receive the same
+information - it just happens to be encrypted to everyone else.
+
+
+"On-The-Wire" Data
+------------------
+
+The low-level, "on-the-wire" data is encapsulated similar to the telnet
+protocol.  All data is sent "as-is" with the exception of 0xFF.  0xFF is
+used as a "command character" and both the client and server expect to
+see a predefined option after it.  The possible options are: 0xFF, 'E',
+'G', 'Z', and '.'.
+
+The 0xFF option says to use the literal character 0xFF.  So, if there is
+a 0xFF character in the data stream to be sent, the code will send two
+0xFF characters (it's similar to using '\\' in C strings to embed a
+'\').
+
+The other options are used in various contexts, which will be described
+in detail below.
+
+
+Life As A Server
+----------------
+
+There are three different interfaces presented to clients by the server.
+I'm going to name the three modes "master", "group", and "console".  The
+first two are line-based, and the third is character-based.
+
+To understand the differences, I must outline how conserver manages
+consoles.  When conserver starts, it reads the configuration file,
+listens on the master socket, and, for each group of consoles it must
+manage (where the group size is set by -m), it forks off a copy of
+itself.  Those child processes are what actually connect to the consoles
+and they each listen on a new socket for client connections.  So, you
+end up with a parent process (that knows about all consoles) that
+manages the child processes (that know only about consoles it manages),
+and everyone is listening on an individual socket for connections from
+clients.
+
+The parent process interacts with clients in "master" mode.  That mode
+expects line-based commands and responds similarly.  Because it's the
+master, it understands a certain set of commands that are different than
+in "group" mode.
+
+The child processes interact with clients in "group" mode first, and
+negotiate a change to "console" mode when a client requests a connection
+to a specific console.
+
+
+"master" Mode
+-------------
+
+When parent process gets a connection from a client, it either sends an
+"ok" string to signal it's ready or an error message (like "access from
+your host is refused") and the connection is dropped.  At this point,
+there are a small number of commands recognized by the server, since
+most are restricted to "logged in" clients.  Here's the list of
+available commands:
+
+    exit   disconnect
+    help   this help message
+    login  log in
+    ssl    start ssl session
+
+An "exit" is sent a "goodbye" response and the connection is dropped.  A
+"help" is sent the list above.  A "ssl" is sent an "ok" response and
+then the server expects the client to negotiate an ssl connection.  A
+"login" requires one argument (the username) and is either sent an "ok",
+meaning the client is logged in, or a "passwd?" followed by the local
+hostname, asking for the user's password, which it expects next.  If the
+client sends a valid password, an "ok" is sent, otherwise an error
+message and the connection is dropped.
+
+Upon successful login, the commands available are:
+
+    call      provide port for given console
+    exit      disconnect
+    groups    provide ports for group leaders
+    help      this help message
+    master    provide a list of master servers
+    newlogs*  close and open all logfiles (SIGUSR2)
+    pid       provide pid of master process
+    quit*     terminate conserver (SIGTERM)
+    restart*  restart conserver (SIGHUP) - deprecated
+    reconfig* reread config file (SIGHUP)
+    version   provide version info for server
+    up*       bring up all downed consoles (SIGUSR1)
+    * = requires admin privileges
+
+"exit" and "help" are the same as before the client logged login.
+
+The "call" command expects one argument, the console name to connect to.
+The server will respond with either a port number (if it's a locally
+managed console), an "@hostname" where hostname is the name of the
+remote conserver host managing the console (if it's a remotely managed
+console), or an error message (possibly multi-line).  The client is not
+disconnected, whatever the response.
+
+The "groups" command responds with a colon-separated list of port
+numbers, which correspond to each of the child processes running on the
+local host.  The client is not disconnected.
+
+The "master" command responds with a colon-separated list of "@hostname"
+names.  The list includes any hosts (including the possibility of the
+local host) which have locally managed consoles.  The client is not
+disconnected.
+
+The "newlogs" command reopens all logfiles used by conserver, assuming
+the user has administrative access.  It responds with a message starting
+with "ok" if successful and an error message otherwise (like
+"unauthorized command").  The client is disconnected if it's successful.
+
+The "pid" command responds with the pid of the master process (in this
+case, the one the client is talking to).  The client is not
+disconnected.
+
+The "quit" command will shut down conserver, assuming the user has
+administrative access.  It responds with a message starting with "ok" if
+successful and an error message otherwise (like "unauthorized command").
+The client is disconnected if it's successful.
+
+The "restart" command has been deprecated.  You should use "reconfig".
+
+The "reconfig" command will cause conserver to reread the configuration
+file and apply any changes, assuming the user has administrative access.
+It responds with a message starting with "ok" if successful and an error
+message otherwise (like "unauthorized command").  The client is not
+disconnected.
+
+The "version" command responds with the version string.  The client is
+not disconnected.
+
+The "up" command tries to "bring up" all disconnected consoles, assuming
+the user has administrative access.  It responds with a message starting
+with "ok" if successful and an error message otherwise (like
+"unauthorized command").  The client is disconnected if it's successful.
+
+
+"group" Mode
+------------
+
+When a child process gets a connection from a client, it either sends an
+"ok" string to signal it's ready or an error message (like "access from
+your host is refused") and the connection is dropped.  At this point,
+"group" mode acts just like "master" mode.  Once the client successfully
+logs in, however, "group" mode has the recognizes the following
+commands:
+
+    broadcast    send broadcast message
+    call         connect to given console
+    disconnect*  disconnect the given user(s)
+    examine      examine port and baud rates
+    exit         disconnect
+    group        show users in this group
+    help         this help message
+    hosts        show host status and user
+    info         show console information
+    textmsg      send a text message
+    * = requires admin privileges
+
+The "exit" and "help" commands are like the others documented above.
+
+The "broadcast" command expects a text string of the message to be sent
+to all users connected to this process.  An "ok" is sent as a response.
+
+The "call" command expects one argument, the console name to connect to,
+just like in "master" mode.  The difference here is that this requests
+the server to attach the client to the console and go into "console"
+mode.  If the attachment is successful, the response will begin with a
+'[' character.  If not, an error message is returned.  The success
+responses are:
+
+    [console is read-only]	 - console is read only
+    [read-only -- initializing]	 - console is initializing, and
+				   read-only for the time being
+    [line to console is down]	 - console is down
+    [attached]			 - attached read-write
+    [spy]			 - attached read-only
+
+
+The "disconnect" command expects an argument of the form "user@console"
+where either the "user" or "@console" part may be omitted.  Upon
+success, a response of the form "ok -- disconnected X users" is sent,
+where X is the number of users disconnected.  If a user is unauthorized
+or some other problem occurs, an error message (like "unauthorized
+command") is sent.
+
+The "examine" command returns a list of console information of the form
+that 'console -x' shows.
+
+The "group" command returns a list of console information of the form
+that 'console -w' shows.
+
+The "hosts" command returns a list of console information of the form
+that 'console -u' shows.
+
+The "info" command returns a list of console information of the form
+that 'console -i' shows.
+
+The "textmsg" command expects two arguments, the first being the
+recipient of the message in the form "user@console" (again, where the
+"user" or "@console" portion may be omitted) and the second being the
+string, like the "broadcast" command.  The server returns "ok".
+
+
+"console" Mode
+--------------
+
+As mentioned above, "console" mode is obtained by using the "call"
+command when connected to a child processes operating in "group" mode.
+
+"console" mode should look very familiar to a user of conserver, as it's
+what the user interacts with when connected to a console.  There's
+really nothings special here.  Each character received from the client
+is compared to the escape sequence, and if it matches, an action occurs
+on the server side.  If it doesn't match the escape sequence, the data
+is sent on to the console.  All data received from the console is sent
+to the client(s).  Of course, there are certain exceptions to these
+rules, based on the state of the console and the state of the client.
+And, certain escape sequences cause special behaviors to occur.
+
+Most escape sequences cause the server to send information back to the
+user.  Stuff like "^Ecw", "^Eci", and "^Ecu" are examples.  The escape
+sequence is absorbed by the server, the server sends the client a
+variety of information, and things continue as before.
+
+The more "interesting" escape sequences are the following.
+
+"^Ec;"  The server sends a 0xFF,'G' command sequence to the client, to
+	signal a wish to move to a new console.  The client then gets
+	put into the same state as the "^Ecz" sequence (paused), which
+	gives the client a chance to either resume the connection or
+	disconnect.
+
+"^Ec|"  The server sends a 0xFF,'E' command sequence to the client, to
+	signal a wish to have the client program interact with a
+	program, as opposed to the user.  The server discards all data
+	until it receives one of the following command sequences from
+	the client:
+
+	    0xFF,'E'	Signals successful redirection of interaction to
+			a program.  The server then responds with "[rw]"
+			or "[ro]" to tell the client whether or not they
+			have read-write access.  If not, the client
+			should abort the program and send the abort
+			command sequence below, as other data received by
+			the server will just get dropped.
+
+	    0xFF,'.'	Abort the operation.  The server assumes the
+			redirection didn't happen and returns the client
+			to it's normal mode.
+
+	The server keeps the client in the "redirected" state until it
+	receives a 0xFF,'.' command sequence from the client (which
+	usually occurs when the client command terminates).
+
+	If the client is "bumped" from read-write to read-only by
+	another user, the server will send the client a 0xFF,'.' command
+	sequence to tell it to abort the redirection and return control
+	back to the user.
+
+"^Ecz"  The server sends a 0xFF,'Z' command sequence to the client, to
+	signal a wish to suspend to client process.  The client is then
+	put into a "paused" state where it receives no more data from
+	the server.  When the client is ready to resume receiving data,
+	it sends a character of data to the server, at which point the
+	server discards the character and sends back a status message of
+	the form " -- MSG]".  The current set of possible messages are:
+
+	    " -- line down]"
+	    " -- read-only]"
+	    " -- attached (nologging)]"
+	    " -- attached]"
+	    " -- spy mode]"

README

@@ -1,65 +0,0 @@
-				README
-				======
-
-Maintainer/Enhancer
-
-    Bryan Stansell (bryan@conserver.com) of Certainty Solutions, Inc. -
-    formerly Global Networking and Computing (GNAC)
-
-
-Mailing Lists
-
-    There are currently two mailing lists available at conserver.com.
-    announce@conserver.com is an announcement-only mailing list for
-    informing of new versions, major developments, etc.
-    users@conserver.com is for general Q&A, discussions, ideas, etc for
-    conserver users.  See http://www.conserver.com/ for pointers to
-    these and possibly future lists.
-
-
-Origin
-
-    The console server software found here is a heavily modified
-    version originally written by Tom Fine (fine@cis.ohio-state.edu)
-    and then Kevin S Braunsdorf (ksb+conserver@sa.fedex.com).  Patches
-    from Robert Olson (olson@mcs.anl.gov) were then applied to get
-    network console support.
-
-    Arnold de Leon (arnold@corp.webtv.net) then fixed various bugs and
-    added enhancements while at Synopsys.  I then took the result and
-    continued fixing things and adding features we found useful.
-    Certainty Solutions has been supporting my coding efforts (in too
-    many ways to list) since 1996.
-
-
-The conserver.com Distribution
-
-    The result is a combination of many people's work.  This version is
-    being released in hopes that it will help others.  There is no
-    warranty or support implied by the distribution of the software.
-
-    As of version 6.1.7, the packaging and numbering sheme has
-    changed.  I used to package conserver as conserver-GNAC-v.vv.
-    Since GNAC (now Certainty Solutions) has changed it's name I've
-    decided to drop the GNAC portion and use a 3 digit version number
-    (conserver-v.v.v).  Why change the version numbering?  I need to
-    differenciate this thread of the code from the original authors and
-    I couldn't come up with a good replacement for the GNAC name - sad,
-    but true.
-
-
-Downloading
-
-    The latest version can be found at http://www.conserver.com/.
-
-
-Other Good Information
-
-    Zonker Harris has fabulous documents regarding the hookup
-    of consoles to terminal servers and other such devices.  His
-    Greater Scroll of Console Knowledge is a great place to start
-    (http://www.conserver.com/consoles/).
-
-#
-#  $Id: README,v 1.12 2000-12-14 16:31:04-08 bryan Exp $
-#

README.md

@@ -0,0 +1,35 @@
+Conserver
+=========
+
+[![Build Status](https://api.cirrus-ci.com/github/bstansell/conserver.svg)](https://cirrus-ci.com/github/bstansell/conserver)
+
+Conserver is an application that allows multiple users to watch a
+serial console at the same time. It can log the data, allows users to
+take write-access of a console (one at a time), and has a variety of
+bells and whistles to accentuate that basic functionality. The idea is
+that conserver will log all your serial traffic so you can go back and
+review why something crashed, look at changes (if done on the console),
+or tie the console logs into a monitoring system (just watch the
+logfiles it creates).  With multi-user capabilities you can work on
+equipment with others, mentor, train, etc. It also does all that
+client-server stuff so that, assuming you have a network connection,
+you can interact with any of the equipment from home or wherever.
+
+
+Documentation
+-------------
+
+See the `INSTALL` file for installation and the man pages for specifics.
+
+
+Downloading
+-----------
+
+The latest version can be found on [GitHub](https://github.com/bstansell/conserver/releases).
+
+
+Contributions
+-------------
+
+Contributions distributed with the code can be found in the `contrib`
+subdirectory.

TODO

@@ -0,0 +1,108 @@
+				TODO
+				====
+
+Warning to those who aren't me: this is an unorganized list of things
+that might be classified as bugs, improvements, random thoughts or
+suggestions.  Hopefully it will get cleaned up over time (yeah,
+right!).
+
+Bryan Stansell
+
+---------------------------------------------------------------------------
+
+- Telnet protocol should be improved
+    - Not even RFC 854 compliant...or maybe it is (as of 8.1.0)
+    - Option negotiation semi-ignored - should we negotiate anything more?
+    - Others?
+
+- syslog?
+    Daniel E. Singer <des@cs.duke.edu> would like to see it - especially
+    in regards to --use-libwrap code
+
+- alternate (md5) password encryption support in conserver.passwd
+    - actually happens if the crypt() call supports it, like under linux
+    - hpux has bigcrypt() also, which we support, so maybe we're covered
+
+- config file examples for various configurations
+    - sample conserver.cf has some...but it's not explained well
+
+- per-line timestamps
+    - only when not connected?
+
+- pipe input/output (console <-> program) via 'console'
+    - some apps (net-ups thing, gdb) might need to talk to user
+    - ^Ec| does this, but the interact with user bits might not work
+    - actually, ^Ec| does work right with 8.1.0...one change that might
+      be nice is the ability to NOT watch the i/o pass to the local
+      command - try sending a big file to the local host with xmodem.
+
+- autologout?  setting per console?  gack, would have to interpret data.
+    - this will never happen...i don't want to interpret data
+
+- "listen" capability (watch all/multiple consoles)
+
+- send data to multiple consoles (carbon copy) -
+    Steve Lammert <slammert@panasas.com>
+
+- authentication to terminal servers (ssh, passphrase, whatever)
+    - ssh should probably just be handled by invoking the ssh command.
+      so, that's really already covered, no?
+    - passphrase...hmmm..could really use some sort of send/expect
+      thing here.  you could write a wrapper script of sorts, but it
+      really would be nice to have a raw socket and do the right thing.
+    - this does work, using the 'initcmd' option, so, all done?
+
+- cyclades ts1000/2000 port : "Moses, Joel" <jmoses@deloitte.com>
+
+- strftime() idea for logfile names : Lars Kellogg-Stedman <lars@larsshack.org>
+
+- 9600baud log replay?
+
+- server -M flag should accept multiple addresses (comma separated)
+    - should client as well?
+    - this may never happen...does anyone really need it?
+
+- automatic log rotation in general : Egan Ford <egan@us.ibm.com>
+
+- website docs on serial port configs
+    - PCs (solaris x86, linux, *bsd, etc)
+    - lilo
+    - bios support
+
+- suggestions by Trevor Fiatal <trevor@seven.com>
+    - include server hostname on 'console -x' output
+	- i think the -i output covers it, but maybe not
+
+- ability to configure strings to be sent to a console periodically :
+  Greg A. Woods <woods@planix.com>
+
+- show attach/detach events to/of spy console clients : Greg A. Woods
+  <woods@planix.com>
+
+- redefine client escape sequence in conserver.cf : Toby Gerhart
+  <toby.gerhart@eds.com>
+    - not even sure if this is possible w/o confusing the client,
+      but maybe with the new 8.1.0 client-server protocol, we can!
+
+- log rotation by date : Tom Pachla <tom.pachla@nlc-bnc.ca>
+
+- strict file permission checks on conserver.passwd/conserver.cf : Erik
+  Sjolund <erik.sjolund@sbc.su.se>
+
+- netgroup support?  : Nikolaos Papavassiliou
+  <Nikolaos.Papavassiliou@reuters.com> and Phil Dibowitz <phil@usc.edu>
+
+- send sequences to console on client connect? (to repaint screen,
+  for example) : John Cagle <jcagle@gmail.com>
+
+- uucp locks : Sebastian Zagrodzki <sebek@heron.net.icm.edu.pl>
+
+- support more than 9 break sequences : Danish Mirza <Danish@lehman.com>
+  thought it was easy, but adding more than could break things with
+  current encoding.  doable, will have to think harder about it.
+
+- reintroduce console grouping : Martin Turba
+  <martin.turba@igd.fraunhofer.de>
+
+- quick-recheck of down consoles (for uds) and possibly only log state
+  changes (instead of each try) : DJ Gregor <dj@gregor.com>

_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-cayman

autologin/INSTALL.old

@@ -1,5 +1,3 @@
-# $Id: INSTALL,v 1.3 94/07/11 12:38:19 ksb Exp $
-
 To install this program you need root access and access to the physical
 console of the machine (either through the console server or via the physical
 world).

autologin/Makefile

@@ -1,83 +0,0 @@
-#
-#	$Id: Make.host,v 1.13 94/06/03 15:32:46 nuspl Exp $
-#
-#	Makefile for autologin
-#
-#	Jeff W. Stewart, Purdue University Computing Center
-#
-
-DESTDIR=
-BINDIR=	${DESTDIR}/usr/local/etc
-
-INCLUDE=
-DEBUG=	-g
-DEFS=	-DPUCC -DSUN5
-CFLAGS=	${DEBUG} ${DEFS} ${INCLUDE}
-
-GENC=	main.c
-GENH=	main.h
-GEN=	${GENC} ${GENH}
-HDR=	
-SRC=	autologin.c
-OBJ=	autologin.o main.o
-SOURCE= README autologin.man autologin.m Makefile ${SRC} ${HDR}
-
-
-
-all:	autologin
-
-autologin: ${OBJ}
-	${CC} ${CFLAGS} -o autologin ${OBJ}
-
-main.h: main.c
-
-main.c: autologin.m
-	mkcmd std_help.m std_version.m autologin.m
-	-(cmp -s prog.c main.c || (cp prog.c main.c && echo main.c updated))
-	-(cmp -s prog.h main.h || (cp prog.h main.h && echo main.h updated))
-	rm -f prog.[ch]
-
-# On keep (EPIX), putenv.o is extracted (ar x) from /usr/lib/libc.a
-# and setgroups.o is extracted from libbsd.a
-#
-putenv.o:
-	ar x /usr/lib/libc.a $@
-
-setgroups.o:
-	ar x /usr/lib/libbsd.a $@
-
-getut.o:
-	ar x /sysv/usr/lib/libc.a $@
-
-clean: FRC
-	rm -f autologin *.o errs core Makefile.bak a.out lint.errs ${GEN}
-
-lint: ${HDR} ${SRC} ${GEN} FRC
-	lint -h ${CDEFS} ${INCLUDE} ${GEN} ${SRC}
-
-install: all
-	install -c -s -m 755 autologin ${BINDIR}
-
-distrib:
-	distrib -c ${BINDIR}/autologin	
-
-depend:	${HDR} ${SRC} ${GEN}
-	maketd -a ${HDR} ${SRC} ${GEN}
-
-spotless:	clean
-	rcsclean Makefile ${HDR} ${SRC}
-
-source: ${SOURCE}
-
-${SOURCE}:
-	co -q $@
-
-FRC:
-
-# DO NOT DELETE THIS LINE - maketd DEPENDS ON IT
-
-main.o: main.c
-
-autologin.o: autologin.c main.h
-
-# *** Do not add anything here - It will go away. ***

autologin/Makefile.in

@@ -0,0 +1,53 @@
+### Path settings
+datarootdir = @datarootdir@
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sysconfdir = @sysconfdir@
+
+### Installation programs and flags
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
+LN_S = @LN_S@
+MKDIR = @MKDIR@
+
+### Compiler and link options
+CC	= @CC@
+CFLAGS	= @CFLAGS@ # -DPUCC -DSUN5
+DEFS	= @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)\"
+CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@
+LDFLAGS	= @LDFLAGS@
+LIBS	= @LIBS@
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+AUTOLOGIN_OBJS = main.o autologin.o
+AUTOLOGIN_HDRS = ../config.h $(top_srcdir)/compat.h $(srcdir)/main.h
+ALL = autologin
+
+
+all: $(ALL)
+
+$(AUTOLOGIN_OBJS): $(AUTOLOGIN_HDRS)
+
+autologin: $(AUTOLOGIN_OBJS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o autologin $(AUTOLOGIN_OBJS) $(LIBS)
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+
+clean:
+	rm -f *~ *.o $(ALL) core
+
+distclean: clean
+	rm -f Makefile
+
+install: autologin
+	$(MKDIR) $(DESTDIR)$(bindir)
+	$(INSTALL_PROGRAM) autologin $(DESTDIR)$(bindir)
+
+.PHONY: clean distclean install

autologin/README

@@ -1,16 +1,17 @@
 
-I have not touched the autologin directory.  See the README.old and
-INSTALL.old files if you interested in the program.  I cannot guarantee
-it will compile, install, or run.  It is definately not integrated with
-../Makefile or any of the porting support.  If you have patches that
-make it work, please send them to me and I'll be more than happy to
-incorporate them.
+This file used to say "I have not touched the autologin directory."
+That's no longer true.  I've applied patches submitted by the user
+community (see the CHANGES file for details).  I still cannot guarantee
+anything, but it sounds like at least one person out there is
+successfully using the code.  And now for my original hand-waving...
+
+See the README.old and INSTALL.old files if you interested in the
+program.  I cannot guarantee it will compile, install, or run.  It is
+definately not integrated with ../Makefile or any of the porting
+support.  If you have patches that make it work, please send them to me
+and I'll be more than happy to incorporate them.
 
 No one I've ever talked to found a need for something like autologin.
 Good luck.
 
 Bryan Stansell
-
-#
-#  $Id: README,v 1.1 1999-01-21 22:59:40-08 bryan Exp $
-#

autologin/README.old

@@ -1,5 +1,3 @@
-# $Id: README,v 1.3 93/04/21 16:13:37 ksb Exp $
-
 This program can be used to put a root shell on the console at boot time.
 See the manual page.
 

autologin/autologin.m

@@ -1,7 +1,5 @@
 # mkcmd parser for autologin program
 %%
-static char *rcsid =
-	"$Id: autologin.m,v 1.2 92/07/28 13:18:34 ksb Exp $";
 %%
 
 integer variable "iErrs" {

autologin/autologin.man

@@ -1,4 +1,3 @@
-.\" $Id: autologin.man,v 1.3 93/03/16 16:41:45 ksb Exp $
 .TH AUTOLOGIN 8L PUCC
 .SH NAME
 autologin \- create an automatic login session from /etc/inittab
@@ -112,12 +111,21 @@ environment variable set to
 	ss10:2:respawn:/usr/local/etc/autologin \-e TERM=reg20 \-t/dev/tty10 \-lssinfo
 .ad
 .PP
-Adding the following line to \fI/etc/ttytab\fP on a Sun 4.1.\fIx\fP
+Adding the following line to
+.I /etc/ttytab
+on a Sun
+.RI 4.1. x
 machine establishes a root login on the console device:
+.br
 .na
 	console "/usr/local/etc/autologin \-lroot \-t"    xterm   on local secure
 .ad
-Note that \fIinit\fP provides the \fItty\fP argument on the end of the command.
+.PP
+Note that
+.I init
+provides the
+.I tty
+argument on the end of the command.
 .SH FILES
 /bin/su
 .br

autologin/main.c

@@ -3,352 +3,180 @@
  * built by mkcmd version 7.6 Gamma
  */
 
+#include <config.h>
+
 #include <stdio.h>
 #include <ctype.h>
-#include <string.h>
 
-extern int errno;
-extern char *malloc(), *calloc(), *realloc();
+#include <compat.h>
 
-#define ENVOPT 0
-#define GETARG 0
-#define GETOPT 1
-/* from std_help.m */
-/* from std_version.m */
-/* from autologin.m */
-/* $Id: T.c,v 7.2 94/07/11 00:42:06 ksb Exp $
- * literal text included from a tempate
- * based on Keith Bostic's getopt in comp.sources.unix volume1
- * modified for mkcmd use.... by ksb@cc.purdue.edu (Kevin Braunsdorf)
- */
 
-#if GETOPT || GETARG
-/* IBMR2 (AIX in the real world) defines
- * optind and optarg in <stdlib.h> and confuses the hell out
- * of the C compiler.  So we use those externs.  I guess we will
- * have to stop using the old names. -- ksb
- */
-#ifdef _AIX
-#include <stdlib.h>
-#else
+#ifndef HAVE_GETOPT
 static int
-	optind = 1;		/* index into parent argv vector	*/
-static char
-	*optarg;		/* argument associated with option	*/
-#endif
-#endif /* only if we use them */
-
-#if ENVOPT
-/* breakargs - break a string into a string vector for execv.
- *
- * Note, when done with the vector, merely "free" the vector.
- * Written by Stephen Uitti, PUCC, Nov '85 for the new version
- * of "popen" - "nshpopen", that doesn't use a shell.
- * (used here for the as filters, a newer option).
- *
- * breakargs is copyright (C) Purdue University, 1985
- *
- * Permission is hereby given for its free reproduction and
- * modification for All purposes.
- * This notice and all embedded copyright notices be retained.
- */
-
-/* this trys to emulate shell quoting, but I doubt it does a good job	(ksb)
- * [[ but not substitution -- that would be silly ]]
- */
-static char *
-u_mynext(u_pcScan, u_pcDest)
-register char *u_pcScan, *u_pcDest;
-{
-	register int u_fQuote;
-
-	for (u_fQuote = 0; *u_pcScan != '\000' && (u_fQuote||(*u_pcScan != ' ' && *u_pcScan != '\t')); ++u_pcScan) {
-		switch (u_fQuote) {
-		default:
-		case 0:
-			if ('"' == *u_pcScan) {
-				u_fQuote = 1;
-				continue;
-			} else if ('\'' == *u_pcScan) {
-				u_fQuote = 2;
-				continue;
-			}
-			break;
-		case 1:
-			if ('"' == *u_pcScan) {
-				u_fQuote = 0;
-				continue;
-			}
-			break;
-		case 2:
-			if ('\'' == *u_pcScan) {
-				u_fQuote = 0;
-				continue;
-			}
-			break;
-		}
-		if ((char*)0 != u_pcDest) {
-			*u_pcDest++ = *u_pcScan;
-		}
-	}
-	if ((char*)0 != u_pcDest) {
-		*u_pcDest = '\000';
-	}
-	return u_pcScan;
-}
-
-/* given an envirionment variable insert it in the option list		(ksb)
- * (exploded with the above routine)
- */
-static int
-u_envopt(cmd, pargc, pargv)
-char *cmd, *(**pargv);
-int *pargc;
-{
-	register char *p;		/* tmp				*/
-	register char **v;		/* vector of commands returned	*/
-	register unsigned sum;		/* bytes for malloc		*/
-	register int i, j;		/* number of args		*/
-	register char *s;		/* save old position		*/
-
-	while (*cmd == ' ' || *cmd == '\t')
-		cmd++;
-	p = cmd;			/* no leading spaces		*/
-	i = 1 + *pargc;
-	sum = sizeof(char *) * i;
-	while (*p != '\000') {		/* space for argv[];		*/
-		++i;
-		s = p;
-		p = u_mynext(p, (char *)0);
-		sum += sizeof(char *) + 1 + (unsigned)(p - s);
-		while (*p == ' ' || *p == '\t')
-			p++;
-	}
-	++i;
-	/* vector starts at v, copy of string follows NULL pointer
-         * the extra 7 bytes on the end allow use to be alligned
-         */
-        v = (char **)malloc(sum+sizeof(char *)+7);
-	if (v == NULL)
-		return 0;
-	p = (char *)v + i * sizeof(char *); /* after NULL pointer */
-	i = 0;				/* word count, vector index */
-	v[i++] = (*pargv)[0];
-	while (*cmd != '\000') {
-		v[i++] = p;
-		cmd = u_mynext(cmd, p);
-		p += strlen(p)+1;
-		while (*cmd == ' ' || *cmd == '\t')
-			++cmd;
-	}
-	for (j = 1; j < *pargc; ++j)
-		v[i++] = (*pargv)[j];
-	v[i] = NULL;
-	*pargv = v;
-	*pargc = i;
-	return i;
-}
-#endif /* u_envopt called */
-
-#if GETARG
-/*
- * return each non-option argument one at a time, EOF for end of list
- */
-static int
-u_getarg(nargc, nargv)
-int nargc;
-char **nargv;
-{
-	if (nargc <= optind) {
-		optarg = (char *) 0;
-		return EOF;
-	}
-	optarg = nargv[optind++];
-	return 0;
-}
-#endif /* u_getarg called */
-
-
-#if GETOPT
-static int
-	optopt;			/* character checked for validity	*/
+  optopt;			/* character checked for validity       */
 
 /* get option letter from argument vector, also does -number correctly
  * for nice, xargs, and stuff (these extras by ksb)
  * does +arg if you give a last argument of "+", else give (char *)0
  */
 static int
-u_getopt(nargc, nargv, ostr, estr)
-int nargc;
-char **nargv, *ostr, *estr;
+getopt(int nargc, char **nargv, char *ostr)
 {
-	register char	*oli;		/* option letter list index	*/
-	static char	EMSG[] = "";	/* just a null place		*/
-	static char	*place = EMSG;	/* option letter processing	*/
+    register char *oli;		/* option letter list index     */
+    static char EMSG[] = "";	/* just a null place            */
+    static char *place = EMSG;	/* option letter processing     */
 
-	if ('\000' == *place) {		/* update scanning pointer */
-		if (optind >= nargc)
-			return EOF;
-		if (nargv[optind][0] != '-') {
-			register int iLen;
-			if ((char *)0 != estr && 0 == strncmp(estr, nargv[optind], iLen = strlen(estr))) {
-				optarg = nargv[optind++]+iLen;
-				return '+';
-			}
-			return EOF;
-		}
-		place = nargv[optind];
-		if ('\000' == *++place)	/* "-" (stdin)		*/
-			return EOF;
-		if (*place == '-' && '\000' == place[1]) {
-			/* found "--"		*/
-			++optind;
-			return EOF;
-		}
-	}				/* option letter okay? */
-	/* if we find the letter, (not a `:')
-	 * or a digit to match a # in the list
-	 */
-	if ((optopt = *place++) == ':' ||
-	 ((char *)0 == (oli = strchr(ostr,optopt)) &&
-	  (!(isdigit(optopt)||'-'==optopt) || (char *)0 == (oli = strchr(ostr, '#'))))) {
-		if(!*place) ++optind;
-		return('?');
+    if ('\000' == *place) {	/* update scanning pointer */
+	if (optind >= nargc)
+	    return EOF;
+	if (nargv[optind][0] != '-') {
+	    register int iLen;
+	    return EOF;
 	}
-	if ('#' == *oli) {		/* accept as -digits */
-		optarg = place -1;
-		++optind;
-		place = EMSG;
-		return '#';
+	place = nargv[optind];
+	if ('\000' == *++place)	/* "-" (stdin)              */
+	    return EOF;
+	if (*place == '-' && '\000' == place[1]) {
+	    /* found "--"           */
+	    ++optind;
+	    return EOF;
 	}
-	if (*++oli != ':') {		/* don't need argument */
-		optarg = NULL;
-		if ('\000' == *place)
-			++optind;
-	} else {				/* need an argument */
-		if (*place) {			/* no white space */
-			optarg = place;
-		} else if (nargc <= ++optind) {	/* no arg!! */
-			place = EMSG;
-			return '*';
-		} else {
-			optarg = nargv[optind];	/* white space */
-		}
-		place = EMSG;
-		++optind;
+    }
+    /* option letter okay? */
+    /* if we find the letter, (not a `:')
+     * or a digit to match a # in the list
+     */
+    if ((optopt = *place++) == ':' ||
+	((char *)0 == (oli = strchr(ostr, optopt)) &&
+	 (!(isdigit(optopt) || '-' == optopt) ||
+	  (char *)0 == (oli = strchr(ostr, '#'))))) {
+	if (!*place)
+	    ++optind;
+	return ('?');
+    }
+    if ('#' == *oli) {		/* accept as -digits */
+	optarg = place - 1;
+	++optind;
+	place = EMSG;
+	return '#';
+    }
+    if (*++oli != ':') {	/* don't need argument */
+	optarg = NULL;
+	if ('\000' == *place)
+	    ++optind;
+    } else {			/* need an argument */
+	if (*place) {		/* no white space */
+	    optarg = place;
+	} else if (nargc <= ++optind) {	/* no arg!! */
+	    place = EMSG;
+	    return '*';
+	} else {
+	    optarg = nargv[optind];	/* white space */
 	}
-	return optopt;			/* dump back option letter */
+	place = EMSG;
+	++optind;
+    }
+    return optopt;		/* dump back option letter */
 }
-#endif /* u_getopt called */
-#undef ENVOPT
-#undef GETARG
-#undef GETOPT
+#endif /* ! HAVE_GETOPT */
 
 char
-	*progname = "$Id$",
-	*au_terse[] = {
-		" [-u] [-c cmd] [-e env=value] [-g group] [-l login] [-t tty]",
-		" -h",
-		" -V",
-		(char *)0
-	},
-	*u_help[] = {
-		"c cmd       command to run",
-		"e env=value environment variable to set",
-		"g group     initial group",
-		"h           print this help message",
-		"l login     login name",
-		"t tty       attach to this terminal",
-		"u           do no make utmp entry",
-		"V           show version information",
-		(char *)0
-	},
-	*pcCommand = (char *)0,
-	*pcGroup = (char *)0,
-	*pcLogin = (char *)0,
-	*pcTty = (char *)0;
+ *progname = "", *au_terse[] = {
+    " [-u] [-c cmd] [-e env=value] [-g group] [-l login] [-t tty]",
+    " -h",
+    " -V",
+    (char *)0
+}, *u_help[] = {
+
+    "c cmd       command to run",
+    "e env=value environment variable to set",
+    "g group     initial group",
+    "h           print this help message",
+    "l login     login name",
+    "t tty       attach to this terminal",
+    "u           do no make utmp entry",
+    "V           show version information", (char *)0
+}, *pcCommand = (char *)0, *pcGroup = (char *)0, *pcLogin =
+    (char *)0, *pcTty = (char *)0;
 int
-	fMakeUtmp = 1,
-	iErrs = 0;
+  fMakeUtmp = 1, iErrs = 0;
 
 #ifndef u_terse
-#define u_terse	(au_terse[0])
+# define u_terse	(au_terse[0])
 #endif
-/* from std_help.m */
-/* from std_version.m */
-/* from autologin.m */
-
-static char *rcsid =
-	"$Id: autologin.m,v 1.2 92/07/28 13:18:34 ksb Exp $";
 
 /*
  * parser
  */
 int
-main(argc, argv)
-int argc;
-char **argv;
+main(int argc, char **argv)
 {
-	static char
-		sbOpt[] = "c:e:g:hl:t:uV",
-		*u_pch = (char *)0;
-	static int
-		u_loop = 0;
-	register int u_curopt;
-	extern int atoi();
+    static char
+      sbOpt[] = "c:e:g:hl:t:uV", *u_pch = (char *)0;
+    static int
+      u_loop = 0;
+    register int u_curopt;
+    extern int atoi();
 
-	progname = strrchr(argv[0], '/');
-	if ((char *)0 == progname)
-		progname = argv[0];
-	else
-		++progname;
-	while (EOF != (u_curopt = u_getopt(argc, argv, sbOpt, (char *)0))) {
-		switch (u_curopt) {
-		case '*':
-			fprintf(stderr, "%s: option `-%c\' needs a parameter\n", progname, optopt);
-			exit(1);
-		case '?':
-			fprintf(stderr, "%s: unknown option `-%c\', use `-h\' for help\n", progname, optopt);
-			exit(1);
-		case 'c':
-			pcCommand = optarg;
-			continue;
-		case 'e':
-			if (putenv(optarg) != 0) {
-				 (void) fprintf(stderr, "%s: putenv(\"%s\"): failed\n", progname, optarg);
-				exit(1);
-			}
-			continue;
-		case 'g':
-			pcGroup = optarg;
-			continue;
-		case 'h':
-			for (u_loop = 0; (char *)0 != (u_pch = au_terse[u_loop]); ++u_loop) {
-				if ('\000' == *u_pch) {
-					fprintf(stdout, "%s: with no parameters\n", progname);
-					continue;
-				}
-				fprintf(stdout, "%s: usage%s\n", progname, u_pch);
-			}
-			for (u_loop = 0; (char *)0 != (u_pch = u_help[u_loop]); ++u_loop) {
-				fprintf(stdout, "%s\n", u_pch);
-			}
-			exit(0);
-		case 'l':
-			pcLogin = optarg;
-			continue;
-		case 't':
-			pcTty = optarg;
-			continue;
-		case 'u':
-			fMakeUtmp = 0;
-			continue;
-		case 'V':
-			printf("%s: %s\n", progname, rcsid);
-			exit(0);
+    progname = strrchr(argv[0], '/');
+    if ((char *)0 == progname)
+	progname = argv[0];
+    else
+	++progname;
+    while (EOF != (u_curopt = getopt(argc, argv, sbOpt))) {
+	switch (u_curopt) {
+	    case '*':
+		fprintf(stderr, "%s: option `-%c\' needs a parameter\n",
+			progname, optopt);
+		exit(1);
+	    case '?':
+		fprintf(stderr,
+			"%s: unknown option `-%c\', use `-h\' for help\n",
+			progname, optopt);
+		exit(1);
+	    case 'c':
+		pcCommand = optarg;
+		continue;
+	    case 'e':
+		if (putenv(optarg) != 0) {
+		    (void)fprintf(stderr, "%s: putenv(\"%s\"): failed\n",
+				  progname, optarg);
+		    exit(1);
 		}
-		break;
+		continue;
+	    case 'g':
+		pcGroup = optarg;
+		continue;
+	    case 'h':
+		for (u_loop = 0; (char *)0 != (u_pch = au_terse[u_loop]);
+		     ++u_loop) {
+		    if ('\000' == *u_pch) {
+			fprintf(stdout, "%s: with no parameters\n",
+				progname);
+			continue;
+		    }
+		    fprintf(stdout, "%s: usage%s\n", progname, u_pch);
+		}
+		for (u_loop = 0; (char *)0 != (u_pch = u_help[u_loop]);
+		     ++u_loop) {
+		    fprintf(stdout, "%s\n", u_pch);
+		}
+		exit(0);
+	    case 'l':
+		pcLogin = optarg;
+		continue;
+	    case 't':
+		pcTty = optarg;
+		continue;
+	    case 'u':
+		fMakeUtmp = 0;
+		continue;
+	    case 'V':
+		printf("%s\n", progname);
+		exit(0);
 	}
-	Process();
-	exit(iErrs);
+	break;
+    }
+    Process();
+    exit(iErrs);
 }

autologin/main.h

@@ -4,7 +4,7 @@
 
 extern char *progname, *au_terse[4], *u_help[9];
 #ifndef u_terse
-#define u_terse	(au_terse[0])
+# define u_terse	(au_terse[0])
 #endif
 extern int main();
 extern int fMakeUtmp, iErrs;
@@ -12,4 +12,3 @@ extern char *pcCommand, *pcGroup, *pcLogin, *pcTty;
 /* from std_help.m */
 /* from std_version.m */
 /* from autologin.m */
-

compat.h

@@ -0,0 +1,345 @@
+#include <config.h>
+
+/* things everything seems to need */
+#include <stdio.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <sys/un.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <signal.h>
+
+/* If, when processing a logfile for replaying the last N lines,
+ * we end up seeing more than MAXREPLAYLINELEN characters in a line,
+ * abort processing and display the data.  Why?  There could be some
+ * very large logfiles and very long lines and we'd chew up lots of
+ * memory and send a LOT of data down to the client - all potentially
+ * bad.  If there's a line over this in size, would you really want to
+ * see the whole thing (and possibly others)?
+ */
+#if !defined(MAXREPLAYLINELEN)
+# define MAXREPLAYLINELEN 10000
+#endif
+
+/* the default escape sequence used to give meta commands
+ */
+#if !defined(DEFATTN)
+# define DEFATTN	'\005'
+#endif
+#if !defined(DEFESC)
+# define DEFESC		'c'
+#endif
+
+/* set the default length of the replay functions
+ * DEFREPLAY for 'r'
+ * DEFPLAYBACK for 'p'
+ */
+#if !defined(DEFREPLAY)
+# define DEFREPLAY	20
+#endif
+#if !defined(PLAYBACK)
+# define DEFPLAYBACK	60
+#endif
+
+/* For legacy compile-time setting of the port...
+ */
+#if ! defined(DEFPORT)
+# if defined(SERVICENAME)
+#  define DEFPORT SERVICENAME
+# else
+#  if defined(PORTNUMBER)
+#   define DEFPORT PORTNUMBER
+#  else
+#   define DEFPORT "conserver"
+#  endif
+# endif
+#endif
+
+#if STDC_HEADERS
+# include <string.h>
+# include <stdlib.h>
+#else
+# include <strings.h>
+# ifndef HAVE_STRCHR
+#  define strchr index
+#  define strrchr rindex
+# endif
+#endif
+#if !HAVE_STRCASECMP && HAVE_STRICMP
+# define strcasecmp stricmp
+# define strncasecmp strnicmp
+#endif
+
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+/* if you do not have fd_set's here is a possible emulation
+ */
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+
+#ifndef FD_ZERO
+typedef long fd_set;
+
+# define FD_ZERO(a)	{*(a)=0;}
+# define FD_SET(d,a)	{*(a) |= (1 << (d));}
+# define FD_CLR(d,a)	{*(a) &= ~(1 << (d));}
+# define FD_ISSET(d,a)	(*(a) & (1 << (d)))
+#endif
+
+#ifdef HAVE_SYS_IOCTL_H
+# include <sys/ioctl.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_COMPAT_H
+# include <sys/ioctl_compat.h>
+#endif
+
+#include <termios.h>
+
+#ifndef TAB3
+# ifdef OXTABS
+#  define TAB3 OXTABS
+# else
+#  ifdef XTABS
+#   define TAB3 XTABS
+#  else
+#   define TAB3 0
+#  endif
+# endif
+#endif
+
+#ifdef HAVE_STROPTS_H
+# include <stropts.h>
+#endif
+
+
+#ifdef HAVE_TTYENT_H
+# include <ttyent.h>
+#endif
+
+#ifdef HAVE_SYS_TTOLD_H
+# include <sys/ttold.h>
+#endif
+
+#if HAVE_TYPES_H
+# include <sys/types.h>
+#endif
+
+#if HAVE_SYS_WAIT_H
+# include <sys/wait.h>
+#endif
+#define LO(s) ((unsigned)((s) & 0377))
+#define HI(s) ((unsigned)(((s) >> 8) & 0377))
+#if !defined(WIFEXITED)
+# define WIFEXITED(s) (LO(s)==0)
+#endif
+#if !defined(WEXITSTATUS)
+# define WEXITSTATUS(s) HI(s)
+#endif
+#if !defined(WIFSIGNALED)
+# define WIFSIGNALED(s) ((LO(s)>0)&&(HI(s)==0))
+#endif
+#if !defined(WTERMSIG)
+# define WTERMSIG(s) (LO(s)&0177)
+#endif
+#if !defined(WIFSTOPPED)
+# define WIFSTOPPED(s) ((LO(s)==0177)&&(HI(s)!=0))
+#endif
+#if !defined(WSTOPSIG)
+# define WSTOPSIG(s) HI(s)
+#endif
+
+#if HAVE_SYSEXITS_H
+# include <sysexits.h>
+#else
+# define EX_OK 0
+# define EX_UNAVAILABLE 69
+# define EX_TEMPFAIL 75
+#endif
+
+#include <errno.h>
+#if !defined(HAVE_STRERROR)
+extern int errno;
+extern char *sys_errlist[];
+# define strerror(Me)	(sys_errlist[Me])
+#endif
+
+#if HAVE_H_ERRLIST
+extern int h_errno;
+extern char *h_errlist[];
+# define hstrerror(Me)	(h_errlist[Me])
+#else
+# define hstrerror(Me)	"host lookup error"
+#endif
+
+
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+#  include <sys/time.h>
+# else
+#  include <time.h>
+# endif
+#endif
+
+
+#if HAVE_SHADOW_H
+# include <shadow.h>
+#endif
+
+#ifdef HAVE_CRYPT_H
+# include <crypt.h>
+#endif
+
+#ifdef HAVE_HPSECURITY_H
+# include <hpsecurity.h>
+#endif
+
+#ifdef HAVE_PROT_H
+# include <prot.h>
+#endif
+
+#ifdef HAVE_GETOPT_H
+# include <getopt.h>
+#endif
+
+#ifdef HAVE_SYS_VLIMIT_H
+# include <sys/vlimit.h>
+#else
+# include <limits.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+# include <sys/resource.h>
+#endif
+
+#ifdef HAVE_SYS_UIO_H
+# include <sys/uio.h>
+#endif
+
+#ifdef HAVE_SYS_PROC_H
+# include <sys/proc.h>
+#endif
+
+#ifdef HAVE_SYS_AUDIT_H
+# include <sys/audit.h>
+#endif
+
+#ifdef HAVE_USERSEC_H
+# include <usersec.h>
+#endif
+
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+# include <libutil.h>
+#endif
+
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif
+
+
+#ifndef NGROUPS_MAX
+# define NGROUPS_MAX	8
+#endif
+
+#ifndef HAVE_GETSID
+# define getsid(Mp)	(Mp)
+#endif
+
+#ifndef HAVE_SETSID
+# define setsid()	getpid()
+#endif
+
+#ifndef HAVE_SETGROUPS
+# define setgroups(x, y)	0
+#endif
+
+#ifndef HAVE_IN_ADDR_T
+typedef unsigned long in_addr_t;
+#endif
+
+#ifndef HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
+/*
+ * IUCLC, OLCUC and XCASE were removed from IEEE Std 1003.1-200x
+ *  as legacy definitions.
+ */
+#ifndef IUCLC
+# define IUCLC 0
+#endif
+#ifndef OLCUC
+# define OLCUC 0
+#endif
+#ifndef XCASE
+# define XCASE 0
+#endif
+/* Some systems don't have OFILL or *DLY. */
+#ifndef OFILL
+# define OFILL 0
+#endif
+#ifndef NLDLY
+# define NLDLY 0
+#endif
+#ifndef CRDLY
+# define CRDLY 0
+#endif
+#ifndef TABDLY
+# define TABDLY 0
+#endif
+#ifndef BSDLY
+# define BSDLY 0
+#endif
+#ifndef ONOCR
+# define ONOCR 0
+#endif
+#ifndef ONLRET
+# define ONLRET 0
+#endif
+
+#ifndef SEEK_SET
+# define SEEK_SET L_SET
+#endif
+
+/* setup a conditional debugging line */
+#ifndef CONDDEBUG
+# define CONDDEBUG(line) if (fDebug) {debugFileName=__FILE__; debugLineNo=__LINE__; Debug line;}
+#endif
+
+#if HAVE_DMALLOC
+# include <dmalloc.h>
+#endif
+
+#if HAVE_FREEIPMI
+# include <ipmiconsole.h>
+#endif
+
+#ifndef INADDR_STYPE
+# if USE_IPV6
+#  define INADDR_STYPE struct sockaddr_storage
+# else
+#  define INADDR_STYPE struct in_addr
+# endif
+#endif
+
+#ifndef SOCKADDR_STYPE
+# if USE_IPV6
+#  define SOCKADDR_STYPE struct sockaddr_storage
+# else
+#  define SOCKADDR_STYPE struct sockaddr_in
+# endif
+#endif

configure.ac

@@ -0,0 +1,899 @@
+dnl ### autoheader templates ########################################
+AH_TEMPLATE([CONFIGINVOCATION], [./configure invocation])
+AH_TEMPLATE([DEFPORT], [Socket used to communicate])
+AH_TEMPLATE([DEFBASEPORT], [Base socket used for secondary channel])
+AH_TEMPLATE([MASTERHOST], [Hostname of console server])
+AH_TEMPLATE([CONFIGFILE], [Config file path])
+AH_TEMPLATE([CLIENTCONFIGFILE], [Client config file path])
+AH_TEMPLATE([PASSWDFILE], [Password file path])
+AH_TEMPLATE([LOGFILEPATH], [Logfile path])
+AH_TEMPLATE([MAXMEMB], [Number of consoles per child process])
+AH_TEMPLATE([CONNECTTIMEOUT], [TCP connection timeout])
+AH_TEMPLATE([PIDFILE], [pidfile to write to])
+AH_TEMPLATE([USE_LIBWRAP], [use tcp_wrappers libwrap])
+dnl AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp])
+AH_TEMPLATE([HAVE_PAM], [have PAM support])
+AH_TEMPLATE([HAVE_OPENSSL], [have openssl support])
+AH_TEMPLATE([HAVE_GSSAPI], [have gss-api support])
+AH_TEMPLATE([HAVE_FREEIPMI], [have freeipmi support])
+AH_TEMPLATE([STRIP_REALM], [retry username without @REALM with gss-api authentication])
+AH_TEMPLATE([HAVE_DMALLOC], [have dmalloc support])
+AH_TEMPLATE([HAVE_SA_LEN],[Defined if sa_len member exists in struct sockaddr])
+AH_TEMPLATE([TRUST_REVERSE_DNS],[Defined if we trust reverse DNS])
+AH_TEMPLATE([USE_EXTENDED_MESSAGES],[Defined if we produce extended messages])
+AH_TEMPLATE([USE_UNIX_DOMAIN_SOCKETS],[Defined if we use Unix domain sockets])
+AH_TEMPLATE([USE_IPV6], [Defined if building with IPv6 support])
+AH_TEMPLATE([UDSDIR], [Directory for Unix domain sockets])
+AH_TEMPLATE([FOR_CYCLADES_TS], [Defined if building for a Cyclades TS])
+AH_TEMPLATE([REQ_SERVER_CERT], [Defined if client requires server SSL certificate])
+AH_TEMPLATE([TRUST_UDS_CRED], [Defined if we trust credentials from UDS client])
+
+dnl ### Normal initialization. ######################################
+AC_INIT([conserver],m4_esyscmd_s([./gen-version number]))
+AC_PREREQ(2.69)
+AC_CONFIG_SRCDIR([conserver/main.c])
+AC_CONFIG_HEADER(config.h)
+
+AC_DEFINE_UNQUOTED(CONFIGINVOCATION, "$0 $*")
+
+dnl ### Set some option defaults. ###################################
+if test -z "$CFLAGS"; then
+  CFLAGS="-O"
+fi
+MKDIR="mkdir -p -m 755"
+AC_SUBST(MKDIR)
+
+AC_SUBST(CONSERVER_VERSION, m4_esyscmd_s([./gen-version number]))
+AC_SUBST(CONSERVER_DATE, m4_esyscmd_s([./gen-version date]))
+
+
+dnl ### Custom settings. ############################################
+dnl AC_MSG_CHECKING(whether to allow 64bit compilation)
+dnl AC_ARG_WITH(64bit,
+dnl 	AC_HELP_STRING([--with-64bit],[Allow 64bit compilation]),
+dnl 		[case "$withval" in
+dnl 		    yes)
+dnl 			with_64bit=yes
+dnl 			;;
+dnl 		    *)
+dnl 			with_64bit=no
+dnl 			;;
+dnl 		esac], [with_64bit=no])
+dnl AC_MSG_RESULT($with_64bit)
+
+AC_MSG_CHECKING(for port number specification)
+AC_ARG_WITH(port,
+	AS_HELP_STRING([--with-port=PORT],[Specify port number @<:@conserver@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
+		AC_MSG_RESULT(port 'conserver')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(DEFPORT, "$withval")
+		AC_MSG_RESULT(port '$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
+	AC_MSG_RESULT(port 'conserver')])
+
+AC_MSG_CHECKING(for secondary channel base port)
+AC_ARG_WITH(base,
+	AS_HELP_STRING([--with-base=PORT], [Base port for secondary channel @<:@0@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
+		AC_MSG_RESULT(port '0')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(DEFBASEPORT, "$withval")
+		AC_MSG_RESULT(port '$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
+	AC_MSG_RESULT(port '0')])
+
+AC_MSG_CHECKING(for master conserver hostname)
+AC_ARG_WITH(master,
+	AS_HELP_STRING([--with-master=MASTER],[Specify master server hostname @<:@console@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(MASTERHOST, "console")
+		AC_MSG_RESULT('console')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(MASTERHOST, "$withval")
+		AC_MSG_RESULT('$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(MASTERHOST, "console")
+	AC_MSG_RESULT('console')])
+
+AC_MSG_CHECKING(for client configuration filename)
+AC_ARG_WITH(ccffile,
+	AS_HELP_STRING([--with-ccffile=CFFILE],[Specify client config filename @<:@SYSCONFDIR/console.cf@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, [SYSCONFDIR "/console.cf"])
+		AC_MSG_RESULT('$sysconfdir/console.cf')
+		;;
+	    [[\\/]]* | ?:[[\\/]]* )
+		AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, ["$withval"])
+		AC_MSG_RESULT('$withval')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, [SYSCONFDIR "/$withval"])
+		AC_MSG_RESULT('$sysconfdir/$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, [SYSCONFDIR "/console.cf"])
+	AC_MSG_RESULT('$sysconfdir/console.cf')])
+
+AC_MSG_CHECKING(for configuration filename)
+AC_ARG_WITH(cffile,
+	AS_HELP_STRING([--with-cffile=CFFILE],[Specify config filename @<:@SYSCONFDIR/conserver.cf@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
+		AC_MSG_RESULT('$sysconfdir/conserver.cf')
+		;;
+	    [[\\/]]* | ?:[[\\/]]* )
+		AC_DEFINE_UNQUOTED(CONFIGFILE, ["$withval"])
+		AC_MSG_RESULT('$withval')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/$withval"])
+		AC_MSG_RESULT('$sysconfdir/$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
+	AC_MSG_RESULT('$sysconfdir/conserver.cf')])
+
+AC_MSG_CHECKING(for password filename)
+AC_ARG_WITH(pwdfile,
+	AS_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename @<:@SYSCONFDIR/conserver.passwd@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
+		AC_MSG_RESULT('$sysconfdir/conserver.passwd')
+		;;
+	    [[\\/]]* | ?:[[\\/]]* )
+		AC_DEFINE_UNQUOTED(PASSWDFILE, ["$withval"])
+		AC_MSG_RESULT('$withval')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/$withval"])
+		AC_MSG_RESULT('$sysconfdir/$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
+	AC_MSG_RESULT('$sysconfdir/conserver.passwd')])
+
+AC_MSG_CHECKING(for log filename)
+AC_ARG_WITH(logfile,
+	AS_HELP_STRING([--with-logfile=LOGFILE],[Specify log filename @<:@/var/log/conserver@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
+		AC_MSG_RESULT('/var/log/conserver')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(LOGFILEPATH, "$withval")
+		AC_MSG_RESULT('$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
+	AC_MSG_RESULT('/var/log/conserver')])
+
+AC_SUBST(PIDFILE)
+AC_MSG_CHECKING(for PID filename)
+AC_ARG_WITH(pidfile,
+	AS_HELP_STRING([--with-pidfile=PIDFILE],[Specify PID filepath @<:@/var/run/conserver.pid@:>@]),
+	[case "$withval" in
+	    yes|no)
+		PIDFILE="/var/run/conserver.pid"
+		;;
+	    *)
+		PIDFILE="$withval"
+		;;
+	esac],
+	[PIDFILE="/var/run/conserver.pid"])
+AC_DEFINE_UNQUOTED(PIDFILE, "$PIDFILE")
+AC_MSG_RESULT('$PIDFILE')
+
+AC_MSG_CHECKING(for MAXMEMB setting)
+AC_ARG_WITH(maxmemb,
+	AS_HELP_STRING([--with-maxmemb=MAXMEMB],[Specify maximum consoles per process @<:@16@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(MAXMEMB, 16)
+		AC_MSG_RESULT(16)
+		;;
+	    *)
+		if expr "$withval" : '[[0-9]]*$' >/dev/null 2>&1 &&
+		   test "$withval" -gt 0 -a "$withval" -lt 256; then
+		    AC_DEFINE_UNQUOTED(MAXMEMB, $withval)
+		    AC_MSG_RESULT($withval)
+		else
+		    AC_DEFINE_UNQUOTED(MAXMEMB, 16)
+		    AC_MSG_RESULT([value out of bounds (0<x<256) - setting to 16])
+		fi
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(MAXMEMB, 16)
+	AC_MSG_RESULT(16)])
+
+AC_MSG_CHECKING(for connect() timeout)
+AC_ARG_WITH(timeout,
+	AS_HELP_STRING([--with-timeout=TIMEOUT],[Specify connect() timeout in seconds @<:@10@:>@]),
+	[if expr "$withval" : '[[0-9]]*$' >/dev/null 2>&1 &&
+	    test "$withval" -gt 0 -a "$withval" -lt 300; then
+		AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, $withval)
+		AC_MSG_RESULT($withval)
+	else
+		AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
+		AC_MSG_RESULT([value out of bounds (0<x<300) - setting to 10])
+	fi],
+	[AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
+	AC_MSG_RESULT(10)])
+
+AC_MSG_CHECKING(whether to trust reverse DNS)
+AC_ARG_WITH(trustrevdns,
+	AS_HELP_STRING([--with-trustrevdns],[Trust reverse DNS information]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(TRUST_REVERSE_DNS)
+		AC_MSG_RESULT(yes)
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+AC_MSG_CHECKING(whether to display extended messages)
+AC_ARG_WITH(extmsgs,
+	AS_HELP_STRING([--with-extmsgs],[Produce extended messages]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(USE_EXTENDED_MESSAGES)
+		AC_MSG_RESULT(yes)
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+use_dash_r=no
+AC_MSG_CHECKING(whether to use -R paths as well as -L)
+AC_ARG_WITH(rpath,
+	AS_HELP_STRING([--with-rpath],[Use -R as well as -L for libraries]),
+	[case "$withval" in
+	    yes|no)
+		AC_MSG_RESULT($withval)
+		use_dash_r=$withval
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],
+	[AC_MSG_RESULT(no)])
+
+AC_MSG_CHECKING(whether we are building for a Cyclades TS)
+AC_ARG_WITH(cycladests,
+	AS_HELP_STRING([--with-cycladests],[(deprecated - noop) Build for a Cyclades TS]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(FOR_CYCLADES_TS)
+		AC_MSG_RESULT(yes)
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+
+dnl ### Check for compiler et al. ###################################
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_LN_S
+AC_PROG_MAKE_SET
+
+dnl ### Compiler characteristics. ##################################
+AC_AIX
+AC_C_CONST
+
+dnl AC_CHECK_SIZEOF(long)
+dnl if test "$ac_cv_sizeof_long" -gt 4; then
+dnl     if test "$with_64bit" != "yes"; then
+dnl 	AC_MSG_ERROR([cannot build on >32bit systems (to override use --with-64bit)])
+dnl     else
+dnl 	AC_MSG_WARN([building a 64bit version of conserver - good luck!])
+dnl     fi
+dnl fi
+
+dnl ### Checks for header files. ###################################
+AC_HEADER_STDC
+AC_CHECK_HEADERS(sys/ioctl.h)
+
+AC_SYS_POSIX_TERMIOS
+if test "$ac_cv_sys_posix_termios" != "yes"; then
+    AC_MSG_ERROR([POSIX termios interface required])
+fi
+
+AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h sys/sockio.h sys/param.h sys/un.h)
+dnl sys/proc.h needs sys/param.h on openbsd, apparently
+AC_CHECK_HEADERS(sys/proc.h, [], [],
+[#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+])
+AC_HEADER_TIME
+AC_HEADER_SYS_WAIT
+AC_TYPE_MODE_T
+AC_TYPE_SIGNAL
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_UID_T
+
+AC_CHECK_TYPE([sig_atomic_t],,
+    AC_DEFINE(sig_atomic_t, volatile int,
+	[Define if <signal.h> does not define sig_atomic_t]),
+    [#include <signal.h>])
+
+AC_CHECK_TYPE([in_addr_t],[AC_DEFINE(HAVE_IN_ADDR_T,1,
+	[Defined if in_addr_t exists])],,[$ac_includes_default
+#include <netinet/in.h>])
+AC_CHECK_TYPE([socklen_t],[AC_DEFINE(HAVE_SOCKLEN_T,1,
+	[Defined if socklen_t exists])],,[$ac_includes_default
+#include <sys/socket.h>])
+
+AC_MSG_CHECKING(for sa_len in struct sockaddr)
+AC_TRY_COMPILE([#include <sys/types.h>
+	#include <sys/socket.h>],
+	[struct sockaddr s; s.sa_len=0;],
+	[AC_MSG_RESULT(yes)
+	 AC_DEFINE(HAVE_SA_LEN)],
+	[AC_MSG_RESULT(no)])
+
+
+dnl ### Host specific checks. ######################################
+AC_CANONICAL_HOST
+
+case "$host" in
+*-*-hpux*)
+    CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE_EXTENDED=1"
+    AC_CHECK_LIB(xnet,t_error,,AC_MSG_ERROR([-lxnet needed on HP-UX]))
+    AC_CHECK_LIB(sec,getspnam)
+    AC_CHECK_HEADERS(hpsecurity.h prot.h)
+    AC_CHECK_FUNCS(bigcrypt iscomsec getprpwnam)
+    ;;
+esac
+
+dnl ### Check for libraries. #######################################
+AC_SEARCH_LIBS(socket,socket)
+AC_SEARCH_LIBS(gethostbyname,nsl)
+AC_SEARCH_LIBS(crypt,crypt)
+
+AC_SUBST(CONSLIBS)
+AC_SUBST(CONSCPPFLAGS)
+AC_SUBST(CONSLDFLAGS)
+
+AC_MSG_CHECKING(whether to use Unix domain sockets)
+cons_with_uds="NO"
+AC_ARG_WITH(uds,
+	AS_HELP_STRING([--with-uds@<:@=DIR@:>@    ],
+	    [Use Unix domain sockets for client/server communication @<:@/tmp/conserver@:>@]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE_UNQUOTED(UDSDIR, "/tmp/conserver")
+		AC_DEFINE(USE_UNIX_DOMAIN_SOCKETS)
+		AC_MSG_RESULT([/tmp/conserver])
+		cons_with_uds="YES"
+		;;
+	    no)
+		AC_MSG_RESULT(no)
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(UDSDIR, "$withval")
+		AC_DEFINE(USE_UNIX_DOMAIN_SOCKETS)
+		AC_MSG_RESULT('$withval')
+		cons_with_uds="YES"
+		if expr "$withval" : '/' >/dev/null 2>&1; then
+		    :
+		else
+		    echo "*** WARNING *** you may have better success using a fully-qualified path"
+		    echo "*** WARNING *** instead of '$withval'"
+		fi
+		;;
+	esac
+	
+	if test $cons_with_uds = YES; then
+	    AC_MSG_CHECKING(whether to trust UDS credentials)
+	    AC_ARG_WITH(trust-uds-cred,
+		    AS_HELP_STRING([--with-trust-uds-cred],[Trust UDS credentials obtained via socket]),
+		    [case "$withval" in
+			yes)
+			    AC_TRY_COMPILE([#include <sys/types.h>
+				    #include <sys/socket.h>],
+				    [
+struct sockpeercred u;
+u.uid = 0;
+#if !defined(SO_PEERCRED)
+#error "no SO_PEERCRED defined"
+#endif
+				    ],
+				    [AC_MSG_RESULT(yes)
+				     AC_DEFINE(UDS_CRED_STYPE, sockpeercred, [Defined to UDS credential structure name])
+				     AC_DEFINE(UDS_CRED_UID, uid, [Defined to UDS credential structure uid field])
+				     AC_DEFINE(UDS_CRED_SO, SO_PEERCRED, [Defined to UDS credential socket option])
+				     AC_DEFINE(TRUST_UDS_CRED)],
+				    [
+					AC_TRY_COMPILE([#include <sys/types.h>
+						#include <sys/socket.h>],
+						[
+struct ucred u;
+u.euid = 0;
+#if !defined(SO_PEERCRED)
+#error "no SO_PEERCRED defined"
+#endif
+						],
+						[AC_MSG_RESULT(yes)
+						AC_DEFINE(UDS_CRED_STYPE, ucred, [Defined to UDS credential structure name])
+						AC_DEFINE(UDS_CRED_UID, uid, [Defined to UDS credential structure uid field])
+						AC_DEFINE(UDS_CRED_SO, SO_PEERCRED, [Defined to UDS credential socket option])
+						AC_DEFINE(TRUST_UDS_CRED)],
+						[
+							AC_TRY_COMPILE([#include <sys/types.h>
+								#include <sys/socket.h>],
+								[
+struct peercred_struct u;
+u.euid = 0;
+#if !defined(SO_PEERID)
+#error "no SO_PEERID defined"
+#endif
+								],
+								[AC_MSG_RESULT(yes)
+								 AC_DEFINE(UDS_CRED_STYPE, peercred_struct, [Defined to UDS credential structure name])
+								 AC_DEFINE(UDS_CRED_UID, euid, [Defined to UDS credential structure uid field])
+								 AC_DEFINE(UDS_CRED_SO, SO_PEERID, [Defined to UDS credential socket option])
+								 AC_DEFINE(TRUST_UDS_CRED)],
+								[AC_MSG_RESULT(no)]),
+						    ])
+				    ])
+			    ;;
+			*)
+			    AC_MSG_RESULT(no)
+			    ;;
+		    esac],[AC_MSG_RESULT(no)])
+	fi
+	],[AC_MSG_RESULT(no)])
+
+cons_with_libwrap="NO"
+AC_ARG_WITH(libwrap,
+    AS_HELP_STRING([--with-libwrap@<:@=PATH@:>@],
+	[Compile in libwrap (tcp_wrappers) support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    WRAPCPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		WRAPLDFLAGS="-L$withval/lib"
+	    else
+		WRAPLDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    WRAPCPPFLAGS=""
+	    WRAPLDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+
+	CPPFLAGS="$CPPFLAGS $WRAPCPPFLAGS"
+	LDFLAGS="$LDFLAGS $WRAPLDFLAGS"
+
+	AC_CHECK_HEADER(tcpd.h,
+	    [LIBS="$LIBS -lwrap"
+	    AC_MSG_CHECKING(for TCP wrappers library -lwrap)
+	    AC_TRY_LINK([#include <tcpd.h>
+		int allow_severity = 0;
+		int deny_severity  = 0;
+		],[hosts_access((void *)0)],
+		[AC_MSG_RESULT(yes)
+		 cons_with_libwrap="YES"
+		 AC_DEFINE(USE_LIBWRAP)
+		 CONSLIBS="$CONSLIBS -lwrap"
+		 CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
+		 CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
+		[AC_MSG_RESULT(no)
+		 LIBS="$LIBS -lnsl"
+		 AC_MSG_CHECKING(for TCP wrappers library -lwrap with -lnsl)
+		 AC_TRY_LINK([#include <tcpd.h>
+		    int allow_severity = 0;
+		    int deny_severity  = 0;
+		    ],[hosts_access((void *)0)],
+		    [AC_MSG_RESULT(yes)
+		     cons_with_libwrap="YES"
+		     AC_DEFINE(USE_LIBWRAP)
+		     CONSLIBS="$CONSLIBS -lwrap -lnsl"
+		     CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
+		     CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
+		    [AC_MSG_RESULT(no)])])],)
+	LIBS="$oLIBS"
+	CPPFLAGS="$oCPPFLAGS"
+	LDFLAGS="$oLDFLAGS"
+    fi]
+)
+
+cons_with_openssl="NO"
+AC_ARG_WITH(openssl,
+    AS_HELP_STRING([--with-openssl@<:@=PATH@:>@],
+	[Compile in OpenSSL support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    OPENSSLCPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		OPENSSLLDFLAGS="-L$withval/lib"
+	    else
+		OPENSSLLDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    OPENSSLCPPFLAGS=""
+	    OPENSSLLDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_openssl=no
+
+	CPPFLAGS="$CPPFLAGS $OPENSSLCPPFLAGS"
+	LDFLAGS="$LDFLAGS $OPENSSLLDFLAGS"
+
+	AC_CHECK_HEADER([openssl/ssl.h],
+	    [LIBS="$LIBS -lssl -lcrypto"
+	    AC_MSG_CHECKING(for openssl libraries -lssl and -lcrypto)
+	    AC_TRY_LINK([#include <openssl/ssl.h>
+		],[SSL_CTX_new(NULL)],
+		[AC_MSG_RESULT(yes)
+		cons_with_openssl="YES"
+		AC_DEFINE(HAVE_OPENSSL)
+		have_openssl=yes],
+		[AC_MSG_RESULT(no)])],)
+
+	if test $have_openssl = no; then
+	    LIBS="$oLIBS"
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	fi
+
+	AC_MSG_CHECKING(whether to require server cert)
+	AC_ARG_WITH(req-server-cert,
+		AS_HELP_STRING([--with-req-server-cert],[Require server SSL certificate by client]),
+		[case "$withval" in
+		    yes)
+			AC_DEFINE(REQ_SERVER_CERT)
+			AC_MSG_RESULT(yes)
+			;;
+		    *)
+			AC_MSG_RESULT(no)
+			;;
+		esac],[AC_MSG_RESULT(no)])
+    fi]
+)
+
+cons_with_gssapi="NO"
+cons_strip_realm="NO"
+AC_ARG_WITH(gssapi,
+    AS_HELP_STRING([--with-gssapi@<:@=PATH@:>@],
+	[Compile in GSS-API support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    GSSAPICPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		GSSAPILDFLAGS="-L$withval/lib"
+	    else
+		GSSAPILDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    GSSAPICPPFLAGS=""
+	    GSSAPILDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_gssapi=no
+
+	CPPFLAGS="$CPPFLAGS $GSSAPICPPFLAGS"
+	LDFLAGS="$LDFLAGS $GSSAPILDFLAGS"
+
+	AC_CHECK_HEADER([gssapi/gssapi.h],
+	    [LIBS="$oLIBS -lgssapi"
+	    AC_MSG_CHECKING(for gssapi library -lgssapi)
+	    AC_TRY_LINK([#include <gssapi/gssapi.h>
+			 #include <stdio.h>
+		],[gss_create_empty_oid_set(NULL, NULL)],
+		[AC_MSG_RESULT(yes)
+		cons_with_gssapi="YES"
+		AC_DEFINE(HAVE_GSSAPI)
+		have_gssapi=yes],
+		[AC_MSG_RESULT(no)
+		LIBS="$oLIBS -lgssglue"
+		AC_MSG_CHECKING(for gssapi library -lgssglue)
+		AC_TRY_LINK([#include <gssapi/gssapi.h>
+			     #include <stdio.h>
+		    ],[gss_create_empty_oid_set(NULL, NULL)],
+		    [AC_MSG_RESULT(yes)
+		    cons_with_gssapi="YES"
+		    AC_DEFINE(HAVE_GSSAPI)
+		    have_gssapi=yes],
+		    [AC_MSG_RESULT(no)
+		    LIBS="$oLIBS -lgss"
+		    AC_MSG_CHECKING(for gssapi library -lgss)
+		    AC_TRY_LINK([#include <gssapi/gssapi.h>
+				 #include <stdio.h>
+			],[gss_create_empty_oid_set(NULL, NULL)],
+			[AC_MSG_RESULT(yes)
+			cons_with_gssapi="YES"
+			AC_DEFINE(HAVE_GSSAPI)
+			have_gssapi=yes],
+			[AC_MSG_RESULT(no)
+			LIBS="$oLIBS -lgssapi_krb5"
+			AC_MSG_CHECKING(for gssapi library -lgssapi_krb5)
+			AC_TRY_LINK([#include <gssapi/gssapi.h>
+			],[gss_create_empty_oid_set(NULL, NULL)],
+			[AC_MSG_RESULT(yes)
+			cons_with_gssapi="YES"
+			AC_DEFINE(HAVE_GSSAPI)
+			have_gssapi=yes],
+			[AC_MSG_RESULT(no)])])])])],)
+
+
+	if test $have_gssapi = no; then
+	    LIBS="$oLIBS"
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	else
+	    AC_MSG_CHECKING(whether to fallback to username without @REALM)
+	    AC_ARG_WITH(striprealm,
+		    AS_HELP_STRING([--with-striprealm],[retry username without @REALM with gss-api authentication]),
+		    [case "$withval" in
+			yes)
+			    AC_DEFINE(STRIP_REALM)
+			    AC_MSG_RESULT(yes)
+			    cons_strip_realm="YES"
+			    ;;
+			*)
+			    AC_MSG_RESULT(no)
+			    ;;
+		    esac],[AC_MSG_RESULT(no)])
+	fi
+    fi]
+)
+
+cons_with_freeipmi="NO"
+AC_ARG_WITH(freeipmi,
+    AS_HELP_STRING([--with-freeipmi@<:@=PATH@:>@],
+	[Compile in FreeIPMI support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    FREEIPMICPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		FREEIPMILDFLAGS="-L$withval/lib"
+	    else
+		FREEIPMILDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    FREEIPMICPPFLAGS=""
+	    FREEIPMILDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_freeipmi=no
+
+	CPPFLAGS="$CPPFLAGS $FREEIPMICPPFLAGS"
+	LDFLAGS="$LDFLAGS $FREEIPMILDFLAGS"
+
+	AC_CHECK_HEADER([ipmiconsole.h],
+	    [LIBS="$LIBS -lipmiconsole"
+	    AC_MSG_CHECKING(for freeipmi libraries -lipmiconsole)
+	    AC_TRY_LINK([#include <ipmiconsole.h>
+		],[ipmiconsole_ctx_fd(0)],
+		[AC_MSG_RESULT(yes)
+		cons_with_freeipmi="YES"
+		AC_DEFINE(HAVE_FREEIPMI)
+		CONSLIBS="$CONSLIBS -lipmiconsole"
+		have_freeipmi=yes],
+		[AC_MSG_RESULT(no)])],)
+
+	LIBS="$oLIBS"
+	if test $have_freeipmi = no; then
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	fi
+    fi]
+)
+
+cons_with_dmalloc="NO"
+AC_ARG_WITH(dmalloc,
+    AS_HELP_STRING([--with-dmalloc@<:@=PATH@:>@],
+	[Compile in dmalloc support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    DMALLOCCPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		DMALLOCLDFLAGS="-L$withval/lib"
+	    else
+		DMALLOCLDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    DMALLOCCPPFLAGS=""
+	    DMALLOCLDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_dmalloc=no
+
+	CPPFLAGS="$CPPFLAGS $DMALLOCCPPFLAGS"
+	LDFLAGS="$LDFLAGS $DMALLOCLDFLAGS"
+
+	AC_CHECK_HEADER([dmalloc.h],
+	    [LIBS="$LIBS -ldmalloc"
+	    AC_MSG_CHECKING(for dmalloc libraries -ldmalloc)
+	    AC_TRY_LINK([#include <dmalloc.h>
+		],[dmalloc_debug(0)],
+		[AC_MSG_RESULT(yes)
+		cons_with_dmalloc="YES"
+		AC_DEFINE(HAVE_DMALLOC)
+		have_dmalloc=yes],
+		[AC_MSG_RESULT(no)])],)
+
+	if test $have_dmalloc = no; then
+	    LIBS="$oLIBS"
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	fi
+    fi]
+)
+
+
+dnl ### Check for needed functions. ################################
+
+dnl dnl The following basically stollen from the less-358 distribution, but
+dnl dnl modified for my own purposes
+dnl AC_MSG_CHECKING(for POSIX regex)
+dnl AC_ARG_WITH(regex,
+dnl     AC_HELP_STRING([--with-regex],
+dnl 	[Use regular expressions in conserver.passwd]),
+dnl 	[if test "$withval" = yes; then
+dnl 	    AC_TRY_RUN([
+dnl 		#include <sys/types.h>
+dnl 		#include <regex.h>
+dnl 		main() { regex_t r; regmatch_t rm; char *text = "xabcy";
+dnl 		if (regcomp(&r, "abc", 0)) exit(1);
+dnl 		if (regexec(&r, text, 1, &rm, 0)) exit(1);
+dnl 		if (rm.rm_so != 1) exit(1); /* check for correct offset */
+dnl 		exit(0); }
+dnl 	    ],have_posix_regex=yes,have_posix_regex=no,have_posix_regex=unknown)
+dnl 	    if test $have_posix_regex = yes; then
+dnl 	      AC_MSG_RESULT(yes)
+dnl 	      AC_DEFINE(HAVE_POSIX_REGCOMP)
+dnl 	    elif test $have_posix_regex = unknown; then
+dnl 		AC_TRY_LINK([
+dnl 		    #include <sys/types.h>
+dnl 		    #include <regex.h>],
+dnl 		[regex_t *r; regfree(r);],
+dnl 		AC_MSG_RESULT(yes)
+dnl 		AC_DEFINE(HAVE_POSIX_REGCOMP))
+dnl 	    else
+dnl 	      AC_MSG_RESULT(no)
+dnl 	    fi
+dnl 	else
+dnl 	    AC_MSG_RESULT(no)
+dnl 	fi],[AC_MSG_RESULT(no)])
+
+cons_with_pam="NO"
+AC_MSG_CHECKING(for PAM support)
+AC_ARG_WITH(pam,
+    AS_HELP_STRING([--with-pam],
+	[Enable PAM support]),
+	[if test "$withval" = yes; then
+	    oLIBS="$LIBS"
+
+	    AC_CHECK_HEADER(security/pam_appl.h,
+		[LIBS="$LIBS -lpam"
+		AC_MSG_CHECKING(for PAM library -lpam)
+		AC_TRY_LINK_FUNC([pam_start],
+		    [AC_MSG_RESULT(yes)
+		    cons_with_pam="YES"
+		    AC_DEFINE(HAVE_PAM)
+		    CONSLIBS="$CONSLIBS -lpam"],
+		    [LIBS="$LIBS -ldl"
+		    AC_MSG_RESULT(no)
+		    AC_MSG_CHECKING(for PAM library -lpam with -ldl)
+		    AC_TRY_LINK_FUNC([pam_end],
+			[AC_MSG_RESULT(yes)
+			cons_with_pam="YES"
+			AC_DEFINE(HAVE_PAM)
+			CONSLIBS="$CONSLIBS -lpam -ldl"],
+			[AC_MSG_RESULT(no)])])],)
+
+	    LIBS="$oLIBS"
+	else
+	    AC_MSG_RESULT(no)
+	fi],[AC_MSG_RESULT(no)])
+
+cons_with_ipv6="NO"
+AC_MSG_CHECKING(whether to support IPv6)
+AC_ARG_WITH(ipv6,
+	AS_HELP_STRING([--with-ipv6],
+	    [(experimental) Use IPv6 for client/server communication]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(USE_IPV6)
+		AC_MSG_RESULT(yes)
+		cons_with_ipv6="YES"
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+
+dnl Checks for pty allocation...
+dnl According to the xemacs distribution:
+dnl   getpt()  is the preferred pty allocation method on glibc systems.
+dnl   _getpty() is the preferred pty allocation method on SGI systems.
+dnl   grantpt(), unlockpt(), ptsname() are defined by Unix98.
+dnl   openpty() is the preferred pty allocation method on BSD and Tru64 systems.
+dnl   openpty() might be declared in:
+dnl   - pty.h (Tru64 or Linux)
+dnl   - libutil.h (FreeBSD)
+dnl   - util.h (NetBSD)
+dnl Conserver doesn't support getpt() or _getpt() yet.
+AC_CHECK_HEADERS(pty.h libutil.h util.h)
+AC_CHECK_LIB(util, openpty)
+AC_CHECK_FUNCS(openpty)
+
+AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt sigaction setsockopt getdtablesize putenv memset memcpy memcmp memmove sysconf getlogin inet_aton setproctitle gettimeofday strlcpy closefrom nanosleep)
+AC_CHECK_FUNC(strcasecmp,
+	[AC_DEFINE(HAVE_STRCASECMP, 1, [Define if strcasecmp is available])],
+	[AC_CHECK_FUNC(stricmp,
+		[AC_DEFINE(HAVE_STRICMP, 1, [Define if stricmp is available])],
+		[AC_MSG_ERROR([strcasecmp or stricmp must be available])])])
+
+dnl    Checks for libbsm functions
+AC_CHECK_HEADERS(bsm/audit.h)
+AC_CHECK_LIB(bsm, getaudit)
+AC_CHECK_FUNCS(getaudit getaudit_addr)
+
+
+dnl ### Create output files. #######################################
+AC_CONFIG_FILES([Makefile conserver/Makefile conserver.cf/Makefile console/Makefile autologin/Makefile contrib/chat/Makefile])
+AC_CONFIG_FILES([conserver/conserver.rc], [chmod +x conserver/conserver.rc])
+AC_CONFIG_FILES([conserver.cf/conserver.cf.man conserver.cf/conserver.passwd.man conserver/conserver.man console/console.man])
+AC_OUTPUT
+
+[
+echo "=============================================================="
+echo "                      Feature Summary"
+echo ""
+echo "  Unix domain sockets (--with-uds)       : $cons_with_uds"
+echo "         TCP wrappers (--with-libwrap)   : $cons_with_libwrap"
+echo "              OpenSSL (--with-openssl)   : $cons_with_openssl"
+echo "              GSS-API (--with-gssapi)    : $cons_with_gssapi"
+echo "             FreeIPMI (--with-freeipmi)  : $cons_with_freeipmi"
+if [ $cons_with_gssapi = "YES" ]; then
+echo "         strip @REALM (--with-striprealm): $cons_strip_realm"
+fi
+echo "              dmalloc (--with-dmalloc)   : $cons_with_dmalloc"
+echo "          PAM support (--with-pam)       : $cons_with_pam"
+echo "         IPv6 support (--with-ipv6)      : $cons_with_ipv6"
+echo ""
+echo "=============================================================="
+]

conserver.cf/INSTALL

@@ -1,19 +1,7 @@
 The two files you need to set up are the conserver.cf and conserver.passwd
-files.  See the sample conserver.cf and conserver.passwd files
-for examples.  You can start with those and then modify extensively.
-The man page for conserver.cf should explain that file with enough detail
-to get you going.
-
-As for the conserver.passwd file, here are some instructions.  The file
-contains three fields seperated by colons: <username>:<passwd>:<hosts>.
-The <passwd> field should either be an encrypted password or the special
-string '*passwd*', which will cause the console server to do a getpwnam()
-call.  The <hosts> field can be a comma seperated list of console names
-(from conserver.cf) or the special string 'any'.  Access for the user
-is only granted to the hosts listed here (or all if 'any' is used).
+files.  See the sample conserver.cf and conserver.passwd files for examples
+(installed in <DATADIR>/examples/conserver).  You can start with those and
+then modify extensively.  The man page for conserver.cf and conserver.passwd
+should explain the files with enough detail to get you going.
 
 That's about it.  Good luck.
-
-#
-#  $Id: INSTALL,v 1.2 1999-08-24 13:45:00-07 bryan Exp $
-#

conserver.cf/INSTALL.old

@@ -1,26 +0,0 @@
-# $Id: INSTALL,v 4.1 91/06/19 14:20:54 ksb Exp $
-
-Prep:
-
- Start in the conserver directory.
-
- Now read conserver.cf.5l (if you have mk(1L) installed just mk it).
- Run:
-	$  tbl conserver.cf.5l |nroff -man |${PAGER-more}
-
- Now edit dummy.cf and follow the instructions there.
- [If you are just shopping stop here.]
-
- Now edit conserver.cf and put your real hosts in there.
-
- Edit the Makefile and change LIB.
-
-
-Compile:
-
- None.
-
-
-Install:
-
- Make install.

conserver.cf/Makefile

@@ -1,30 +0,0 @@
-#	$Id: Makefile,v 1.6 1999-04-12 21:29:57-07 bryan Exp $
-#
-#	Makefile for conserver.cf
-#
-
-PREFIX=/usr/local
-BIN=${PREFIX}/bin
-ETC=${PREFIX}/etc
-MAN=${PREFIX}/man
-MANSECT=4
-
-all: 
-
-clean: FRC
-	rm -f Makefile.bak *.tbl core errs lint.out tags
-
-depend:
-
-dirs:
-
-install:
-
-${MAN}/man${MANSECT}:
-	${INSTALL} -d $@
-
-install.man: ${MAN}/man${MANSECT}
-	tbl conserver.cf.man > conserver.cf.tbl
-	${INSTALL} -c conserver.cf.tbl ${MAN}/man${MANSECT}/conserver.cf.${MANSECT}
-
-FRC:

conserver.cf/Makefile.in

@@ -0,0 +1,34 @@
+### Path settings
+datarootdir = @datarootdir@
+srcdir = @srcdir@
+prefix = @prefix@
+mandir = @mandir@
+sysconfdir = @sysconfdir@
+datadir = @datadir@
+exampledir = $(datadir)/examples/conserver
+
+### Installation programs and flags
+INSTALL = @INSTALL@
+MKDIR = @MKDIR@
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+all:
+
+clean:
+	rm -f *~ *.o $(ALL) core
+
+distclean: clean
+	rm -f Makefile
+
+install:
+	$(MKDIR) $(DESTDIR)$(mandir)/man5
+	$(INSTALL) -m 0644 conserver.cf.man $(DESTDIR)$(mandir)/man5/conserver.cf.5
+	$(INSTALL) -m 0644 conserver.passwd.man $(DESTDIR)$(mandir)/man5/conserver.passwd.5
+	$(MKDIR) $(DESTDIR)$(exampledir)
+	$(INSTALL) -m 0644 conserver.cf $(DESTDIR)$(exampledir)
+	$(INSTALL) -m 0644 conserver.passwd $(DESTDIR)$(exampledir)
+
+.PHONY: clean distclean install

conserver.cf/README.old

@@ -1,16 +0,0 @@
-# $Id: README,v 4.1 91/06/19 14:21:06 ksb Exp $
-
-This configuration file has been extended from the Ohio State version.  We
-allow parity and baud to be set, as well as more than one console server
-machine to be in play at a time.  We have too many console servers to use
-just a single Sun3... :-).
-
-
-We also allow another section for trusted hosts.  We allow our operators root
-access by physical access to a workstation.
-
-
---
-"So I try to say `Goodbye, my friend.'
- I'd like to leave you with something more..."
-kayessbee, Kevin Braunsdorf, ksb@cc.purdue.edu, pur-ee!ksb, purdue!ksb

conserver.cf/conserver.cf

@@ -1,26 +1,114 @@
 #
-# $Id: conserver.cf,v 1.3 1999-01-25 14:38:19-08 bryan Exp $
+# Sample conserver.cf file, to give you ideas of what you can do with
+# the various configuration items.
 #
-# The character '&' in logfile names are substituted with the console
-# name.  Any logfile name that doesn't begin with a '/' has LOGDIR
-# prepended to it.  So, most consoles will just have a '&' as the logfile
-# name which causes /var/consoles/<consolename> to be used.
-#
-LOGDIR=/var/consoles
-#
-# list of consoles we serve
-#    name : tty[@host] : baud[parity] : logfile : mark-interval[m|h|d]
-#    name : !host : port : logfile : mark-interval[m|h|d]
-#    name : |command : : logfile : mark-interval[m|h|d]
-#
-tweety:!ts1:2002:&:
-bambam:!ts1:2003:&:
-shell:|::/dev/null:
-telnet:|telnet host::/dev/null:
-ttya:/dev/ttya:9600p:&:
-%%
-#
-# list of clients we allow
-# {trusted|allowed|rejected} : machines
-#
-allowed: 127.0.0.1 gnac.com
+
+### set up global access
+default full	{ rw *; }
+
+### define some terminal server specifics
+# we set portbase and portinc so we can reference the ports in a
+# physical representation and let conserver do the math to figure
+# out the actual socket address
+default cisco	{ type host; portbase 2000; portinc 1; }
+default xyplex	{ type host; portbase 2000; portinc 100; }
+default iolan	{ type host; portbase 10000; portinc 1; }
+
+### set up some custom break sequences
+break 4 { string "+\d+\d+"; delay 300; }
+break 5 { string "\033c"; }
+
+### set the defaults for all the consoles
+# these get applied before anything else
+default * {
+	# The '&' character is substituted with the console name
+	logfile /var/consoles/&;
+	# timestamps every hour with activity and break logging
+	timestamp 1hab;
+	# include the 'full' default
+	include full;
+	# master server is localhost
+	master localhost;
+}
+
+### define the first terminal server
+default ts1.conserver.com {
+	# use the xyplex defaults
+	include xyplex;
+	# host to connect to is ts1.conserver.com
+	host ts1.conserver.com;
+	# run login-xyplex when connecting to the term server
+	initcmd /usr/local/sbin/login-xyplex;
+}
+
+# now define the consoles on ts1.conserver.com
+# bryan isn't allowed on web1.conserver.com
+console web1.conserver.com { include ts1.conserver.com; port 2; rw !bryan; }
+console ns1.conserver.com { include ts1.conserver.com; port 10; }
+console ns2.conserver.com { include ts1.conserver.com; port 8; }
+
+### define the second terminal server
+# this one is a cisco, with simple socket connections
+default ts2.conserver.com { include cisco; host ts2.conserver.com; }
+
+# and the consoles on ts2.conserver.com
+console ldap1.conserver.com { include ts2.conserver.com; port 7; }
+
+### and now some one-off consoles
+# we still inherit the '*' default set
+# a simple ssh invocation
+console ssh {
+	type exec;
+	exec ssh localhost;
+	# provide a 'message-of-the-day'
+	motd "just a simple ssh to localhost";
+}
+
+# connect to /dev/ttya
+console ttya {
+	type device;
+	device /dev/ttya; parity none; baud 9600;
+	idlestring "#";
+	idletimeout 5m;		# send a '#' every 5 minutes of idle
+	timestamp "";		# no timestamps on this console
+}
+
+### define a group of users
+group sysadmin {
+    users bryan, todd;
+    users dave;
+}
+
+### reset the defaults for the next set of consoles
+# again, these get applied before anything else
+default * {
+	# The '&' character is substituted with the console name
+	logfile /var/consoles/&;
+	timestamp 5m;
+	rw sysadmin;  # use the group defined above
+	master localhost;
+}
+
+default cyclades {
+	# sets up /dev/ttyC0 through /dev/ttyC31, for a 32 port card
+	# referenced as ports 1 through 32
+	type device;
+	device /dev/ttyC.;
+	devicesubst .=Pd;
+	portbase -1;
+	portinc 1;
+	host none; # not really used, since devicesubst doesn't use it
+	baud 9600;
+	parity none;
+}
+
+console modem1.conserver.com { include cyclades; port 2; break 4; }
+# todd isn't allowed on modem2.conserver.com
+console modem2.conserver.com { include cyclades; port 6; rw !todd; }
+
+### list of clients we allow
+access * {
+	allowed 10.0.0.0/8 192.168.0.0/16;
+	allowed cs1.conserver.com cs2.conserver.com cs3.conserver.com;
+	trusted 127.0.0.1;
+}

conserver.cf/conserver.cf.man

@@ -1,132 +0,0 @@
-.\" $Id: conserver.cf.man,v 1.6 2000-12-11 17:49:08-08 bryan Exp $
-.\" @(#)constab.5 01/06/91 OSU CIS; Thomas A. Fine
-.TH CONSERVER.CF 4 "Local"
-.SH NAME
-conserver.cf \- table of server console terminals used by conserver(8L)
-.SH SYNOPSIS
-.br
-LOGDIR=\fIlogdirectory\fP
-.br
-\fIserver\fP:\fIdevice\fP[@\fIconserver\fP]:\fIbaud\fP:\fIlogfile\fP:\fImark-interval\fP[\fIm|h|d\fP]
-.br
-\fIserver\fP:!\fIhost\fP[@\fIconserver\fP]:\fIport\fP:\fIlogfile\fP:\fImark-interval\fP[\fIm|h|d\fP]
-.br
-\fIserver\fP:|\fIcommand\fP[@\fIconserver\fP]::\fIlogfile\fP:\fImark-interval\fP[\fIm|h|d\fP]
-.br
-\fB%%\fP
-.br
-\fIaccess\fP: \fIhosts\fP
-.SH DESCRIPTION
-.B Conserver.cf
-is the configuration file for
-.IR conserver (8L).
-All lines starting with the pound sign `#' are considered comment lines.
-Blank lines are ignored.
-.PP
-The first section of the file has lines that are separated into
-six colon-separated fields:
-.PP
-\fIserver\fP name - this doesn't have to be the name of the server;
-it is used to refer to the server when using the console program.
-.PP
-\fIdevice\fP file name - the full path name of the device for this server.
-The \fIbaud\fP rate is the speed and parity for this console.
-Speed may be given as an integer,
-parity only requires the first letter of any of: even, odd, mark, space.
-For no parity, use the character 'p'.
-.PP
-!\fIhost\fP - the hostname of the server to connect to.
-A socket connection will be made to port \fIport\fP (an integer).
-.PP
-|\fIcommand\fP - the command to invoke on the console server.
-.PP
-\fIdevice\fP, !\fIhost\fP, and |\fIcommand\fP may contain a remote
-console server name (ex. \fIhost\fP@\fIconserver\fP) in which case
-the conserver will send connections for this server to \fIconserver\fP.
-.PP
-\fIlogfile\fP - the full path name of file where all output from
-this server is logged.  Any occurance of `&' will be replaced with
-the \fIserver\fP name.  Any path that doesn't begin with a `/' will
-have \fIlogdirectory\fP (value of LOGDIR) prepended to it.
-.PP
-\fImark-interval\fP[\fIm|h|d\fP] - specifies the time between
-timestamps applied to the console log file.  The timestamps look like
-`[-- MARK -- Mon Jan 25 14:46:56 PST 1999]'.
-.PP
-This section is terminated with a `%%' token on a line by itself.
-.PP
-The next section of the file contains a list of hosts and addresses
-which are allowed to connect to the console server.  Three levels
-of access all allowed, ``trust'', ``allow'',
-and ``refuse''.
-The access modifier is followed by a colon and a list of addresses or
-host names.
-Any complete suffix of a host name my be used to allow access for all hosts
-in that subdomain.
-For example `cc.purdue.edu' will allow `mentor.cc.purdue.edu'
-and `mace.cc.purdue.edu', but not `pucc.purdue.edu' or `hack.purdue.edu'.
-For IP addresses, optional netmasks may be specified.  For example `192.168.1.0'
-will allow the class C space of 192.168.1.0.  `192.168.1.0/25' will only allow
-only the lower half of that same address space (192.168.1.0 thru 192.168.1.127).
-.SH EXAMPLE
-# server:path:baud:/usr/adm/logfile:mark
-.br
-LOGDIR=/tmp
-.br
-#
-.br
-# This logs to /tmp/treelog...
-.br
-tree:/dev/ttyj0:9600e:&log:
-.br
-#
-.br
-# This logs to /tmp/fishlog...
-.br
-fish:/dev/ttyj1:4800e:fishlog:
-.br
-#
-.br
-# Now we're defaulting to /var/tmp for logfiles...
-.br
-LOGDIR=/var/tmp
-.br
-#
-.br
-# So, this is /var/tmp/birdlog
-.br
-bird:/dev/ttyj2:4800m:&log:
-.br
-#
-.br
-# And this is /var/tmp/solarlog...
-.br
-solar:|telnet solar::solarlog:
-.br
-#
-.br
-# Now things are all in /var/consoles/<console name>
-.br
-LOGDIR=/var/consoles
-.br
-shell:|::&:
-.br
-#
-.br
-# This opens a connection to port 2003 of ts1...
-.br
-tribe:!ts1:2003:&:
-.br
-reptile:!ts1:2004:&:
-.br
-mentor:/dev/ttyh0@extra.cc.purdue.edu:2400e:&:
-.br
-%%
-.br
-# access restrictions
-.br
-trusted: console.cc.purdue.edu 128.210.7.90
-.br
-allow: cc.purdue.edu stat.cc.purdue.edu
-.SH "SEE ALSO"
-console(1L), conserver(8L)

conserver.cf/conserver.passwd

@@ -1,3 +1,3 @@
-bryan:td1AgneGE3RsU:any
-djs:*passwd*:any
-todd:*passwd*:server1
+bryan:td1AgneGE3RsU
+djs:*passwd*
+todd:*passwd*

conserver.cf/conserver.passwd.man.in

@@ -0,0 +1,93 @@
+.TH CONSERVER.PASSWD 5 "@CONSERVER_DATE@" "conserver-@CONSERVER_VERSION@" "conserver"
+.SH NAME
+conserver.passwd \- user access information for
+.BR conserver (8)
+.SH SYNOPSIS
+.IB username : password
+.SH DESCRIPTION
+The
+.B conserver.passwd
+file is the user authentication and authorization file for
+.BR conserver (8).
+Upon each incoming client connection,
+.B conserver
+opens and reads the
+.B conserver.passwd
+file, so edits to the file take effect immediately.
+It reads only until the first
+.I username
+match.
+.PP
+Blank lines and comment lines (those beginning with a ``#'' and
+optional leading whitespace) are ignored.
+Non-ignored lines beginning with whitespace are considered
+continuations of the previous line.
+This allows you to span one logical line over
+many physical lines and insert comments wherever appropriate.
+.PP
+Each logical line consists of two colon-separated fields.
+Leading and trailing white space in each field is ignored.
+.TP
+.I username
+the login name of the authorized user,
+or the string
+.RB `` *any* ''
+to match any user.
+This is compared against the name sent by the
+.B console
+client, based either on the user's identity or on the
+.B \-l option.
+Since
+.B conserver
+only uses the first
+.I username
+match, a
+.RB `` *any* ''
+entry will apply to any user
+without an entry earlier in the file.
+.TP
+.I password
+the encrypted password,
+or the string
+.RB `` *passwd* ''
+to indicate that
+.B conserver
+should look up the user's password
+in the system
+.BR passwd " (or " shadow ") database."
+If PAM support has been enabled
+.RB ( --with-pam ),
+PAM lookups will be done instead of
+.BR passwd " (or " shadow ") lookups"
+(you may need to edit /etc/pam.conf or create /etc/pam.d/conserver).
+If this field is empty, password checking is bypassed for this user.
+.SH EXAMPLE
+.TP 24
+.B mary:r71mXjfALB5Ak
+Mary uses the password specified above;
+it does not matter whether she has a login on the conserver host.
+.TP
+.B fred:*passwd*
+Fred may connect only with his regular login password on the conserver host.
+.TP
+.B bozo:*
+Bozo is only allowed to access a console if his password isn't used (since
+it's invalid) which means he needs to come from a
+.B trusted
+host.
+.TP
+.B *any*:*passwd*
+Anyone not listed above uses their regular login and password.
+.SH "SEE ALSO"
+.BR console (1),
+.BR conserver.cf (5),
+.BR conserver (8)
+.SH BUGS
+.PP
+There is currently no way provided by the conserver package
+to generate the encrypted password strings
+besides copying them from the system
+.B passwd
+database or running
+.BR crypt (3)
+via C or perl or some other language that supports it.

conserver.cf/label.ps

@@ -1,5 +1,4 @@
 %!PS-Adobe-2.0 EPSF-1.2
-%%$Id: label.ps,v 1.8 94/01/21 09:37:42 ksb Exp $
 %%Title: RJ-11
 %%Creator: A Braunsdorf
 %%CreationDate: 

conserver.cf/samples/README

@@ -0,0 +1,21 @@
+I put together the sample configuration files in this directory in hopes
+that it would help folks see some of the possibilities of the
+configuration file format.  Each of the files are syntatically correct,
+but have never actually been used.
+
+Each file is basically built upon the previous...theoretically, if not
+actually.  Hopefully they'll help show some of the cool things you can
+do with the configuration file and help those trying to figure out how
+they should even start.
+
+    simple.cf - A very simple, one console config file
+
+    basic.cf - A config with a couple consoles, mostly using defaults
+
+    average.cf - A config for many consoles, using breaks, user lists,
+		 etc...bascially customizing each area
+
+    average-distributed.cf - Taking average.cf to multiple conserver
+			     hosts with overrides on those hosts
+
+Bryan Stansell

conserver.cf/samples/average-distributed.cf

@@ -0,0 +1,109 @@
+#
+# I took the average.cf file and expanded it to use a distributed
+# conserver setup...two conserver hosts (conserver1 and conserver2), but
+# the basic philosophy would hold for many more console and/or conserver
+# hosts.
+#
+
+# ------ define a user group ------
+group sysadmin {
+    users bryan, todd, dave;
+}
+# helpers is everyone but the sysadmin group
+group helpers {
+    users *, !sysadmin;
+}
+
+
+# ------ make sure breaks are the way we want --------
+break 1 { string "\z"; }
+break 2 { string "\r\d~\d^b"; delay 600; }
+break 3 { string "#."; }
+
+
+# ----- define some console types ------
+# yeah, just setting a break doesn't quite seem worth it, but perhaps,
+# some day, there will be more host-specific stuff.
+default sun-std { break 1; }
+default sun-alt { break 2; }
+default sun-lom { break 3; }
+
+
+# ------ defaults ------
+# we set a 'global' default so we can reuse the bits below.  we're going
+# to set the '*' default, then define consoles, reset the '*' default,
+# define more consoles, etc.
+default global {
+	logfile /var/consoles/&;	# '&' is replaced with console name
+	timestamp 1hab;			# write timestamps
+	rw sysadmin;			# allow sysadmins full access
+	ro helpers;			# allow helpers to watch
+	include sun-std;
+}
+
+
+# --------- define our terminal attributes ----------
+# simple tcp connections are "easy"
+default cisco { type host; portbase 2000; portinc 1; }
+default xyplex  { type host; portbase 2000; portinc 100; }
+
+# this is a cyclades card referenced with /dev/ttyC0 through /dev/ttyC31
+# (referenced as ports 1 through 32 in conserver.cf)
+# we set the various port calculation bits and pattern substitution to
+# come up with a generic definition
+default cyclades { type device; device /dev/ttyC&; baud 9600; parity none;
+		   devicesubst &=Pd; portbase -1; portinc 1; host unused; }
+
+## this is a term server accessed with an ssh command
+# it too uses pattern substitution and such to get the job done
+default ciscossh { type exec; portbase 2000; portinc 1;
+		   exec /usr/local/bin/ssh -p P -l tsuser H;
+		   execsubst H=hs,P=Pd; }
+
+
+# ------- set the global default for the first conserver host -------
+# the consoles below (until the default is reset) are managed
+# by conserver1.conserver.com
+default * { include global; master conserver1.conserver.com; }
+
+# ------- define the consoles on ts1.conserver.com --------
+default ts1.conserver.com { include cisco; host ts1.conserver.com; }
+console web1.conserver.com { include ts1.conserver.com; port 2; }
+console ns1.conserver.com { include ts1.conserver.com; port 10; }
+
+# ------- define the consoles on ts2.conserver.com --------
+default ts2.conserver.com { include xyplex; host ts2.conserver.com; }
+console web2.conserver.com { include ts2.conserver.com; port 4; }
+console ns2.conserver.com { include ts2.conserver.com; port 22; }
+
+# ------- set the global default for the second conserver host -------
+# the following consoles are managed by conserver2.conserver.com
+default * { include global; master conserver2.conserver.com; }
+
+# ------- define the consoles on ts3.conserver.com --------
+default ts3.conserver.com { include ciscossh; host ts3.conserver.com; }
+console ftp1.conserver.com { include ts3.conserver.com; include sun-lom;
+			     port 7; }
+
+# ------- set up the an access list to avoid the default -------
+# anything *not* matched here will fallback to the default access mode
+access * {
+	trusted 127.0.0.1;
+	allowed 10.0.0.0/8;
+}
+
+# conserver2 has an extra leg that is trusted
+access conserver2.conserver.com { trusted 192.168.0.0/16; }
+
+# ------- do some server configuration ---------
+# both conserver1.conserver.com and conserver2.conserver.com use the same
+# set of defaults
+config * {
+	defaultaccess rejected;
+	daemonmode on;
+	logfile /var/log/conserver;
+}
+
+# we're going to set the default access on conserver2 to allowed, because
+# it's in a higher-trust network
+config conserver2.conserver.com { defaultaccess allowed; }

conserver.cf/samples/average.cf

@@ -0,0 +1,91 @@
+#
+# This would be what i'd expect a more common configuration file would
+# look like.  There are consoles attached to multiple devices, simple
+# access lists, etc.
+#
+
+# ------ define a user group ------
+group sysadmin {
+    users bryan, todd, dave;
+}
+# helpers is everyone but the sysadmin group
+group helpers {
+    users *, !sysadmin;
+}
+
+
+# ------ make sure breaks are the way we want --------
+break 1 { string "\z"; }
+break 2 { string "\r\d~\d^b"; delay 600; }
+break 3 { string "#."; }
+
+
+# ----- define some console types ------
+# yeah, just setting a break doesn't quite seem worth it, but perhaps,
+# some day, there will be more host-specific stuff.
+default sun-std { break 1; }
+default sun-alt { break 2; }
+default sun-lom { break 3; }
+
+
+# ------ defaults ------
+# now for some generic console defaults so that we don't have to
+# duplicate them for each console.
+default * {
+	logfile /var/consoles/&;	# '&' is replaced with console name
+	timestamp 1hab;			# write timestamps
+	rw sysadmin;			# allow sysadmins full access
+	ro helpers;			# allow helpers to watch
+	master localhost;
+	include sun-std;
+}
+
+
+# --------- define our terminal attributes ----------
+# simple tcp connections are "easy"
+default cisco { type host; portbase 2000; portinc 1; }
+default xyplex  { type host; portbase 2000; portinc 100; }
+
+# this is a cyclades card referenced with /dev/ttyC0 through /dev/ttyC31
+# (referenced as ports 1 through 32 in conserver.cf)
+# we set the various port calculation bits and pattern substitution to
+# come up with a generic definition
+default cyclades { type device; device /dev/ttyC&; baud 9600; parity none;
+		   devicesubst &=Pd; portbase -1; portinc 1; host unused; }
+
+## this is a term server accessed with an ssh command
+# it too uses pattern substitution and such to get the job done
+default ciscossh { type exec; portbase 2000; portinc 1;
+		   exec /usr/local/bin/ssh -p P -l tsuser H;
+		   execsubst H=hs,P=Pd; }
+
+
+# ------- define the consoles on ts1.conserver.com --------
+default ts1.conserver.com { include cisco; host ts1.conserver.com; }
+console web1.conserver.com { include ts1.conserver.com; port 2; }
+console ns1.conserver.com { include ts1.conserver.com; port 10; }
+
+# ------- define the consoles on ts2.conserver.com --------
+default ts2.conserver.com { include xyplex; host ts2.conserver.com; }
+console web2.conserver.com { include ts2.conserver.com; port 4; }
+console ns2.conserver.com { include ts2.conserver.com; port 22; }
+
+# ------- define the consoles on ts3.conserver.com --------
+default ts3.conserver.com { include ciscossh; host ts3.conserver.com; }
+console ftp1.conserver.com { include ts3.conserver.com; include sun-lom;
+			     port 7; }
+
+
+# ------- set up the an access list to avoid the default -------
+# anything *not* matched here will fallback to the default access mode
+access * {
+	trusted 127.0.0.1;
+	allowed 10.0.0.0/8;
+}
+
+# ------- do some server configuration ---------
+config * {
+	defaultaccess rejected;
+	daemonmode on;
+	logfile /var/log/conserver;
+}

conserver.cf/samples/basic.cf

@@ -0,0 +1,28 @@
+#
+# This is a fairly basic configuration file that interacts with one
+# terminal server.
+#
+
+# first, we're going to set some generic console defaults so that we
+# don't have to duplicate them for each console.
+default * {
+	logfile /var/consoles/&;	# '&' is replaced with console name
+	timestamp 1hab;			# write timestamps
+	rw *;				# allow all users
+	master localhost;
+	type host;
+	host ts1.conserver.com;		# consoles on ts1.conserver.co
+	portbase 2000;			# port numbers start at 2001 and
+	portinc 1;			# go up by 1 (port #1 == 2001, etc)
+}
+
+# define two consoles on the terminal server
+console web1.conserver.com { port 2; }	# calculates to tcp port 2002
+console ns1.conserver.com { port 10; }	# calculates to tcp port 2010
+
+# set up the an access list to avoid the default
+# anything *not* matched here will fallback to the default access (-a)
+# mode
+access * {
+	trusted 127.0.0.1;
+}

conserver.cf/samples/simple.cf

@@ -0,0 +1,11 @@
+#
+# I believe this is the smallest configuration file that is also fully
+# functional.  You have to be happy with the default access type (-a)
+# as well as the default access list that gets used.
+# 
+
+console simple {
+    master localhost;
+    type exec;
+    rw *;
+}

conserver.cf/test.cf

@@ -1,26 +1,43 @@
 # dummy conserver config file
 #
-# $Id: dummy.cf,v 4.3 92/07/27 12:23:59 ksb Exp $
-#
-# 1. change the `/dev/ttya' to any tty device you can put a serial device on
-#    that you could talk to with kermit/cu.  Put in the baud rate and parity.
-#
-# 2. change the `cc.purdue.edu' to your local domain.
-#
-# 3. !! do not leave this up, as it can give local users a root shell (login)
-#    !! for extended testing change the `|' to `|su - tst' where tst is a
-#    !! vanilla test acount, or comment out the `login' console.
-#
+default full {
+	rw *;
+}
+default * {
+	logfile /tmp/&;
+	timestamp "";
+	include full;
+}
+break 5 {
+	string "\rtest\r";
+}
 # list of consoles we serve
-# name : tty[@host] : baud[parity] : device : group
-DOMAINHACK=
-LOGDIR=/tmp
-shell:|:9600p:&:
-#ts6-10:!ts6:10010:&:
-#ts6-11:!ts6:10011:&:
-#ts6-12:!ts6:10012:&:
-#ts6-13:!ts6:10013:&:
-%%
+console shell {
+	master localhost;
+	timestamp 5;
+	type exec;
+	exec "";
+}
+console bash {
+	master localhost;
+	timestamp 2;
+	type exec;
+	exec /usr/local/bin/bash;
+}
+console web {
+	master localhost;
+	type host;
+	host www.conserver.com;
+	port 80;
+}
+console b {
+	master localhost;
+	type device;
+	device /dev/ttyb;
+	baud 9600;
+	parity none;
+}
 # list of clients we allow
-# type machines
-trusted: 127.0.0.1
+access * {
+	trusted 127.0.0.1;
+}

conserver/INSTALL.old

@@ -1,114 +0,0 @@
-# $Id: INSTALL,v 4.4 94/07/19 14:48:29 ksb Exp $
-#
-# lpr this file, you need to read it with other stuff on the screen.
-#
-
-Basic installation:
-
- First off, this stuff isn't guaranteed to work, or compile or anything.
- Second, the Makefile doesn't even really do that much, because most people
- with large networks don't have very normal configurations (that's a lot like
- an excuse :-).  Third, I assume you have the hardware set up done, and don't
- need any help there (just use normal serial lines, or see Sun-serial).
-
- With that out of the way, let's get started.
-
-
-Prep:
-
- If you are a serious kinda guy you will want to add the console service to
- /etc/services, here is the line we use:
-	console		782/tcp		conserver	# console server
-
- Otherwise you'll have to hard code a PORT in cons.h (there are a comments
- at the apropos points.
-
- If you do not have the PUCC ptyd daemon (and I'll bet you don't) you have
- to edit the Makefile, look at the block that sets HAVE_PTYD.
-
- Later, on the console server you will have to add a line to /etc/rc.local,
- or an atboot/cronboot job to start the console server
-	nice --4 /usr/local/etc/conserver >/dev/console 2>&1 </dev/null &
-
- [we run it from roots .profile on an auto-login port.]
-
-
-Compiling:
-
- Save a copy of cons.h and edit the one in this directory to your desires.
- It should be self-explanatory.
-
- Edit Makefile, setting BIN and PROG.
-
- Type "make".  This compiles the server.  If you fail on `XTABS' in
- group.c either change XTABS to TAB3 or #if 0 the block.  I've not
- had time to track this down.
-
- cd ../conserver.cf and follow the INSTALL there.  (Then come back here.)
-
- cd ../console and follow INSTALL there.  (Then come back here.)
-
- If you changed from using /usr/local/{bin,etc} you may want to change the
- "FILES" section in the man page "conserver.8L".
-
- If everything went well, type "make install" in each directory.  You will
- probably need to run this as root, depending on where you're putting stuff.
-
- This only installs things on the local machine (unless you have a kinky
- system configuration).  You will have to distribute at least the client
- program to your other machines.  {Compile on unlike CPU types, of course.}
-
-
-How did we do?
-
- Now run:
-	conserver -V
-
- You should get something like:
-	conserver: $Id: INSTALL,v 4.4 94/07/19 14:48:29 ksb Exp $
-	conserver: default access type `r'
-	conserver: default escape sequence `\005\143'
-	conserver: configuration in `/usr/local/lib/conserver.cf'
-	conserver: limited to 20 groups with 10 members
-	conserver: service name `conserver'
-
-Testing the console server:
-
- To test it (us the dummy config you build in ../conserver.cf) run
-	# conserver -C ../conserve.cf/dummy.cf -v &
-
- You should get an output that looks like:
-	conserver: 1: dumb is on /dev/ttya (9600e) logged to /tmp/dummy.log
-	conserver: group 1 on port 1270
-	conserver: access type 't' for "127.0.0.1"
-	conserver: access type 'a' for "cc.purdue.edu"
-	
- In another login window (or this one, I guess)
-	$ console -vA dumb
- You should get an output like this:
-	console: attach to dumb (on localhost)
-	conserver: dumb: login root@nostromo.cc.purdue.edu
-	Enter `^Ec?' for help.
-	[ok, attached]
-	[replay]
-
- You can type to your device now, and it should answer you.  Use
- ^Ec? for help and ^Ec. to hangup on it.
-
-
-If that worked...
-
- You can check over the real conserver.cf and start a real console server.
- You are set.
-
-
-Details/limits/bugs:
-
- The log files grow without bound.  Move the log files to OLD (with PUCC
- install) and HUP the conserver process to get him to re-open the log files.
- Here is the install cmd we use:
-	install -cq /dev/null /usr/adm/his.console
-
- You might wanna start stamper with the console server, but it doesn't
- re-open log files -- some later version of the console server will assume
- stampers job.

conserver/Makefile

@@ -1,71 +0,0 @@
-#	$Id: Makefile,v 1.12 1999-02-02 17:02:25-08 bryan Exp $
-#
-#	Makefile for console server
-#
-
-PROG=conserver
-PREFIX=/usr/local
-BIN=${PREFIX}/bin
-ETC=${PREFIX}/etc
-MAN=${PREFIX}/man
-MANSECT=8
-
-CFLAGS= ${DEBUG} ${CDEFS} ${INCLUDE}
-
-HDR=	cons.h \
-	access.h client.h consent.h group.h main.h master.h \
-	readcfg.h
-SRC=	access.c client.c consent.c group.c main.c master.c \
-	readcfg.c fallback.c
-OBJ=	access.o client.o consent.o group.o main.o master.o \
-	readcfg.o fallback.o
-INIT=	conserver.rc
-
-all: ${PROG}
-
-${PROG}: ${OBJ}
-	${CC} -o $@ ${CFLAGS} ${OBJ} ${LIBS}
-
-clean: FRC
-	rm -f Makefile.bak ${PROG} *.tbl a.out *.o core errs lint.out tags
-
-depend: ${HDR} ${SRC} FRC
-	makedepend ${CDEFS} ${INCLUDE} ${SRC}
-
-dirs: ${BIN} ${ETC}
-
-install: all dirs ${INIT} FRC
-	${INSTALL} -cs ${PROG} ${BIN}/${PROG}
-	${INSTALL} -c ${INIT} ${ETC}/${INIT}
-
-${MAN}/man${MANSECT}:
-	${INSTALL} -d $@
-
-install.man: ${MAN}/man${MANSECT}
-	tbl conserver.man > conserver.tbl
-	${INSTALL} -c conserver.tbl ${MAN}/man${MANSECT}/conserver.${MANSECT}
-
-lint: ${HDR} ${SRC} FRC
-	lint -h ${CDEFS} ${INCLUDE} ${SRC}
-
-tags: ${HDR} ${SRC}
-	ctags -t ${HDR} ${SRC}
-
-/ ${BIN} ${ETC}:
-	${INSTALL} -d $@
-
-FRC:
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-access.o: cons.h port.h access.h consent.h client.h group.h readcfg.h main.h
-client.o: cons.h port.h consent.h client.h
-consent.o: cons.h port.h consent.h client.h main.h
-fallback.o: cons.h port.h
-group.o: cons.h port.h consent.h client.h access.h group.h version.h main.h
-main.o: cons.h port.h consent.h client.h group.h master.h access.h readcfg.h
-main.o: version.h
-master.o: cons.h port.h consent.h client.h group.h access.h master.h
-master.o: readcfg.h version.h main.h
-readcfg.o: cons.h port.h consent.h client.h group.h access.h readcfg.h
-readcfg.o: master.h main.h

conserver/Makefile.in

@@ -0,0 +1,73 @@
+### Path settings
+datarootdir = @datarootdir@
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+sbindir = @sbindir@
+sysconfdir = @sysconfdir@
+mandir = @mandir@
+datadir = @datadir@
+libdir = @libdir@
+pkglibdir = $(libdir)/conserver
+exampledir = $(datadir)/examples/conserver
+
+### Installation programs and flags
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
+LN_S = @LN_S@
+MKDIR = @MKDIR@
+
+### Compiler and link options
+CC	= @CC@
+CFLAGS	= @CFLAGS@
+DEFS	= @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)\"
+CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@ @CONSCPPFLAGS@
+LDFLAGS	= @LDFLAGS@ @CONSLDFLAGS@
+LIBS	= @LIBS@ @CONSLIBS@
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+CONSERVER_OBJS = access.o client.o consent.o group.o main.o master.o \
+		 readcfg.o fallback.o cutil.o
+CONSERVER_HDRS = ../config.h $(top_srcdir)/compat.h $(srcdir)/access.h \
+		 $(srcdir)/client.h $(srcdir)/consent.h $(srcdir)/cutil.h \
+		 $(srcdir)/group.h $(srcdir)/main.h $(srcdir)/master.h \
+		 $(srcdir)/readcfg.h $(srcdir)/version.h
+
+ALL = conserver convert
+
+
+all: $(ALL)
+
+$(CONSERVER_OBJS): $(CONSERVER_HDRS)
+
+conserver: $(CONSERVER_OBJS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o conserver $(CONSERVER_OBJS) $(LIBS)
+
+convert: convert.o cutil.o
+	$(CC) $(CFLAGS) $(LDFLAGS) -o convert convert.o cutil.o $(LIBS)
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+
+clean:
+	rm -f *~ *.o $(ALL) core
+
+distclean: clean
+	rm -f Makefile conserver.rc
+
+install: conserver
+	$(MKDIR) $(DESTDIR)$(sbindir)
+	$(INSTALL_PROGRAM) conserver $(DESTDIR)$(sbindir)
+	$(MKDIR) $(DESTDIR)$(mandir)/man8
+	$(INSTALL) -m 0644 conserver.man $(DESTDIR)$(mandir)/man8/conserver.8
+	$(MKDIR) $(DESTDIR)$(exampledir)
+	$(INSTALL) conserver.rc $(DESTDIR)$(exampledir)
+	$(MKDIR) $(DESTDIR)$(pkglibdir)
+	$(INSTALL) convert $(DESTDIR)$(pkglibdir)/convert
+
+.PHONY: clean distclean install

conserver/README.old

@@ -1,73 +0,0 @@
-# $Id: README,v 4.1 91/06/19 15:23:03 ksb Exp $
-#
-
-The general idea...
-
- The idea is you have a big network.  You have several machines whose consoles
- you want to access remotely.  You connect the console lines of these machines
- to serial ports on another machine, which runs the server half of this
- software.  Then you can use the client program to get at the consoles from
- anywhere in the network.  It also provides log file of the consoles and
- an operator stream.
-
-
-Who will help me?
-
- Send questions, comments, and bug reports to:
-	ksb@cc.purdue.edu  (Kevin S Braunsdorf)
-	fine@cis.ohio-state.edu (Tom Fine)
-
-Permissions needed to run this?
-
- The console server does not need to be run as root.  As long as it
- has permission to write to all the log files, any id will be fine.
- Keep in mind, though, that log files occasionally end up with
- sensitive data in them (like root passwords when people don't watch
- for the pasword prompt).
-
-
-Console server process management.
-
- The conserver (usually) ends up running several process: one master and
- several children.  Each of the children is responsible for some of the
- consoles.  Occasionally, we've had problems with one of the children becoming
- "stuck" in one sense or another.  To make dealing with this easier here
- is the plan:
-
- 1.  If you need to restart everything, run
-	console -q
-     which will terminate the console server on all master hosts.
-
- 2.  If you need to restart on one host, killing the master process (on
-     that host) with a SIGTERM (the default for kill) will tell the master
-     process to kill everything (including itself).
-
- 3.  If any child dies, the master process will start another one to replace
-     it.  So if you have a process which is "stuck" it is easy to restart.
-     {Send it a TERM and let conserver respawn it.}
-
- 4.  If a console is spewing trash use the down (`d') command to make the
-     server ignore it.  Use the reopen (`o') command to restore it to
-     working order.
-
- 5.  If all else fails get a real tty on a cart and push it to the poor
-     machine :-).  [Keep one handy -- we don't claim this software is
-     any better than any other *FREE* product.]
-
-
-Log file time stamping
-
- We use a simple script like stamper.sh, which we start from rc.local, to
- time-stamp the files from all the machines that don't do this already.
- Using this script has the advantage over crontab entries that it doesn't
- interrupt what is happening on the console, if someone is using it.
-
- Use
-	stamper /usr/adm/target.console /usr/adm/other.console
- to add time stamps to the log file for the `target' and `other' machines.
-
- [ This stamper script will go away someday soon. -- ksb]
-
---
-"When the head an heart of it finally alope!"
-kayessbee, Kevin Braunsdorf, ksb@cc.purdue.edu, pur-ee!ksb, purdue!ksb

conserver/Sun-serial

@@ -1,5 +1,3 @@
-# $Id: Sun-serial,v 2.1 93/02/09 11:45:12 ldv Exp $
-
 If you are going to be hooking Sun consoles to your console server, you
 will run into a problem:  The sun will halt whenever the cable is unplugged.
 It will also halt when the the console server is powered off and on.  To

conserver/TODO

@@ -1,8 +0,0 @@
-# $Id: TODO,v 5.7 92/02/18 09:52:33 ksb Exp $
-
-Just finish some #if's for TERMIO/TERMIOS/V7 ttys.
-
-kayessbee
---
-"This may be a new sense of the word `robust' for you."
-kayessbee, Kevin Braunsdorf, ksb@cc.purdue.edu, pur-ee!ksb, purdue!ksb

conserver/access.c

@@ -1,6 +1,4 @@
 /*
- *  $Id: access.c,v 5.15 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -33,56 +31,24 @@
  *
  * 4. This notice may not be removed or altered.
  */
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright 1992 Purdue Research Foundation.\nAll rights reserved.\n";
+
+#include <compat.h>
+
+#include <cutil.h>
+#include <access.h>
+#include <consent.h>
+#include <client.h>
+#include <group.h>
+#include <readcfg.h>
+#include <main.h>
+
+#if USE_IPV6
+# include <net/if.h>
+# include <ifaddrs.h>
+# include <sys/socket.h>
+# include <netdb.h>
 #endif
 
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/resource.h>
-#include <sys/wait.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <errno.h>
-#include <signal.h>
-#include <pwd.h>
-
-#include "cons.h"
-#include "port.h"
-#include "access.h"
-#include "consent.h"
-#include "client.h"
-#include "group.h"
-#include "readcfg.h"
-#include "main.h"
-
-#if USE_STRINGS
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-
-/* in the routines below (the init code) we can bomb if malloc fails	(ksb)
- */
-void
-OutOfMem()
-{
-	static char acNoMem[] = ": out of memory\n";
-
-	write(2, progname, strlen(progname));
-	write(2, acNoMem, sizeof(acNoMem)-1);
-	exit(45);
-}
-
 /* Compare an Internet address (IPv4 expected), with an address pattern
  * passed as a character string representing an address in the Internet
  * standard `.' notation, optionally followed by a slash and an integer
@@ -96,39 +62,44 @@ OutOfMem()
  * Returns 0 if the addresses match, else returns 1.
  */
 int
-AddrCmp(hp, pattern)
-struct hostent *hp;
-char *pattern;
+AddrCmp(struct in_addr *addr, char *pattern)
 {
-    unsigned long int hostaddr, pattern_addr, netmask;
-    char buf[200], *p, *slash_posn;
-
-    if (hp->h_addrtype != AF_INET || hp->h_length != 4)
-	return 1;	/* unsupported address type */
+    in_addr_t hostaddr, pattern_addr, netmask;
+    char *p, *slash_posn;
+    static STRING *buf = (STRING *)0;
+#if HAVE_INET_ATON
+    struct in_addr inetaddr;
+#endif
 
+    if (buf == (STRING *)0)
+	buf = AllocString();
     slash_posn = strchr(pattern, '/');
     if (slash_posn != NULL) {
-	if (strlen(pattern) >= sizeof(buf))
-	    return 1;	/* too long to handle */
-	strncpy(buf, pattern, sizeof(buf));
-	buf[slash_posn-pattern] = '\0';	/* isolate the address */
-	p = buf;
-    }
-    else
+	BuildString((char *)0, buf);
+	BuildString(pattern, buf);
+	buf->string[slash_posn - pattern] = '\0';	/* isolate the address */
+	p = buf->string;
+    } else
 	p = pattern;
 
+#if HAVE_INET_ATON
+    if (inet_aton(p, &inetaddr) == 0)
+	return 1;
+    pattern_addr = inetaddr.s_addr;
+#else
     pattern_addr = inet_addr(p);
-    if (pattern_addr == -1)
-	return 1;	/* malformed address */
+    if (pattern_addr == (in_addr_t) (-1))
+	return 1;		/* malformed address */
+#endif
 
     if (slash_posn) {
 	/* convert explicit netmask */
-	int mask_bits = atoi(slash_posn+1);
+	int mask_bits = atoi(slash_posn + 1);
 	for (netmask = 0; mask_bits > 0; --mask_bits)
 	    netmask = 0x80000000 | (netmask >> 1);
     } else {
 	/* netmask implied by address class */
-	unsigned long int ia = ntohl(pattern_addr);
+	in_addr_t ia = ntohl(pattern_addr);
 	if (IN_CLASSA(ia))
 	    netmask = IN_CLASSA_NET;
 	else if (IN_CLASSB(ia))
@@ -136,132 +107,313 @@ char *pattern;
 	else if (IN_CLASSC(ia))
 	    netmask = IN_CLASSC_NET;
 	else
-	    return 1;	/* unsupported address class */
+	    return 1;		/* unsupported address class */
     }
     netmask = htonl(netmask);
     if (~netmask & pattern_addr)
-	netmask = 0xffffffff;		/* compare entire addresses */
-    hostaddr = *(unsigned long int*)hp->h_addr;
+	netmask = 0xffffffff;	/* compare entire addresses */
+    hostaddr = addr->s_addr;
+
+    CONDDEBUG((1, "AddrCmp(): host=%lx(%lx/%lx) acl=%lx(%lx/%lx)",
+	       hostaddr & netmask, hostaddr, netmask,
+	       pattern_addr & netmask, pattern_addr, netmask));
     return (hostaddr & netmask) != (pattern_addr & netmask);
 }
 
 /* return the access type for a given host entry			(ksb)
  */
 char
-AccType(hp)
-struct hostent *hp;
+AccType(INADDR_STYPE *addr, char **peername)
 {
-	register int i;
-	register unsigned char *puc;
-	register char *pcName;
-	auto char acAddr[4*4];
-	register int len;
-
-	if ( fDebug ) {
-	    puc = (unsigned char *)hp->h_addr;
-	    sprintf(acAddr, "%d.%d.%d.%d", puc[0], puc[1], puc[2], puc[3]);
-	    fprintf( stderr, "%s: Access check: hostname=%s, ip=%s\n", progname, hp->h_name, acAddr );
-	}
-#if ORIGINAL_CODE
-	puc = (unsigned char *)hp->h_addr;
-	sprintf(acAddr, "%d.%d.%d.%d", puc[0], puc[1], puc[2], puc[3]);
-#endif
-	for (i = 0; i < iAccess; ++i) {
-		if ( fDebug ) {
-		    fprintf( stderr, "%s: Access check:    who=%s, trust=%c\n", progname, pACList[i].pcwho, pACList[i].ctrust );
-		}
-		if (isdigit(pACList[i].pcwho[0])) {
-#if ORIGINAL_CODE
-			/* we could allow 128.210.7 to match all on that subnet
-			 * here...
-			 */
-			if (0 == strcmp(acAddr, pACList[i].pcwho)) {
-				return pACList[i].ctrust;
-			}
+    ACCESS *pACtmp;
+    socklen_t so;
+    char ret;
+#if USE_IPV6
+    int error;
+    char host[NI_MAXHOST];
+    char ipaddr[NI_MAXHOST];
 #else
-			if (0 == AddrCmp(hp, pACList[i].pcwho)) {
-				return pACList[i].ctrust;
-			}
-#endif
-			continue;
-		}
-		pcName = hp->h_name;
-		len = strlen(pcName);
-		while (len >= pACList[i].ilen) {
-			if (0 == strcmp(pcName, pACList[i].pcwho)) {
-				return pACList[i].ctrust;
-			}
-			pcName = strchr(pcName, '.');
-			if ((char *)0 == pcName) {
-				break;
-			}
-			++pcName;
-			len = strlen(pcName);
-		}
+    struct hostent *he = (struct hostent *)0;
+    int a;
+# if TRUST_REVERSE_DNS
+    char **revNames = (char **)0;
+# endif
+
+    CONDDEBUG((1, "AccType(): ip=%s", inet_ntoa(*addr)));
+#endif /* USE_IPV6 */
+
+    ret = config->defaultaccess;
+    so = sizeof(*addr);
+
+#if USE_IPV6
+    /*
+     * XXX where is the TRUST_REVERSE_DNS support for IPv6???
+     *
+     * XXX IPv4 should use getnameinfo() et al as well
+     * (if available, they are in IEEE Std 1003.1g-2000)
+     */
+    error =
+	getnameinfo((struct sockaddr *)addr, so, ipaddr, sizeof(ipaddr),
+		    NULL, 0, NI_NUMERICHOST);
+    if (error) {
+	Error("AccType(): getnameinfo failed: %s", gai_strerror(error));
+	goto common_ret;
+    }
+    CONDDEBUG((1, "AccType(): ip=%s (%s)", ipaddr,
+	       addr->ss_family == AF_UNSPEC ? "AF_UNSPEC" : 
+	       addr->ss_family == AF_LOCAL ? "AF_LOCAL" : 
+	       addr->ss_family == AF_INET ? "AF_INET" : 
+	       addr->ss_family == AF_INET6 ? "AF_INET6" : "IF_???"));
+
+    error =
+	getnameinfo((struct sockaddr *)addr, so, host, sizeof(host), NULL,
+		    0, 0);
+    if (!error)
+	CONDDEBUG((1, "AccType(): host=%s", host));
+
+    for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
+	CONDDEBUG((1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
+		   pACtmp->ctrust));
+	if (addr->ss_family == AF_INET && pACtmp->isCIDR != 0) {
+	    if (AddrCmp
+		(&(((struct sockaddr_in *)addr)->sin_addr),
+		 pACtmp->pcwho) == 0) {
+		ret = pACtmp->ctrust;
+		goto common_ret;
+	    }
+	    continue;
 	}
-	return chDefAcc;
+
+	if (strstr(ipaddr, pACtmp->pcwho) != NULL) {
+	    CONDDEBUG((1, "AccType(): match for ip=%s", ipaddr));
+	    ret = pACtmp->ctrust;
+	    goto common_ret;
+	}
+
+	if (!error && strstr(host, pACtmp->pcwho) != NULL) {
+	    CONDDEBUG((1, "AccType(): match for host=%s", host));
+	    ret = pACtmp->ctrust;
+	    goto common_ret;
+	}
+    }
+  common_ret:
+    if (config->loghostnames == FLAGTRUE && !error)
+	*peername = StrDup(host);
+#else  /* !USE_IPV6 */
+# if TRUST_REVERSE_DNS
+    /* if we trust reverse dns, we get the names associated with
+     * the address we're checking and then check each of those
+     * against the access list entries (below).
+     */
+    if ((he =
+	 gethostbyaddr((char *)addr, so,
+		       AF_INET)) == (struct hostent *)0) {
+	Error("AccType(): gethostbyaddr(%s): %s", inet_ntoa(*addr),
+	      hstrerror(h_errno));
+    } else {
+	char *hname;
+	if (he->h_name != (char *)0) {
+	    /* count up the number of names */
+	    for (a = 0, hname = he->h_aliases[a]; hname != (char *)0;
+		 hname = he->h_aliases[++a]);
+	    a += 2;		/* h_name + (char *)0 */
+	    /* now duplicate them */
+	    if ((revNames =
+		 (char **)calloc(a, sizeof(char *))) != (char **)0) {
+		for (hname = he->h_name, a = 0; hname != (char *)0;
+		     hname = he->h_aliases[a++]) {
+		    if ((revNames[a] = StrDup(hname)) == (char *)0)
+			break;
+		    CONDDEBUG((1, "AccType(): revNames[%d]='%s'", a,
+			       hname));
+		}
+	    }
+	}
+    }
+# endif
+
+    for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
+	CONDDEBUG((1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
+		   pACtmp->ctrust));
+	if (pACtmp->isCIDR != 0) {
+	    if (AddrCmp(addr, pACtmp->pcwho) == 0) {
+		ret = pACtmp->ctrust;
+		goto common_ret;
+	    }
+	    continue;
+	}
+
+	if ((he = gethostbyname(pACtmp->pcwho)) == (struct hostent *)0) {
+	    Error("AccType(): gethostbyname(%s): %s", pACtmp->pcwho,
+		  hstrerror(h_errno));
+	} else if (4 != he->h_length || AF_INET != he->h_addrtype) {
+	    Error
+		("AccType(): gethostbyname(%s): wrong address size (4 != %d) or address family (%d != %d)",
+		 pACtmp->pcwho, he->h_length, AF_INET, he->h_addrtype);
+	} else {
+	    for (a = 0; he->h_addr_list[a] != (char *)0; a++) {
+		CONDDEBUG((1, "AccType(): addr=%s",
+			   inet_ntoa(*(struct in_addr *)
+				     (he->h_addr_list[a]))));
+		if (
+# if HAVE_MEMCMP
+		       memcmp(&(addr->s_addr), he->h_addr_list[a],
+			      he->h_length)
+# else
+		       bcmp(&(addr->s_addr), he->h_addr_list[a],
+			    he->h_length)
+# endif
+		       == 0) {
+		    ret = pACtmp->ctrust;
+		    goto common_ret;
+		}
+	    }
+	}
+# if TRUST_REVERSE_DNS
+	/* we chop bits off client names so that we can put domain
+	 * names in access lists or even top-level domains.
+	 *    allowed conserver.com, net;
+	 * this allows anything from conserver.com and anything in
+	 * the .net top-level.  without TRUST_REVERSE_DNS, those names
+	 * better map to ip addresses for them to take effect.
+	 */
+	if (revNames != (char **)0) {
+	    char *pcName;
+	    int wlen;
+	    int len;
+	    wlen = strlen(pACtmp->pcwho);
+	    for (a = 0; revNames[a] != (char *)0; a++) {
+		for (pcName = revNames[a], len = strlen(pcName);
+		     len >= wlen; len = strlen(++pcName)) {
+		    CONDDEBUG((1, "AccType(): name=%s", pcName));
+		    if (strcasecmp(pcName, pACtmp->pcwho) == 0) {
+			if (peername != (char **)0)
+			    *peername = StrDup(revNames[a]);
+			ret = pACtmp->ctrust;
+			goto common_ret2;
+		    }
+		    pcName = strchr(pcName, '.');
+		    if (pcName == (char *)0)
+			break;
+		}
+	    }
+	}
+# endif
+    }
+
+  common_ret:
+    if (config->loghostnames == FLAGTRUE && peername != (char **)0) {
+# if TRUST_REVERSE_DNS
+	if (revNames != (char **)0 && revNames[0] != (char *)0)
+	    *peername = StrDup(revNames[0]);
+# else
+	if ((he =
+	     gethostbyaddr((char *)addr, so,
+			   AF_INET)) != (struct hostent *)0) {
+	    *peername = StrDup(he->h_name);
+	}
+# endif
+    }
+# if TRUST_REVERSE_DNS
+  common_ret2:
+    if (revNames != (char **)0) {
+	for (a = 0; revNames[a] != (char *)0; a++)
+	    free(revNames[a]);
+	free(revNames);
+    }
+# endif
+#endif /* USE_IPV6 */
+    return ret;
 }
 
-/* we know iAccess == 0, we want to setup a nice default access list	(ksb)
- */
 void
-SetDefAccess(hpLocal)
-struct hostent *hpLocal;
+SetDefAccess(
+#if USE_IPV6
+		void
+#else
+		struct in_addr *pAddr, char *pHost
+#endif
+    )
 {
-	register char *pcWho, *pcDomain;
-	register unsigned char *puc;
-	register int iLen;
+    ACCESS *a;
+#if USE_IPV6
+    int error;
+    char addr[NI_MAXHOST];
+    struct ifaddrs *myAddrs, *ifa;
+#endif /* USE_IPV6 */
 
-	pACList = (ACCESS *)calloc(3, sizeof(ACCESS));
-	if ((ACCESS *)0 == pACList) {
-		OutOfMem();
-	}
-	if ((char *)0 == (pcWho = malloc(4*3+1))) {
-		OutOfMem();
-	}
-	puc = (unsigned char *)hpLocal->h_addr;
-	sprintf(pcWho, "%d.%d.%d.%d", puc[0], puc[1], puc[2], puc[3]);
-	pACList[iAccess].ctrust = 'a';
-	pACList[iAccess].ilen = strlen(pcWho);
-	pACList[iAccess++].pcwho = pcWho;
+    while (pACList != (ACCESS *)0) {
+	a = pACList->pACnext;
+	DestroyAccessList(pACList);
+	pACList = a;
+    }
 
-	if ((char *)0 == (pcDomain = strchr(hpLocal->h_name, '.'))) {
-		return;
-	}
-	++pcDomain;
-	iLen = strlen(pcDomain);
-	pcWho = malloc(iLen+1);
-	pACList[iAccess].ctrust = 'a';
-	pACList[iAccess].ilen = iLen;
-	pACList[iAccess++].pcwho = strcpy(pcWho, pcDomain);
+#if USE_IPV6
+    /* get list of all addresses on system */
+    error = getifaddrs(&myAddrs);
+    if (error) {
+	Error("SetDefAccess(): getifaddrs: %s", strerror(errno));
+	return;
+    }
+
+    for (ifa = myAddrs; ifa != NULL; ifa = ifa->ifa_next) {
+	/* skip interfaces without address or in down state */
+	if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP))
+	    continue;
+
+	error =
+	    getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_storage),
+			addr, sizeof(addr), NULL, 0, NI_NUMERICHOST);
+	if (error)
+	    continue;
+
+	if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
+	    OutOfMem();
+	if ((a->pcwho = StrDup(addr)) == (char *)0)
+	    OutOfMem();
+
+	a->ctrust = config->defaultaccess;
+	a->pACnext = pACList;
+	pACList = a;
+
+	CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+		   pACList->pcwho));
+    }
+    freeifaddrs(myAddrs);
+#elif USE_UNIX_DOMAIN_SOCKETS
+    if ((pACList = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
+	OutOfMem();
+    if ((pACList->pcwho = StrDup("127.0.0.1")) == (char *)0)
+	OutOfMem();
+    pACList->ctrust = config->defaultaccess;
+    CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+	       pACList->pcwho));
+#else
+    while (pAddr->s_addr != (in_addr_t) 0) {
+	char *addr;
+
+	addr = inet_ntoa(*pAddr);
+	if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
+	    OutOfMem();
+	if ((a->pcwho = StrDup(addr)) == (char *)0)
+	    OutOfMem();
+	a->ctrust = config->defaultaccess;
+	a->pACnext = pACList;
+	pACList = a;
+
+	CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+		   pACList->pcwho));
+	pAddr++;
+    }
+#endif
 }
 
-/* thread ther list of uniq console server machines, aliases for	(ksb)
- * machines will screw us up
- */
-REMOTE *
-FindUniq(pRCAll)
-register REMOTE *pRCAll;
+void
+DestroyAccessList(ACCESS *pACList)
 {
-	register REMOTE *pRC;
-
-	/* INV: tail of the list we are building always contains only
-	 * uniq hosts, or the empty list.
-	 */
-	if ((REMOTE *)0 == pRCAll) {
-		return (REMOTE *)0;
-	}
-
-	pRCAll->pRCuniq = FindUniq(pRCAll->pRCnext);
-
-	/* if it is in the returned list of uniq hosts, return that list
-	 * else add us by returning our node
-	 */
-	for (pRC = pRCAll->pRCuniq; (REMOTE *)0 != pRC; pRC = pRC->pRCuniq) {
-		if (0 == strcmp(pRC->rhost, pRCAll->rhost)) {
-			return pRCAll->pRCuniq;
-		}
-	}
-	return pRCAll;
+    if (pACList == (ACCESS *)0)
+	return;
+    if (pACList->pcwho != (char *)0)
+	free(pACList->pcwho);
+    free(pACList);
 }
-

conserver/access.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: access.h,v 5.9 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -38,19 +36,18 @@
  */
 
 typedef struct access {
-	char ctrust;		/* how much do we trust the host	*/
-	int ilen;		/* length (strlen) of pcwho		*/
-	char *pcwho;		/* what is the hosts name/ip number	*/
+    char ctrust;		/* how much do we trust the host        */
+    char *pcwho;		/* what is the hosts name/ip number     */
+    int isCIDR;			/* is this a CIDR addr (or hostname?)   */
+    struct access *pACnext;	/* next access list                     */
 } ACCESS;
 
-typedef struct remote {		/* console at another host		*/
-	struct remote *pRCnext;	/* next remote console we know about	*/
-	struct remote *pRCuniq;	/* list of uniq remote servers		*/
-	char rserver[32];	/* remote server name			*/
-	char rhost[256];	/* remote host to call to get it	*/
-} REMOTE;
-
-extern void OutOfMem();
-extern REMOTE *FindUniq();
-extern char AccType();
-extern void SetDefAccess();
+extern char AccType(INADDR_STYPE *, char **);
+extern void SetDefAccess(
+#if USE_IPV6
+			    void
+#else
+			    struct in_addr *, char *
+#endif
+    );
+extern void DestroyAccessList(ACCESS *);

conserver/client.c

@@ -1,6 +1,4 @@
 /*
- *  $Id: client.c,v 5.22 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -33,181 +31,327 @@
  *
  * 4. This notice may not be removed or altered.
  */
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright 1992 Purdue Research Foundation.\nAll rights reserved.\n";
-#endif
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/resource.h>
-#include <sys/wait.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <errno.h>
-#include <signal.h>
-#include <pwd.h>
 
-#include "cons.h"
-#include "port.h"
-#include "consent.h"
-#include "client.h"
+#include <compat.h>
 
-#if USE_STRINGS
-#include <strings.h>
-#else
-#include <string.h>
+#include <cutil.h>
+#include <consent.h>
+#include <access.h>
+#include <client.h>
+#include <group.h>
+#include <readcfg.h>
+
+#if USE_IPV6
+# include <sys/socket.h>
+# include <netdb.h>
+#endif /* USE_IPV6 */
+
+#if defined(USE_LIBWRAP)
+# include <syslog.h>
+# include <tcpd.h>
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_WARNING;
 #endif
 
+
 /* find the next guy who wants to write on the console			(ksb)
  */
-CLIENT *
-FindWrite(pCL)
-CLIENT *pCL;
+void
+FindWrite(CONSENT *pCE)
 {
-	/* return the first guy to have the `want write' bit set
-	 * (tell him of the promotion, too)  we could look for the
-	 * most recent or some such... I guess it doesn't matter that
-	 * much.
-	 */
-	for (/*passed in*/; (CLIENT *)0 != pCL; pCL = pCL->pCLnext) {
-		if (!pCL->fwantwr)
-			continue;
-		if (!pCL->pCEto->fup || pCL->pCEto->fronly)
-			break;
-		pCL->fwantwr = 0;
-		pCL->fwr = 1;
-		if ( pCL->pCEto->nolog ) {
-		    CSTROUT(pCL->fd, "\r\n[attached (nologging)]\r\n");
-		} else {
-		    CSTROUT(pCL->fd, "\r\n[attached]\r\n");
-		}
-		return pCL;
-	}
-	return (CLIENT *)0;
-}
+    CONSCLIENT *pCLfound = (CONSCLIENT *)0;
+    CONSCLIENT *pCL;
 
-#if HAVE_IDENTD
-/* use identd to verify a user at a host				(ksb)
- * we have a list of login@host:passwd:trust after the general host
- * limits.  We call identd/tap/auth to get info and compare
- */
-IdentifyMe(pCL)
-CLIENT *pCL;
-{
-	/* ZZZ */
-	/* we would have to getsockname(fdClient)
-	 * getpeername(fdClient)
-	 * identd_client(addr, addr, acBuffer
-	 * check for identifier in allowed list
-	 * return the permision (modify in pCL)
-	 */
-}
-#endif
+    /* make the first guy (last on the list) to have the `want write' bit set
+     * the writer (tell him of the promotion, too)  we could look for the most
+     * recent or some such... I guess it doesn't matter that much.
+     */
+    if (pCE->pCLwr != (CONSCLIENT *)0 || pCE->fronly)
+	return;
 
-/* show a character as a string so the user cannot mistake it for	(ksb)
- * another
- * 
- * must pass us at least 16 characters to put fill with text
- */
-char *
-FmtCtl(ci, pcIn)
-int ci;
-char *pcIn;
-{
-	register char *pcOut = pcIn;
-	unsigned char c;
+    for (pCL = pCE->pCLon; (CONSCLIENT *)0 != pCL; pCL = pCL->pCLnext) {
+	if (pCL->fwantwr && !pCL->fro)
+	    pCLfound = pCL;
+    }
 
-	c = ci & 0xff;
-	if (c > 127) {
-		c -= 128;
-		*pcOut++ = 'M';
-		*pcOut++ = '-';
-	}
-
-	if (c < ' ' || c == '\177') {
-		*pcOut++ = '^';
-		*pcOut++ = c ^ 0100;
-		*pcOut = '\000';
-	} else if (c == ' ') {
-		(void)strcpy(pcOut, "<space>");
-	} else if (c == '^') {
-		(void)strcpy(pcOut, "<circumflex>");
-	} else if (c == '\\') {
-		(void)strcpy(pcOut, "<backslash>");
+    if (pCLfound != (CONSCLIENT *)0) {
+	pCLfound->fwantwr = 0;
+	pCLfound->fwr = 1;
+	if (pCE->nolog) {
+	    FileWrite(pCLfound->fd, FLAGFALSE,
+		      "\r\n[attached (nologging)]\r\n", -1);
 	} else {
-		*pcOut++ = c;
-		*pcOut = '\000';
+	    FileWrite(pCLfound->fd, FLAGFALSE, "\r\n[attached]\r\n", -1);
 	}
-	return pcIn;
+	TagLogfileAct(pCE, "%s attached", pCLfound->acid->string);
+	pCE->pCLwr = pCLfound;
+    }
 }
 
-/* replay last iBack lines of the log file upon connect to console	(ksb)
+void
+BumpClient(CONSENT *pCE, char *message)
+{
+    if ((CONSCLIENT *)0 == pCE->pCLwr)
+	return;
+
+    if ((char *)0 != message)
+	FileWrite(pCE->pCLwr->fd, FLAGFALSE, message, -1);
+    pCE->pCLwr->fwantwr = 0;
+    pCE->pCLwr->fwr = 0;
+    pCE->pCLwr = (CONSCLIENT *)0;
+}
+
+/* replay last 'back' lines of the log file upon connect to console	(ksb)
  *
  * NB: we know the console might be spewing when the replay happens,
  * we want to just output what is in the log file and get out,
  * so we don't drop chars...
  */
+#define REPLAYBUFFER 4096
+
 void
-Replay(fdLog, fdOut, iBack)
-int fdLog, fdOut, iBack;
+Replay(CONSENT *pCE, CONSFILE *fdOut, unsigned short back)
 {
-	register int tot, nCr;
-	register char *pc;
-	register off_t where;
-	auto char bf[MAXREPLAY+2];
-	auto struct stat stLog;
-
-	if (-1 == fdLog) {
-		CSTROUT(fdOut, "[no log file on this console]\r\n");
-		return;
-	}
-
-	/* find the size of the file
-	 */
-	if (0 != fstat(fdLog, & stLog)) {
-		return;
-	}
-
-	if (MAXREPLAY > stLog.st_size) {
-		where = 0L;
-	} else {
-		where = stLog.st_size - MAXREPLAY;
-	}
-
-#if defined(SEEK_SET)
-	/* PTX and maybe other Posix systems
-	 */
-	if (lseek(fdLog, where, SEEK_SET) < 0) {
-		return;
-	}
-#else
-	if (lseek(fdLog, where, L_SET) < 0) {
-		return;
-	}
+    CONSFILE *fdLog = (CONSFILE *)0;
+    STRING *line = (STRING *)0;
+    off_t file_pos;
+    off_t buf_pos;
+    char *buf = (char *)0;
+    char *bp = (char *)0;
+    int ch;
+    struct stat stLog;
+    int ln;
+    int was_mark = 0;
+#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
+    unsigned long dmallocMarkReplay = 0;
 #endif
 
-	if ((tot = read(fdLog, bf, MAXREPLAY)) <= 0) {
-		return;
-	}
-	bf[tot] = '@';
+    if (pCE != (CONSENT *)0 && pCE->logfile != (char *)0)
+	fdLog = FileOpen(pCE->logfile, O_RDONLY, 0644);
 
-	pc = & bf[tot];
-	nCr = 0;
-	while (--pc != bf) {
-		if ('\n' == *pc && iBack == nCr++) {
-			++pc;	/* get rid of a blank line */
-			break;
+    if (fdLog == (CONSFILE *)0) {
+	FileWrite(fdOut, FLAGFALSE, "[no log file on this console]\r\n",
+		  -1);
+	return;
+    }
+#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
+    dmallocMarkReplay = dmalloc_mark();
+#endif
+
+    /* find the size of the file
+     */
+    if (0 != FileStat(fdLog, &stLog))
+	goto common_exit;
+
+    file_pos = stLog.st_size - 1;	/* point at last byte */
+    buf_pos = file_pos + 1;
+
+    if ((char *)0 == (buf = malloc(REPLAYBUFFER)))
+	OutOfMem();
+    bp = buf + 1;		/* just give it something - it resets below */
+
+    line = AllocString();
+
+    /* loop as long as there is data in the file or we have not found
+     * the requested number of lines
+     */
+    ln = -1;
+    for (; file_pos >= 0; file_pos--, bp--) {
+	if (file_pos < buf_pos) {
+	    int r;
+
+	    /* read one buffer worth of data a buffer boundary
+	     *
+	     * the first read will probably not get a full buffer but
+	     * the rest (as we work our way back in the file) should be
+	     */
+	    buf_pos = (file_pos / REPLAYBUFFER) * REPLAYBUFFER;
+	    if (FileSeek(fdLog, buf_pos, SEEK_SET) < 0) {
+		goto common_exit;
+	    }
+	    if ((r = FileRead(fdLog, buf, REPLAYBUFFER)) < 0) {
+		goto common_exit;
+	    }
+	    bp = buf + r - 1;
+	}
+
+	/* process the next character
+	 */
+	if ((ch = *bp) == '\n') {
+	    if (ln >= 0) {
+		int i;
+		int u;
+		int is_mark = 0;
+
+		/* reverse the text to put it in forward order
+		 */
+		u = line->used - 1;
+		for (i = 0; i < u / 2; i++) {
+		    int temp;
+
+		    temp = line->string[i];
+		    line->string[i] = line->string[u - i - 1];
+		    line->string[u - i - 1] = temp;
 		}
+
+		/* see if this line is a MARK
+		 */
+		if (line->used > 0 && line->string[0] == '[') {
+		    char dummy[4];
+		    int j;
+		    i = sscanf(line->string + 1,
+			       "-- MARK -- %3c %3c %d %d:%d:%d %d]\r\n",
+			       dummy, dummy, &j, &j, &j, &j, &j);
+		    is_mark = (i == 7);
+		}
+
+		/* process this line
+		 */
+		if (is_mark && was_mark) {
+		    /* this is a mark and the previous line is also
+		     * a mark, so reduce the line count 'cause it'll
+		     * go up by one and we're joining them on output.
+		     */
+		    ln--;
+		}
+		was_mark = is_mark;
+	    }
+
+	    /* advance to the next line and break if we have enough
+	     */
+	    ln++;
+	    BuildString((char *)0, line);
+	    if (ln >= back) {
+		break;
+	    }
 	}
 
-	(void)write(fdOut, pc, tot-(pc - bf));
+	/* if we have a character but no lines yet, the last text in the
+	 * file does not end with a newline, so start the first line anyway
+	 */
+	if (ln < 0) {
+	    ln = 0;
+	}
+	BuildStringChar(ch, line);
+
+	/* if we've processed "a lot" of data for a line, then bail
+	 * why?  there must be some very long non-newline terminated
+	 * strings and if we just keep going back, we could spew lots
+	 * of data and chew up lots of memory
+	 */
+	if (line->used > MAXREPLAYLINELEN) {
+	    break;
+	}
+    }
+
+    /* move forward.  either we hit the beginning of the file and we
+     * move to the first byte, or we hit a \n and we move past it
+     */
+    file_pos++;
+
+    /* Now output the lines, starting from where we stopped */
+    if (FileSeek(fdLog, file_pos, SEEK_SET) >= 0) {
+	int eof = 0;
+	int i = 0;
+	int r = 0;
+	STRING *mark_beg = (STRING *)0;
+	STRING *mark_end = (STRING *)0;
+
+	mark_beg = AllocString();
+	mark_end = AllocString();
+
+	ln = 0;			/* number of lines output */
+	BuildString((char *)0, line);
+
+	while (ln < back && !eof) {
+	    if (r <= 0) {
+		if ((r = FileRead(fdLog, buf, REPLAYBUFFER)) < 0)
+		    eof = 1;
+		i = 0;
+	    }
+
+	    if (!eof)
+		BuildStringChar(buf[i], line);
+
+	    if (buf[i] == '\n' || eof) {
+		int is_mark = 0;
+		if (line->used > 0 && line->string[0] == '[') {
+		    char dummy[4];
+		    int j;
+		    int i;
+		    i = sscanf(line->string + 1,
+			       "-- MARK -- %3c %3c %d %d:%d:%d %d]\r\n",
+			       dummy, dummy, &j, &j, &j, &j, &j);
+		    is_mark = (i == 7);
+		}
+		if (is_mark) {
+		    if (mark_beg->used > 1) {
+			BuildString((char *)0, mark_end);
+			BuildString(line->string, mark_end);
+		    } else
+			BuildString(line->string, mark_beg);
+		} else {
+		    if (mark_beg->used > 1) {
+			if (mark_end->used > 1) {
+			    char *s;
+
+			    /* output the start of the range, stopping at the ']' */
+			    s = strrchr(mark_beg->string, ']');
+			    if ((char *)0 != s)
+				*s = '\000';
+			    FileWrite(fdOut, FLAGTRUE, mark_beg->string,
+				      -1);
+			    FileWrite(fdOut, FLAGTRUE, " .. ", 4);
+
+			    /* build the end string by removing the leading "[-- MARK -- "
+			     * and replacing "]\r\n" on the end with " -- MARK --]\r\n"
+			     */
+			    s = strrchr(mark_end->string, ']');
+			    if ((char *)0 != s)
+				*s = '\000';
+			    FileWrite(fdOut, FLAGTRUE,
+				      mark_end->string +
+				      sizeof("[-- MARK -- ") - 1, -1);
+			    FileWrite(fdOut, FLAGFALSE, " -- MARK --]\r\n",
+				      -1);
+			} else {
+			    FileWrite(fdOut, FLAGFALSE, mark_beg->string,
+				      mark_beg->used - 1);
+			}
+			BuildString((char *)0, mark_beg);
+			BuildString((char *)0, mark_end);
+			ln++;
+			if (ln >= back)
+			    break;
+		    }
+		    FileWrite(fdOut, FLAGFALSE, line->string,
+			      line->used - 1);
+		    ln++;
+		}
+		BuildString((char *)0, line);
+	    }
+
+	    /* move the counters */
+	    i++;
+	    r--;
+	}
+	DestroyString(mark_end);
+	DestroyString(mark_beg);
+    }
+
+  common_exit:
+
+    if (line != (STRING *)0)
+	DestroyString(line);
+    if (buf != (char *)0)
+	free(buf);
+    if (fdLog != (CONSFILE *)0)
+	FileClose(&fdLog);
+
+#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
+    CONDDEBUG((1, "Replay(): dmalloc / MarkReplay"));
+    dmalloc_log_changed(dmallocMarkReplay, 1, 0, 1);
+#endif
 }
 
 
@@ -215,92 +359,231 @@ int fdLog, fdOut, iBack;
  */
 #define WHEN_SPY	0x01
 #define WHEN_ATTACH	0x02
-#define WHEN_VT100	0x04
-#define WHEN_EXPERT	0x08	/* ZZZ no way to set his yet	*/
+#define WHEN_EXPERT	0x04	/* ZZZ no way to set his yet    */
 #define WHEN_ALWAYS	0x40
+#define IS_LIMITED	0x100
 
 #define HALFLINE	40
+
 typedef struct HLnode {
-	int iwhen;
-	char actext[HALFLINE];
+    int iwhen;
+    char *actext;
 } HELP;
 
 static HELP aHLTable[] = {
-	{ WHEN_ALWAYS,	".    disconnect"},
-	{ WHEN_ALWAYS,	"a    attach read/write"},
-	{ WHEN_ATTACH,	"c    toggle flow control"},
-	{ WHEN_ATTACH,	"d    down a console"},
-	{ WHEN_ALWAYS,	"e    change escape sequence"},
-	{ WHEN_ALWAYS,	"f    force attach read/write"},
-	{ WHEN_ALWAYS,	"g    group info"},
-	{ WHEN_ATTACH,	"L    toggle logging on/off"},
-	{ WHEN_ATTACH,	"l1   send break (halt host!)"},
-	{ WHEN_ALWAYS,	"o    (re)open the tty and log file"},
-	{ WHEN_ALWAYS,	"p    replay the last 60 lines"},
-	{ WHEN_ALWAYS,	"r    replay the last 20 lines"},
-	{ WHEN_ATTACH,	"s    spy read only"},
-	{ WHEN_ALWAYS,	"u    show host status"},
-	{ WHEN_ALWAYS,	"v    show version info"},
-	{ WHEN_ALWAYS,	"w    who is on this console"},
-	{ WHEN_ALWAYS,	"x    show console baud info"},
-	{ WHEN_ALWAYS,	"z    suspend the connection"},
-	{ WHEN_ALWAYS,	"<cr> ignore/abort command"},
-	{ WHEN_ALWAYS,	"?    print this message"},
-	{ WHEN_ALWAYS,	"^R   short replay"},
-	{ WHEN_ATTACH, "\\ooo send character by octal code"},
-	{ WHEN_EXPERT,	"^I   toggle tab expansion"},
-	{ WHEN_EXPERT,	";    change to another console"},
-	{ WHEN_EXPERT,	"+(-) do (not) drop line"},
-	{ WHEN_VT100,	"PF1  print this message"},
-	{ WHEN_VT100,	"PF2  disconnect"},
-	{ WHEN_VT100,	"PF3  replay the last 20 lines"},
-	{ WHEN_VT100,	"PF4  spy read only"}
+    {WHEN_ALWAYS, ".       disconnect"},
+    {WHEN_ALWAYS | IS_LIMITED, ";       move to another console"},
+    {WHEN_ALWAYS, "a       attach read/write"},
+    {WHEN_ALWAYS, "b       send broadcast message"},
+    {WHEN_ATTACH, "c       toggle flow control"},
+    {WHEN_ATTACH, "d       down a console"},
+    {WHEN_ALWAYS, "e       change escape sequence"},
+    {WHEN_ALWAYS, "f       force attach read/write"},
+    {WHEN_ALWAYS, "g       group info"},
+    {WHEN_ALWAYS, "i       information dump"},
+    {WHEN_ATTACH, "L       toggle logging on/off"},
+    {WHEN_ATTACH, "l?      break sequence list"},
+    {WHEN_ATTACH, "l0      send break per config file"},
+    {WHEN_ATTACH, "l1-9a-z send specific break sequence"},
+    {WHEN_ALWAYS, "m       display message of the day"},
+    {WHEN_ALWAYS, "n       write a note to the logfile"},
+    {WHEN_ALWAYS, "o       (re)open the tty and log file"},
+    {WHEN_ALWAYS, "p       playback the last %hu lines"},
+    {WHEN_ALWAYS, "P       set number of playback lines"},
+    {WHEN_ALWAYS, "r       replay the last %hu lines"},
+    {WHEN_ALWAYS, "R       set number of replay lines"},
+    {WHEN_ATTACH, "s       spy mode (read only)"},
+    {WHEN_ALWAYS, "u       show host status"},
+    {WHEN_ALWAYS, "v       show version info"},
+    {WHEN_ALWAYS, "w       who is on this console"},
+    {WHEN_ALWAYS, "x       show console baud info"},
+    {WHEN_ALWAYS | IS_LIMITED, "z       suspend the connection"},
+    {WHEN_ATTACH, "!       invoke task"},
+    {WHEN_ATTACH | IS_LIMITED, "|       attach local command"},
+    {WHEN_ALWAYS, "?       print this message"},
+    {WHEN_ALWAYS, "<cr>    ignore/abort command"},
+    {WHEN_ALWAYS, "^R      replay the last line"},
+    {WHEN_ATTACH, "\\ooo    send character by octal code"},
 };
 
 /* list the commands we know for the user				(ksb)
  */
 void
-HelpUser(pCL)
-CLIENT *pCL;
+HelpUser(CONSCLIENT *pCL)
 {
-	register int i, j, iCmp;
-	static char
-		acH1[] = "help]\r\n",
-		acH2[] = "help spy mode]\r\n",
-		acEoln[] = "\r\n";
-	auto char acLine[HALFLINE*2+3];
+    int i, j, iCmp;
+    static char
+      acH1[] = "help]\r\n", acH2[] = "help spy mode]\r\n", acEoln[] =
+	"\r\n";
+    static STRING *acLine = (STRING *)0;
 
-	iCmp = WHEN_ALWAYS|WHEN_SPY;
-	if (pCL->fwr) {
-		(void)write(pCL->fd, acH1, sizeof(acH1)-1);
-		iCmp |= WHEN_ATTACH;
-	} else {
-		(void)write(pCL->fd, acH2, sizeof(acH2)-1);
-	}
-	if ('\033' == pCL->ic[0] && 'O' == pCL->ic[1]) {
-		iCmp |= WHEN_VT100;
+    if (acLine == (STRING *)0)
+	acLine = AllocString();
+
+    iCmp = WHEN_ALWAYS | WHEN_SPY;
+    if (pCL->fwr) {
+	FileWrite(pCL->fd, FLAGTRUE, acH1, sizeof(acH1) - 1);
+	iCmp |= WHEN_ATTACH;
+    } else {
+	FileWrite(pCL->fd, FLAGTRUE, acH2, sizeof(acH2) - 1);
+    }
+
+    BuildString((char *)0, acLine);
+    for (i = 0; i < sizeof(aHLTable) / sizeof(HELP); ++i) {
+	char *text;
+
+	if (aHLTable[i].iwhen & IS_LIMITED &&
+	    ConsentUserOk(pLUList, pCL->username->string) == 1)
+	    continue;
+
+	if (0 == (aHLTable[i].iwhen & iCmp))
+	    continue;
+
+	text = aHLTable[i].actext;
+	if (text[0] == 'p') {
+	    BuildTmpString((char *)0);
+	    text = BuildTmpStringPrint(text, pCL->playback);
+	} else if (text[0] == 'r') {
+	    BuildTmpString((char *)0);
+	    text = BuildTmpStringPrint(text, pCL->replay);
 	}
 
-	acLine[0] = '\000';
-	for (i = 0; i < sizeof(aHLTable)/sizeof(HELP); ++i) {
-		if (0 == (aHLTable[i].iwhen & iCmp)) {
-			continue;
+	if (acLine->used != 0) {	/* second part of line */
+	    if (strlen(text) < HALFLINE) {
+		for (j = acLine->used; j <= HALFLINE; ++j) {
+		    BuildStringChar(' ', acLine);
 		}
-		if ('\000' == acLine[0]) {
-			acLine[0] = ' ';
-			(void)strcpy(acLine+1, aHLTable[i].actext);
-			continue;
-		}
-		for (j = strlen(acLine); j < HALFLINE+1; ++j) {
-			acLine[j] = ' ';
-		}
-		(void)strcpy(acLine+j, aHLTable[i].actext);
-		(void)strcat(acLine+j, acEoln);
-		(void)write(pCL->fd, acLine, strlen(acLine));
-		acLine[0] = '\000';
+		BuildString(text, acLine);
+		BuildString(acEoln, acLine);
+		FileWrite(pCL->fd, FLAGTRUE, acLine->string,
+			  acLine->used - 1);
+		BuildString((char *)0, acLine);
+		continue;
+	    } else {
+		BuildString(acEoln, acLine);
+		FileWrite(pCL->fd, FLAGTRUE, acLine->string,
+			  acLine->used - 1);
+		BuildString((char *)0, acLine);
+	    }
 	}
-	if ('\000' != acLine[0]) {
-		(void)strcat(acLine, acEoln);
-		(void)write(pCL->fd, acLine, strlen(acLine));
+	if (acLine->used == 0) {	/* at new line */
+	    BuildStringChar(' ', acLine);
+	    BuildString(text, acLine);
+	    if (acLine->used > HALFLINE) {
+		BuildString(acEoln, acLine);
+		FileWrite(pCL->fd, FLAGTRUE, acLine->string,
+			  acLine->used - 1);
+		BuildString((char *)0, acLine);
+	    }
 	}
+    }
+    if (acLine->used != 0) {
+	BuildString(acEoln, acLine);
+	FileWrite(pCL->fd, FLAGTRUE, acLine->string, acLine->used - 1);
+    }
+    FileWrite(pCL->fd, FLAGFALSE, (char *)0, 0);
+}
+
+int
+ClientAccessOk(CONSCLIENT *pCL)
+{
+    char *peername = (char *)0;
+    int retval = 1;
+
+#if USE_IPV6 || !USE_UNIX_DOMAIN_SOCKETS
+    socklen_t so;
+    int cfd;
+# if USE_IPV6
+    int error;
+    char addr[NI_MAXHOST];
+# endif
+    SOCKADDR_STYPE in_port;
+    int getpeer = -1;
+
+    cfd = FileFDNum(pCL->fd);
+    pCL->caccess = 'r';
+# if defined(USE_LIBWRAP)
+    {
+	struct request_info request;
+	CONDDEBUG((1, "ClientAccessOk(): doing tcpwrappers check"));
+	request_init(&request, RQ_DAEMON, progname, RQ_FILE, cfd, 0);
+	fromhost(&request);
+	if (!hosts_access(&request)) {
+	    FileWrite(pCL->fd, FLAGFALSE,
+		      "access from your host refused\r\n", -1);
+	    retval = 0;
+	    goto setpeer;
+	}
+    }
+# endif
+
+    so = sizeof(in_port);
+    if (-1 ==
+	(getpeer = getpeername(cfd, (struct sockaddr *)&in_port, &so))) {
+	FileWrite(pCL->fd, FLAGFALSE, "getpeername failed\r\n", -1);
+	retval = 0;
+	goto setpeer;
+    }
+    pCL->caccess = AccType(
+# if USE_IPV6
+			      &in_port,
+# else
+			      &in_port.sin_addr,
+# endif
+			      &peername);
+    if (pCL->caccess == 'r') {
+	FileWrite(pCL->fd, FLAGFALSE, "access from your host refused\r\n",
+		  -1);
+	retval = 0;
+    }
+  setpeer:
+#else
+    struct in_addr addr;
+
+# if HAVE_INET_ATON
+    inet_aton("127.0.0.1", &addr);
+# else
+    addr.s_addr = inet_addr("127.0.0.1");
+# endif
+    pCL->caccess = AccType(&addr, &peername);
+    if (pCL->caccess == 'r') {
+	FileWrite(pCL->fd, FLAGFALSE, "access from your host refused\r\n",
+		  -1);
+	retval = 0;
+    }
+#endif
+
+    if (pCL->peername != (STRING *)0) {
+	BuildString((char *)0, pCL->peername);
+	if (peername != (char *)0)
+	    BuildString(peername, pCL->peername);
+#if USE_IPV6
+	else if (getpeer != -1) {
+	    error =
+		getnameinfo((struct sockaddr *)&in_port, so, addr,
+			    sizeof(addr), NULL, 0, NI_NUMERICHOST);
+	    if (error) {
+		FileWrite(pCL->fd, FLAGFALSE, "getnameinfo failed\r\n",
+			  -1);
+		Error("ClientAccessOk(): gatenameinfo: %s",
+		      gai_strerror(error));
+		retval = 0;
+	    }
+
+	    BuildString(addr, pCL->peername);
+	} else
+	    BuildString("<unknown>", pCL->peername);
+#elif USE_UNIX_DOMAIN_SOCKETS
+	else
+	    BuildString("127.0.0.1", pCL->peername);
+#else
+	else if (getpeer != -1)
+	    BuildString(inet_ntoa(in_port.sin_addr), pCL->peername);
+	else
+	    BuildString("<unknown>", pCL->peername);
+#endif
+    }
+    if (peername != (char *)0)
+	free(peername);
+    return retval;
 }

conserver/client.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: client.h,v 5.14 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -35,49 +33,67 @@
  */
 /* states for a server fsm
  */
-#define S_NORMAL 0	/* just pass character				*/
-#define S_ESC1	 1	/* first escape character received		*/
-#define S_CMD	 2	/* second interrupt character received		*/
-#define S_CATTN	 3	/* change 1 escape character to next input char */
-#define S_CESC	 4	/* change 2 escape character to next input char */
-#define S_HALT1	 5	/* we have a halt sequence in progress		*/
-#define S_SUSP	 6	/* we are suspened, first char wakes us up	*/
-#define S_IDENT	 7	/* probational connection (who is this)		*/
-#define S_HOST	 8	/* still needs a host name to connect		*/
-#define S_PASSWD 9	/* still needs a passwd to connect		*/
-#define S_QUOTE 10	/* send any character we can spell		*/
-#define S_BCAST 11	/* send a broadcast message to all connections	*/
+typedef enum clientState {
+    S_NORMAL,			/* just pass character                     */
+    S_ESC1,			/* first escape character received         */
+    S_CMD,			/* second interrupt character received     */
+    S_CATTN,			/* change 1 escape char to next input char */
+    S_CESC,			/* change 2 escape char to next input char */
+    S_HALT1,			/* we have a halt sequence in progress     */
+    S_SUSP,			/* we are suspened, first char wakes us up */
+    S_IDENT,			/* probational connection (who is this)    */
+    S_PASSWD,			/* still needs a passwd to connect         */
+    S_QUOTE,			/* send any character we can spell         */
+    S_BCAST,			/* send a broadcast message to all clients */
+    S_CWAIT,			/* wait for client                         */
+    S_CEXEC,			/* client execing a program                */
+    S_REPLAY,			/* set replay length for 'r'               */
+    S_PLAYBACK,			/* set replay length for 'p'               */
+    S_NOTE,			/* send a note to the logfile              */
+    S_TASK,			/* invoke a task on the server side        */
+    S_CONFIRM			/* confirm input                           */
+} CLIENTSTATE;
 
-typedef struct client {		/* Connection Information:		*/
-	int fd;			/* file descriptor			*/
-	short fcon;		/* currently connect or not		*/
-	short fwr;		/* (client) write enable flag		*/
-	short fwantwr;		/* (client) wants to write		*/
-	short fecho;		/* echo commands (not set by machines)	*/
-	char acid[128];		/* login and location of client		*/
-	long tym;		/* time of connect			*/
-	long typetym;		/* time of last keystroke		*/
-	char actym[32]; 	/* pre-formatted time			*/
-	struct consent
-		*pCEwant,	/* what machine we would like to be on	*/
-		*pCEto;		/* host a client gets output from	*/
-	struct client
-		**ppCLbscan,	/* back link for scan ptr		*/
-		*pCLscan,	/* next client fd to scan after select	*/
-		**ppCLbnext,	/* back link for next ptr		*/
-		*pCLnext;	/* next person on this list		*/
-	char ic[2];		/* two character escape sequence	*/
-	char iState;		/* state for fsm in server		*/
-	char caccess;		/* did we trust the remote machine	*/
-	char accmd[MAXSERVLEN+1];/* the command the user issued		*/
-	int icursor;		/* the length of the command issused	*/
-	char msg[1024];		/* the broadcast message		*/
-	int mcursor;		/* the length of the message		*/
-	struct sockaddr_in
-		cnct_port; 	/* where from				*/
-} CLIENT;
+typedef struct client {		/* Connection Information:              */
+    CONSFILE *fd;		/* file descriptor                      */
+    short fcon;			/* currently connect or not             */
+    short fwr;			/* (client) write enable flag           */
+    short fwantwr;		/* (client) wants to write              */
+    short fro;			/* read-only permission                 */
+    short fecho;		/* echo commands (not set by machines)  */
+    short fiwait;		/* client wanting for console init      */
+    STRING *acid;		/* login and location of client         */
+    STRING *peername;		/* location of client                   */
+    STRING *username;		/* login of client                      */
+    time_t tym;			/* time of connect                      */
+    time_t typetym;		/* time of last keystroke               */
+    char actym[32];		/* pre-formatted time                   */
+    struct consent
+     *pCEto;			/* host a client gets output from       */
+    struct client
+    **ppCLbscan,		/* back link for scan ptr               */
+     *pCLscan,			/* next client fd to scan after select  */
+	/* scan lists link ALL clients together */
+    **ppCLbnext,		/* back link for next ptr               */
+     *pCLnext;			/* next person on this list             */
+    /* next lists link clients on a console */
+    char ic[2];			/* two character escape sequence        */
+    unsigned short replay;	/* lines to replay for 'r'              */
+    unsigned short playback;	/* lines to replay for 'p'              */
+    CLIENTSTATE iState;		/* state for fsm in server              */
+    char caccess;		/* did we trust the remote machine      */
+    IOSTATE ioState;		/* state of the socket                  */
+    time_t stateTimer;		/* timer for various ioState states */
+    STRING *accmd;		/* the command the user issued          */
+    INADDR_STYPE cnct_port;	/* where from                           */
+    FLAG confirmed;		/* confirm state                        */
+    CLIENTSTATE cState;		/* state needing confirmation           */
+    char cOption;		/* option initiating the confirmation   */
+    size_t tokenSize;		/* buffer size for GSSAPI token         */
+} CONSCLIENT;
 
-extern char *FmtCtl();
-extern void Replay();
-extern void HelpUser();
-extern CLIENT *FindWrite();
+extern void Replay(CONSENT *, CONSFILE *, unsigned short);
+extern void HelpUser(CONSCLIENT *);
+extern void FindWrite(CONSENT *);
+extern int ClientAccessOk(CONSCLIENT *);
+extern void BumpClient(CONSENT *, char *);

conserver/cons-default.h

@@ -1,51 +0,0 @@
-/*
- *  $Id: cons-default.h,v 1.7 2000-12-13 12:31:07-08 bryan Exp $
- *
- *  Copyright conserver.com, 2000
- *
- *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
- */
-
-/*
- * Socket used to communicate
- * Choose either PORT or SERVICE...
- */
-/*#define PORT		782*/
-#define SERVICE		"conserver"
-
-/*
- * Hostname of console server
- */
-#define HOST		"console"
-
-/*
- * Config file path
- */
-#define CONFIG		"/etc/conserver.cf"
-
-/*
- * Password file path
- */
-#define PASSWD_FILE	"/etc/conserver.passwd"
-
-/*
- * Number of consoles per child process
- */
-#define MAXMEMB		8
-
-/*
- * Number of child processes
- */
-#define MAXGRP		32
-
-/*
- * Clear parity (high-bit) [true/false setting]
- */
-#define CPARITY		1
-
-/*
- * TCP connection timeout
- */
-#define CONNECTTIMEOUT	10

conserver/cons-test.h

@@ -1,14 +0,0 @@
-/*
- *  $Id: cons-test.h,v 1.6 2000-12-13 12:31:07-08 bryan Exp $
- *
- *  Copyright conserver.com, 2000
- *
- *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
- */
-
-#define PORT		7777
-#define HOST		"localhost"
-#define CONFIG		"../conserver.cf/test.cf"
-#define PASSWD_FILE	"./conserver.passwd"

conserver/cons.h

@@ -1 +0,0 @@
-cons-default.h

conserver/consent.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: consent.h,v 5.15 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -40,67 +38,182 @@
 
 /* stuff to keep track of a console entry
  */
-typedef struct baud {		/* a baud rate table			*/
-	char acrate[8];
-	int irate;
+typedef struct baud {		/* a baud rate table                    */
+    char acrate[8];
+    int irate;
 } BAUD;
 
-typedef struct parity {		/* a parity bits table			*/
-	char ckey;
-	int iset;
-	int iclr;
+typedef struct parity {		/* a parity bits table                  */
+    char *key;
+    int iset;
+    int iclr;
 } PARITY;
 
-#define MAXSERVLEN	32	/* max length of server name		*/
-#define MAXDEVLEN	512	/* max length of /dev/ttyax		*/
-#define MAXLOGLEN	1024	/* max length of /usr/adm/consoles/foo	*/
-#define MAXTTYLINE	(133*2)	/* max length of a single buf'd line	*/
-#define ALARMTIME	60	/* time between chimes			*/
-
-typedef struct consent {	/* console information			*/
-	char server[MAXSERVLEN];/* server name				*/
-	char dfile[MAXDEVLEN];	/* device file				*/
-	char lfile[MAXLOGLEN];	/* log file				*/
-	BAUD *pbaud;		/* the baud on this console port	*/
-	PARITY *pparity;	/* the parity on this line		*/
-	int mark;		/* Mark (chime) interval		*/
-	long nextMark;		/* Next mark (chime) time		*/
-
- 	/* Used if network console */
- 	int isNetworkConsole;
-	char networkConsoleHost[MAXSERVLEN];
-	int networkConsolePort;
-
-#if DO_VIRTUAL
-	/* used if virtual console */
-	char acslave[MAXDEVLEN];/* pseudo-device slave side		*/
-	int fvirtual;		/* is a pty device we use as a console	*/
-	char *pccmd;		/* virtual console command		*/
-	int ipid;		/* pid of virtual command		*/
+typedef enum consType {
+    UNKNOWNTYPE = 0,
+    DEVICE,
+    EXEC,
+    HOST,
+    NOOP,
+    UDS,
+#if HAVE_FREEIPMI
+    IPMI,
 #endif
-	/* only used in child */
-	int nolog;		/* don't log output			*/
-	int fdlog;		/* the local log file			*/
-	int fdtty;		/* the port to talk to machine on	*/
-	short int fup;		/* we setup this line?			*/
-	short int fronly;	/* we can only read this console	*/
-	short int iend;		/* like icursor in CLIENT		*/
-	short int inamelen;	/* strlen(server)			*/
-	struct client *pCLon;	/* clients on this console		*/
-	struct client *pCLwr;	/* client that is writting on console	*/
-	char acline[132*2+2];	/* max chars we will call a line	*/
+} CONSTYPE;
+
+#if HAVE_FREEIPMI
+# define IPMIL_UNKNOWN  (0)
+# define IPMIL_USER     (IPMICONSOLE_PRIVILEGE_USER+1)
+# define IPMIL_OPERATOR (IPMICONSOLE_PRIVILEGE_OPERATOR+1)
+# define IPMIL_ADMIN    (IPMICONSOLE_PRIVILEGE_ADMIN+1)
+#endif
+
+typedef struct names {
+    char *name;
+    struct names *next;
+} NAMES;
+
+typedef struct consentUsers {
+    NAMES *user;
+    short not;
+    struct consentUsers *next;
+} CONSENTUSERS;
+
+/* we calloc() these things, so we're trying to make everything be
+ * "empty" when it's got a zero value
+ */
+typedef struct consent {	/* console information                  */
+    /*** config file settings ***/
+    char *server;		/* server name                          */
+    CONSTYPE type;		/* console type                         */
+    NAMES *aliases;		/* aliases for server name              */
+    /* type == DEVICE */
+    char *device;		/* device file                          */
+    char *devicesubst;		/* device substitution pattern          */
+    BAUD *baud;			/* the baud on this console port        */
+    PARITY *parity;		/* the parity on this line              */
+    FLAG hupcl;			/* use HUPCL                            */
+    FLAG cstopb;		/* use two stop bits                    */
+    FLAG ixon;			/* XON/XOFF flow control on output      */
+    FLAG ixany;			/* any character to restart output      */
+    FLAG ixoff;			/* XON/XOFF flow control on input       */
+#if defined(CRTSCTS)
+    FLAG crtscts;		/* use hardware flow control            */
+#endif
+#if HAVE_FREEIPMI
+    /* type == IPMI */
+    int ipmiprivlevel;		/* IPMI authentication level            */
+    ipmiconsole_ctx_t ipmictx;	/* IPMI ctx                             */
+    unsigned int ipmiworkaround;	/* IPMI workaround flags                */
+    short ipmiwrkset;		/* workaround flags set in config       */
+    int ipmiciphersuite;	/* IPMI cipher suite                    */
+    char *username;		/* Username to log as                   */
+    char *password;		/* Login Password                       */
+    STRING *ipmikg;		/* IPMI k_g auth key                    */
+#endif
+    /* type == HOST */
+    char *host;			/* hostname                             */
+    unsigned short netport;	/* final port    | netport = portbase + */
+    unsigned short port;	/* port number   |      portinc * port  */
+    unsigned short portbase;	/* port base                            */
+    unsigned short portinc;	/* port increment                       */
+    FLAG raw;			/* raw or telnet protocol?              */
+    /* type == EXEC */
+    char *exec;			/* exec command                         */
+    char *execsubst;		/* exec substitution pattern            */
+    uid_t execuid;		/* user to run exec as                  */
+    gid_t execgid;		/* group to run exec as                 */
+    /* type == UDS */
+    char *uds;			/* socket file                          */
+    char *udssubst;		/* socket file substitution pattern     */
+    /* global stuff */
+    char *master;		/* master hostname                      */
+    unsigned short breakNum;	/* break type [1-35]                    */
+    char *logfile;		/* logfile                              */
+    off_t logfilemax;		/* size limit for rolling logfile       */
+    char *initcmd;		/* initcmd command                      */
+    char *initsubst;		/* initcmd substitution pattern         */
+    uid_t inituid;		/* user to run initcmd as               */
+    gid_t initgid;		/* group to run initcmd as              */
+    char *motd;			/* motd                                 */
+    time_t idletimeout;		/* idle timeout                         */
+    char *idlestring;		/* string to print when idle            */
+    unsigned short spinmax;	/* initialization spin maximum          */
+    unsigned short spintimer;	/* initialization spin timer            */
+    char *replstring;		/* generic string for replacements      */
+    char *tasklist;		/* list of valid tasks                  */
+    char *breaklist;		/* list of valid break sequences        */
+    /* timestamp stuff */
+    int mark;			/* Mark (chime) interval                */
+    long nextMark;		/* Next mark (chime) time               */
+    FLAG activitylog;		/* log attach/detach/bump               */
+    FLAG breaklog;		/* log breaks sent                      */
+    FLAG tasklog;		/* log tasks invoked                    */
+    /* options */
+    FLAG ondemand;		/* bring up on-demand                   */
+    FLAG reinitoncc;		/* open if down on client connect       */
+    FLAG striphigh;		/* strip high-bit of console data       */
+    FLAG autoreinit;		/* auto-reinitialize if failed          */
+    FLAG unloved;		/* copy "unloved" data to stdout        */
+    FLAG login;			/* allow logins to the console          */
+
+    /*** runtime settings ***/
+    CONSFILE *fdlog;		/* the local log file                   */
+    CONSFILE *cofile;		/* the port to talk to machine on       */
+    char *execSlave;		/* pseudo-device slave side             */
+    int execSlaveFD;		/* fd of slave side                     */
+    pid_t ipid;			/* pid of virtual command               */
+    pid_t initpid;		/* pid of initcmd command               */
+    CONSFILE *initfile;		/* the command run on init              */
+    pid_t taskpid;		/* pid of task running                  */
+    CONSFILE *taskfile;		/* the output from the task (read-only) */
+    STRING *wbuf;		/* write() buffer                       */
+    int wbufIAC;		/* next IAC location in wbuf            */
+    IOSTATE ioState;		/* state of the socket                  */
+    time_t stateTimer;		/* timer for ioState states             */
+    time_t lastWrite;		/* time of last data sent to console    */
+#if HAVE_GETTIMEOFDAY
+    struct timeval lastInit;	/* time of last initialization          */
+#else
+    time_t lastInit;		/* time of last initialization          */
+#endif
+    unsigned short spincount;	/* initialization spin counter          */
+
+    /*** state information ***/
+    char acline[132 * 2 + 2];	/* max chars we will call a line        */
+    int iend;			/* length of data stored in acline      */
+    int telnetState;		/* state for telnet negotiations        */
+    FLAG sentDoEcho;		/* have we sent telnet DO ECHO cmd?     */
+    FLAG sentDoSGA;		/* have we sent telnet DO SGA cmd?      */
+    unsigned short autoReUp;	/* is it coming back up automatically?  */
+    FLAG downHard;		/* did it go down unexpectedly?         */
+    unsigned short nolog;	/* don't log output                     */
+    unsigned short fup;		/* we setup this line?                  */
+    unsigned short fronly;	/* we can only read this console        */
+
+    /*** list management ***/
+    struct client *pCLon;	/* clients on this console              */
+    struct client *pCLwr;	/* client that is writting on console   */
+    CONSENTUSERS *rw;		/* rw users                             */
+    CONSENTUSERS *ro;		/* ro users                             */
+    struct consent *pCEnext;	/* next console entry                   */
 } CONSENT;
 
-extern PARITY *FindParity();
-extern BAUD *FindBaud();
-extern void ConsInit();
-extern void ConsDown();
+typedef struct remote {		/* console at another host              */
+    struct remote *pRCnext;	/* next remote console we know about    */
+    struct remote *pRCuniq;	/* list of uniq remote servers          */
+    char *rserver;		/* remote server name                   */
+    char *rhost;		/* remote host to call to get it        */
+    NAMES *aliases;		/* aliases for remote server name       */
+} REMOTE;
 
-struct hostcache {
-	char hostname[MAXSERVLEN];
-	struct hostcache *next;
-};
-
-extern int CheckHostCache();
-extern void AddHostCache();
-extern void ClearHostCache();
+extern PARITY *FindParity(char *);
+extern BAUD *FindBaud(char *);
+extern void ConsInit(CONSENT *);
+extern void ConsDown(CONSENT *, FLAG, FLAG);
+extern REMOTE *FindUniq(REMOTE *);
+extern void DestroyRemoteConsole(REMOTE *);
+extern void StartInit(CONSENT *);
+extern void StopInit(CONSENT *);
+extern char *ConsState(CONSENT *);
+extern void SetupTty(CONSENT *, int);

conserver/conserver.man

@@ -1,75 +0,0 @@
-.\" @(#)conserver.8 01/06/91 OSU CIS; Thomas A. Fine
-.\" $Id: conserver.man,v 1.6 1999-12-01 11:55:13-08 bryan Exp $
-.TH CONSERVER 8 "Local"
-.SH NAME
-conserver \- console server daemon
-.SH SYNOPSIS
-.B conserver [\-\fBdinv\fP] [\-\fBC\fP \fIconfig\fP]
-.br
-.B conserver [\-\fBhV\fP]
-.SH DESCRIPTION
-.B Conserver
-is the daemon for the
-.IR console (1L)
-program.
-It provides remote access to the server consoles,
-and logs all console data.
-Slave hosts which have no current connection might produce important
-error messages; these unloved errors are labeled with a machine name
-and output on stdout.
-.PP
-When started, it forks a child for each group in /etc/conserver.cf and
-assigns each process a port number to listen on.  The \fIconsole\fP
-client program communicates with the master console server to find
-the host and port the child is listening on.
-.PP
-.B Conserver
-completely controls any connection to a controlled host.
-All handling of escape sequenes is done by the server,
-except the suspend sequence which is
-sent as an out-of-band command to the client.
-.PP
-The
-.B conserver
-parent process will automatically respawn any child process that dies.
-If the parent process receives a SIGTERM, it will propogate the signal
-to its children.
-.SH OPTIONS
-.TP
-.BI \-C config
-With this option the invoker may specify an alternate confguration.
-The default \fIconfig\fP is /usr/local/lib/conserver.cf.
-.TP
-.B \-d
-Become a daemon.
-.TP
-.B \-h
-Output a brief help message.
-.TP
-.B \-i
-Initiate console connections on demand (and close them when not used)
-.TP
-.B \-n
-The \fIconserver\fP will \fBnot\fP output unloved console output to
-stdout.
-.TP
-.B \-v
-Echo the configuration as it is being read (be verbose).
-.TP
-.B \-V
-Output the version of the console server (only) and exit.
-.SH FILES
-.TS
-l l.
-/etc/conserver.cf	description of console terminal lines
-/etc/conserver.passwd	users allowed to access consoles
-\fIstdout\fP	unloved console errors
-.TE
-.SH AUTHORS
-Thomas A. Fine, Ohio State Computer Science
-.br
-Kevin S Braunsdorf, Purdue University Computing Center
-.br
-Bryan Stansell, Global Networking and Computing, Inc.
-.SH "SEE ALSO"
-console(1L), conserver.cf(5L)

conserver/conserver.man.in

@@ -0,0 +1,514 @@
+.TH CONSERVER 8 "@CONSERVER_DATE@" "conserver-@CONSERVER_VERSION@" "conserver"
+.SH NAME
+conserver \- console server daemon
+.SH SYNOPSIS
+.B conserver
+.RB [ \-7dDEFhinoRSuvV ]
+.RB [ \-a
+.IR type ]
+.RB [ \-m
+.IR max ]
+.RB [ \-M
+.IR master ]
+.RB [ \-p
+.IR port ]
+.RB [ \-b
+.IR port ]
+.RB [ \-c
+.IR cred ]
+.RB [ \-C
+.IR config ]
+.RB [ \-P
+.IR passwd ]
+.RB [ \-L
+.IR logfile ]
+.RB [ \-O
+.IR min ]
+.RB [ \-U
+.IR logfile ]
+.SH DESCRIPTION
+.B Conserver
+is the daemon that manages
+remote access to system consoles by multiple users via the
+.BR console (1)
+client program and (optionally) log the console output.
+It can connect to consoles via local serial ports, Unix domain sockets, TCP
+sockets (for terminal servers and the like), or any external program.
+.PP
+When started,
+.B conserver
+reads the
+.BR conserver.cf (5)
+file for details of each console.
+The console type, logging options, serial or network parameters, and user access
+levels are just a few of the things that can be specified.
+Command-line options are then applied, possibly overriding
+.BR conserver.cf (5)
+settings.
+.B Conserver
+categorizes consoles into two types: those it should actively manage, and
+those it should just know about, so it can refer clients to other
+.B conserver
+instances.
+If the
+.B master
+value of a console matches the hostname or ip address of the local machine,
+.B conserver
+will actively manage the console.
+Otherwise, it's considered a ``remote'' console and managed by a different
+server.
+.B Conserver
+forks a child for each group of consoles it must manage
+and assigns each process a port number to listen on.
+The maximum number of consoles managed by each child process is set using the
+.B \-m
+option.
+The
+.BR console (1)
+client program communicates with the master console server process to find
+the port (and host, in a multi-server configuration)
+on which the appropriate child is listening.
+.B Conserver
+restricts connections from clients based on the host access section of its
+.BR conserver.cf (5)
+file, restricts users based on the console access lists of the
+.BR conserver.cf (5)
+file, and authenticates
+users against its
+.BR conserver.passwd (5)
+file.
+.B Conserver
+can also restrict clients using the tcp-wrappers package (enabled
+using
+.BR --with-libwrap ).
+This authentication is done before consulting
+the
+.BR conserver.cf (5)
+access list.
+.PP
+When Unix domain sockets are used between the client and
+server (enabled using
+.BR --with-uds ),
+authentication checks are done on the hardcoded address ``127.0.0.1''.
+Automatic client redirection is also disabled (as if the
+.B \-R
+option was used) since the client cannot communicate with remote servers.
+The directory used to hold the sockets is checked to make sure it's empty
+when the server starts.
+The server will
+.B not
+remove any files in the directory itself, just in case the directory is
+accidentally specified as ``/etc'' or some other critical location.
+The server will do its best to remove all the sockets when it shuts down,
+but it could stop ungracefully (crash, ``kill -9'', etc)
+and leave files behind.
+It would then be up to the admin (or a creative startup script) to clean
+up the directory before the server will start again.
+.PP
+.B Conserver
+completely controls any connection to a console.
+All escape sequences given by the user to
+.B console
+are passed to the server without interpretation.
+The server recognizes and processes all escape sequences.
+.PP
+The
+.B conserver
+parent process will automatically respawn any child process that dies.
+The following signals are propagated by the parent process to its children.
+.TP 10
+SIGTERM
+Close all connections and exit.
+.TP
+SIGHUP
+Reread the configuration file.
+New consoles are managed by forking off new children, deleted
+consoles (and their clients) are dropped,
+and changes to consoles are done "in place", resetting the console
+port (bringing it down and up) only when necessary.
+The console name is used to determine when consoles
+have been added/removed/changed.
+All actions performed by SIGUSR2 are also performed.
+.TP
+SIGUSR1
+Try to connect to any consoles marked as down.
+This can come in handy if you had a terminal server (or more)
+that wasn't accepting connections at startup and you want
+.B conserver
+to try to reconnect to all those downed ports.
+.TP
+SIGUSR2
+Close and reopen all console logfiles
+and, if in daemon mode
+.RB ( \-d
+option), the error logfile (see the
+.BR \-L
+option).
+All actions performed by SIGUSR1 are also performed.
+.PP
+Consoles which have no current client
+connection might produce important error messages.
+With the
+.B \-u
+option, these ``unloved'' errors are labeled with a machine name
+and output on stdout (or, in daemon mode, to the logfile).
+This allows a live operator or an automated log scanner
+to find otherwise unseen errors by watching in a single location.
+.PP
+.B Conserver
+must be run as root if it is to bind to a port under 1024 or if it
+must read protected password files (like shadow passwords)
+for authentication (see
+.BR conserver.passwd (5)).
+Otherwise, it may be run by any user, with
+.B \-p
+used to specify a port above 1024.
+.PP
+If encryption has been built into the code
+.RB ( --with-openssl ),
+encrypted client connections (without certificate exchanges) happen
+by default.
+To add certificate exchanges, use the
+.B \-c
+option with the client and server.
+For authentication of the certificates to work,
+the signing certificate must be properly trusted, which usually means
+the public portion is in
+.IB OPENSSL_ROOT /ssl/certs
+(on both the client and server sides).
+See the sample self-signing certificate making script
+.B contrib/maketestcerts
+for further clues.
+To allow
+non-encrypted client connections (in addition to encrypted client
+connections), use the
+.B \-E
+option.
+.SH OPTIONS
+.PP
+Options may be given as separate arguments (e.g.,
+.B \-n
+.BR \-d )
+or clustered (e.g.,
+.BR \-nd ).
+Options and their arguments may be separated by optional white space.
+Option arguments containing spaces or other characters special to the shell
+must be quoted.
+.TP 12
+.B \-7
+Strip the high bit off of all data received,
+whether from the
+.B console
+client or from the console device, before any processing occurs.
+.TP
+.BI \-a type
+Set the default access type for incoming connections from
+.B console
+clients:
+.RB ` r '
+for refused (the default),
+.RB ` a '
+for allowed, or
+.RB ` t '
+for trusted.
+This applies to hosts for which no matching entry is found in
+the access section of
+.BR conserver.cf (5).
+.TP
+.BI \-b port
+Set the base port for children to listen on.
+Each child starts looking for free ports at
+.I port
+and working upward, trying a maximum number of ports
+equal to twice the maximum number of groups.
+If no free ports are available in that range,
+.B conserver
+exits.
+By default,
+.B conserver
+lets the operating system choose a free port.
+.TP
+.BI \-c cred
+Load an SSL certificate and key from the PEM encoded file
+.IR cred .
+.TP
+.BI \-C config
+Read configuration information from the file
+.IR config .
+The default
+.I config
+may be changed at compile time using the
+.B --with-cffile
+option.
+.TP
+.B \-d
+Become a daemon.
+Disconnects from the controlling terminal and sends
+all output (including any debug output) to the logfile (see
+.BR \-L ).
+.TP
+.B \-D
+Enable debugging output, sent to stderr.
+Multiple
+.B \-D
+options increases debug output.
+.TP
+.B \-E
+If encryption has been built into the code
+.RB ( --with-openssl ),
+encrypted client connections are a requirement.
+This option allows non-encrypted clients (as well as encrypted clients) to
+connect to consoles.
+.TP
+.B \-F
+Do not automatically reinitialize failed (unexpectedly closed) consoles.
+If the console is a program (`|' syntax) and it closes with a zero
+exit status, the console is reinitialized regardless of this option.
+Without this option, a console is immediately reopened,
+and if that fails, retried every minute until successful.
+This option has no effect on the
+.B \-o
+and
+.B \-O
+options.
+.TP
+.B \-h
+Output a brief help message.
+.TP
+.B \-i
+Initiate console connections on demand (and close them when not used).
+.TP
+.BI \-L logfile
+Log errors and informational messages to
+.I logfile
+after startup in daemon mode
+.RB ( \-d ).
+This option does not apply when not running in daemon mode.
+The default
+.I logfile
+may be changed at compile time using the
+.B --with-logfile
+option.
+.TP
+.BI \-m max
+Set the maximum consoles managed per process.
+The default
+.I max
+may be changed at compile time using the
+.B --with-maxmemb
+option.
+.TP
+.BI \-M master
+Normally, this allows conserver to bind to a
+particular IP address (like `127.0.0.1') instead of all interfaces.
+The default is to bind to all addresses.
+However, if
+.B --with-uds
+was used to enable Unix domain sockets for client/server communication,
+this points conserver to the directory where it should store the sockets.
+The default
+.I master
+directory
+.RB (`` /tmp/conserver '')
+may be changed at compile time using the
+.B --with-uds
+option.
+.TP
+.B \-n
+Obsolete (now a no-op); see
+.BR \-u .
+.TP
+.B \-o
+Normally, a client connecting to a ``downed'' console does just that.
+Using this option, the server will automatically attempt to open
+(``bring up'') the console when the client connects.
+.TP
+.BI \-O min
+Enable periodic attempts (every
+.I min
+minutes) to open (``bring up'') all downed
+consoles (similar to sending a SIGUSR1).
+Without this option, or if
+.I min
+is zero, no periodic attempts occur.
+.TP
+.BI \-p port
+Set the TCP port for the master process to listen on.
+This may be either a port number or a service name.
+The default
+.IR port ,
+``conserver'' (typically 782),
+may be changed at compile time using the
+.B --with-port
+option.
+If the
+.B --with-uds
+option was used, this option is ignored.
+.TP
+.BI \-P passwd
+Read the table of authorized user data from the file
+.IR passwd .
+The default
+.I passwd
+may be changed at compile time using the
+.B --with-pwdfile
+option.
+.TP
+.B \-R
+Disable automatic client redirection to other conserver hosts.
+This
+means informational commands like
+.B \-w
+and
+.B \-i
+will only show the status of the local conserver host and attempts to
+connect to remote consoles will result in an informative message to the user.
+.TP
+.B \-S
+Do not run the server, just perform a syntax check of configuration file and
+exit with a non-zero value if there is an error.
+Using more than one
+.B \-S
+will cause conserver to output various information about each console in 5
+colon-separated fields, enclosed in curly-braces.
+The philosophy behind the output is to provide information to allow external
+detection of multiple consoles access the same physical port.
+Since this is
+.I highly
+environment-specific, conserver cannot do the check internally.
+.RS
+.TP 9
+.I name
+The name of the console.
+.TP
+.I master
+The hostname of the master conserver host for the console.
+.TP
+.I aliases
+The console aliases in a comma-separated list.
+.TP
+.I type
+The type of console.
+Values will be a `/' for a local device, `|' for
+a command, `!' for a remote port, `%' for a Unix domain socket,
+and `#' for a noop console.
+.TP
+.I details
+Multiple values are comma-separated and depend on the type of the console.
+Local devices will have the values of the device file and baud rate/parity.
+Commands will have string to invoke.
+Remote ports will have the values of the remote hostname and port number.
+Unix domain sockets will have the path to the socket.
+Noop consoles will have nothing.
+.RE
+.TP
+.B \-u
+Send unloved console output to
+.BR conserver 's
+stdout (which, in daemon mode, is redirected to the logfile).
+This applies to all consoles to which no user is attached,
+independent of whether logging of individual consoles is enabled via
+.B conserver.cf
+entries.
+.TP
+.BI \-U logfile
+Copy all console data to the ``unified''
+.IR logfile .
+The output is the same as the
+.B \-u
+output, but all consoles, not
+just those without a user, are logged.
+Each line of output is prefixed with the console name.
+If a user is attached read/write, a `*' is appended to the console name,
+to allow log watching utilities to ignore potential user-introduced alarms.
+.TP
+.B \-v
+Echo the configuration as it is being read (be verbose).
+.TP
+.B \-V
+Output the version number and settings of the
+.B conserver
+program and then exit.
+.SH PROTOCOL
+.PP
+The protocol used to interact with the
+.B conserver
+daemon has two basic styles.
+The first style is the initial line-based mode, which occurs before
+connecting to a console.
+The second style is the character-based, escape-sequence mode, while
+connected to a console.
+.PP
+The initial line-based mode begins the same for both the master process
+and its children.
+Upon a successful (non-rejected) client connection, an ``ok'' is sent.
+The client then issues a command and the server responds to it with a
+result string (``ok'' being the sign of success for most commands).
+The commands available are ``help'', ``ssl'' (if
+SSL was built into the code), ``login'', and ``exit''.
+Using the ``login'' command, the client authenticates and gains access to
+the extended command set.
+This is where the master process and its children differ.
+The master process gives the client access to global commands, and the
+child provides commands for interacting with the consoles it manages.
+The ``help'' command, in both cases, will provide a complete
+list of commands and a short description of what they do.
+.PP
+The second, character-based, style of interaction occurs when the client
+issues the ``call'' command with a child process.
+This command connects the client to a console and, at that point, relays
+all traffic between the client and the console.
+There is no more command-based interaction between the client and the server,
+any interaction with the server is done with the default escape sequence.
+.PP
+This is, by no means, a complete description of the entire client/server
+interaction.
+It is, however, a brief explanation in order to give a idea of
+what the program does.  See the
+.B \s-1PROTOCOL\s0
+file in the distribution for further details.
+.SH FILES
+.PP
+The following default file locations may be overridden
+at compile time or by the command-line options described above.
+Run
+.B conserver \-V
+to see the defaults set at compile time.
+.PP
+.PD 0
+.TP 25
+.B /etc/conserver.cf
+description of console terminal lines and client host access levels;
+see
+.BR conserver.cf (5).
+.TP
+.B /etc/conserver.passwd
+users allowed to access consoles; see
+.BR conserver.passwd (5).
+.TP
+.B /var/run/conserver.pid
+the master conserver process ID
+.TP
+.B /var/log/conserver
+log of errors and informational messages
+.TP
+.B /tmp/conserver
+directory to hold Unix domain sockets (if enabled)
+.PD
+.PP
+Additionally, output from individual consoles may be logged
+to separate files specified in
+.BR conserver.cf (5).
+.SH BUGS
+I'm sure there are bugs, I just don't know where they are.
+Please let me know if you find any.
+.SH AUTHORS
+Thomas A. Fine, Ohio State Computer Science
+.br
+Kevin S Braunsdorf, Purdue University Computing Center
+.br
+Bryan Stansell, conserver.com
+.SH "SEE ALSO"
+.BR console (1),
+.BR conserver.cf (5),
+.BR conserver.passwd (5)

conserver/conserver.passwd

@@ -1,4 +0,0 @@
-bryan:r71mXjfALB5Ak:any
-djs:r71mXjfALB5Ak:login
-chogan:*passwd*:foobar,login,shell
-hogan:*passwd*:any

conserver/conserver.rc

@@ -1,26 +0,0 @@
-#!/bin/sh
-#
-# Startup for conserver
-#
-
-PATH=/usr/bin:/usr/local/bin
-
-case "$1" in
-	'start')
-		LF=/var/log/conserver.log
-		echo "Starting console server daemon"
-		[ -f $LF ] && mv $LF $LF.old
-		conserver -n -d > $LF 2>&1
-		;;
-
-	'stop')
-		master=`ps -ef | grep conserver | awk '$3 == "1"{print $2}'`
-		[ "$master" ] && kill -TERM $master
-		;;
-
-	*)
-		echo "Usage: $0 { start | stop }"
-		;;
-
-esac
-exit 0

conserver/conserver.rc.in

@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Startup for conserver
+#
+
+PATH=/usr/bin:/bin:/usr/local/bin
+PIDFILE="@PIDFILE@"
+
+signalmaster() {
+    sig=$1
+    if [ -f "$PIDFILE" ]; then
+	master=`cat "$PIDFILE"`
+    else
+	master=`ps -ef | grep conserver | awk '$3 == "1"{print $2}'`
+    fi
+    [ "$master" ] && kill -$sig $master
+}
+
+case "$1" in
+	'start')
+		echo "Starting console server daemon"
+		conserver -d
+		;;
+
+	'stop')
+		echo "Stopping console server daemon"
+		signalmaster TERM
+		;;
+
+	'restart')
+		echo "Restarting console server daemon"
+		signalmaster HUP
+		;;
+
+	*)
+		echo "Usage: $0 { start | stop | restart }"
+		;;
+
+esac
+exit 0

conserver/convert.c

@@ -0,0 +1,490 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ *
+ *  Copyright GNAC, Inc., 1998
+ */
+
+/*
+ * Copyright (c) 1990 The Ohio State University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that: (1) source distributions retain this entire copyright
+ * notice and comment, and (2) distributions including binaries display
+ * the following acknowledgement:  ``This product includes software
+ * developed by The Ohio State University and its contributors''
+ * in the documentation or other materials provided with the distribution
+ * and in all advertising materials mentioning features or use of this
+ * software. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Network console modifications by Robert Olson, olson@mcs.anl.gov.
+ */
+
+#include <compat.h>
+
+#include <cutil.h>
+#include <consent.h>
+#include <client.h>
+#include <group.h>
+#include <access.h>
+#include <readcfg.h>
+#include <master.h>
+#include <main.h>
+
+#if defined(USE_LIBWRAP)
+/* we don't use it...but we link to it */
+int allow_severity;
+int deny_severity;
+#endif
+
+
+SECTION sections[] = {
+    {(char *)0, (void *)0, (void *)0, (void *)0, (void *)0}
+};
+
+void
+DestroyDataStructures()
+{
+}
+
+char *
+ReadLine2(FILE *fp, STRING *save, int *iLine)
+{
+    static char buf[1024];
+    char *wholeline = (char *)0;
+    char *ret = (char *)0;
+    int i, buflen, peek, commentCheck = 1;
+    static STRING *bufstr = (STRING *)0;
+    static STRING *wholestr = (STRING *)0;
+
+    if (bufstr == (STRING *)0)
+	bufstr = AllocString();
+    if (wholestr == (STRING *)0)
+	wholestr = AllocString();
+    peek = 0;
+    wholeline = (char *)0;
+    BuildString((char *)0, bufstr);
+    BuildString((char *)0, wholestr);
+    while (save->used || ((ret = fgets(buf, sizeof(buf), fp)) != (char *)0)
+	   || peek) {
+	/* If we have a previously saved line, use it instead */
+	if (save->used) {
+	    StrCpy(buf, save->string, sizeof(buf));
+	    BuildString((char *)0, save);
+	}
+
+	if (peek) {
+	    /* End of file?  Never mind. */
+	    if (ret == (char *)0)
+		break;
+
+	    /* If we don't have a line continuation and we've seen
+	     * some worthy data
+	     */
+	    if (!isspace((int)buf[0]) && (wholeline != (char *)0)) {
+		BuildString((char *)0, save);
+		BuildString(buf, save);
+		break;
+	    }
+
+	    peek = 0;
+	}
+
+	if (commentCheck) {
+	    for (i = 0; buf[i] != '\000'; i++)
+		if (!isspace((int)buf[i]))
+		    break;
+	    if (buf[i] == '#') {
+		commentCheck = 0;
+	    } else if (buf[i] != '\000') {
+		commentCheck = 0;
+	    }
+	}
+
+	/* Check for EOL */
+	buflen = strlen(buf);
+	if ((buflen >= 1) && (buf[buflen - 1] == '\n')) {
+	    (*iLine)++;		/* Finally have a whole line */
+	    /* Finish off the chunk without the \n */
+	    buf[buflen - 1] = '\000';
+	    BuildString(buf, bufstr);
+	    wholeline = BuildString(bufstr->string, wholestr);
+	    peek = 1;
+	    commentCheck = 1;
+	    BuildString((char *)0, bufstr);
+	} else {
+	    /* Save off the partial chunk */
+	    BuildString(buf, bufstr);
+	}
+    }
+
+    /* If we hit the EOF and weren't peeking ahead
+     * and it's not a comment
+     */
+    if (!peek && (ret == (char *)0)) {
+	(*iLine)++;
+	wholeline = BuildString(bufstr->string, wholestr);
+	if (wholeline != (char *)0 && wholeline[0] == '\000')
+	    wholeline = (char *)0;
+    }
+
+    CONDDEBUG((1, "ReadLine2(): returning <%s>",
+	       (wholeline != (char *)0) ? wholeline : "<NULL>"));
+    return wholeline;
+}
+
+/* read in the configuration file, fill in all the structs we use	(ksb)
+ * to manage the consoles
+ */
+void
+ReadCfg(char *pcFile, FILE *fp)
+{
+    int iLine;
+    unsigned char *acIn;
+    static STRING *acInSave = (STRING *)0;
+    char *acStart;
+    static STRING *logDirectory = (STRING *)0;
+    static STRING *defMark = (STRING *)0;
+    int sawACL = 0;
+    int printedFull = 0;
+
+    if (defMark == (STRING *)0)
+	defMark = AllocString();
+    if (logDirectory == (STRING *)0)
+	logDirectory = AllocString();
+    if (acInSave == (STRING *)0)
+	acInSave = AllocString();
+    BuildString((char *)0, defMark);
+    BuildString((char *)0, acInSave);
+    BuildString((char *)0, logDirectory);
+
+    iLine = 0;
+    while ((acIn =
+	    (unsigned char *)ReadLine2(fp, acInSave,
+				       &iLine)) != (unsigned char *)0) {
+	char *pcLine, *pcMode, *pcLog, *pcRem, *pcStart, *pcMark, *pcBreak;
+	char *pcColon;
+
+	acStart = PruneSpace((char *)acIn);
+	if (acStart[0] == '#') {
+	    printf("%s\n", acStart);
+	    continue;
+	}
+	if (printedFull == 0) {
+	    printf("default full {\n\trw *;\n}\n");
+	    printedFull = 1;
+	}
+
+	if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
+	    break;
+	}
+	if ((char *)0 != (pcLine = strchr(acStart, '=')) &&
+	    ((char *)0 == (pcColon = strchr(acStart, ':')) ||
+	     pcColon > pcLine)) {
+	    *pcLine++ = '\000';
+	    acStart = PruneSpace(acStart);
+	    pcLine = PruneSpace(pcLine);
+	    if (0 == strcmp(acStart, "LOGDIR")) {
+		BuildString((char *)0, logDirectory);
+		BuildString(pcLine, logDirectory);
+		printf("default * {\n");
+		if (logDirectory->used > 1)
+		    printf("\tlogfile %s/&;\n", logDirectory->string);
+		else
+		    printf("\tlogfile \"\";\n");
+		if (defMark->used > 1)
+		    printf("\ttimestamp %s;\n", defMark->string);
+		else
+		    printf("\ttimestamp \"\";\n");
+		printf("\tinclude full;\n}\n");
+	    } else if (0 == strcmp(acStart, "TIMESTAMP")) {
+		BuildString((char *)0, defMark);
+		BuildString(pcLine, defMark);
+		printf("default * {\n");
+		if (logDirectory->used > 1)
+		    printf("\tlogfile %s/&;\n", logDirectory->string);
+		else
+		    printf("\tlogfile \"\";\n");
+		if (defMark->used > 1)
+		    printf("\ttimestamp %s;\n", defMark->string);
+		else
+		    printf("\ttimestamp \"\";\n");
+		printf("\tinclude full;\n}\n");
+	    } else if (0 == strcmp(acStart, "DOMAINHACK")) {
+	    } else if (0 == strncmp(acStart, "BREAK", 5) &&
+		       acStart[5] >= '1' && acStart[5] <= '9' &&
+		       acStart[6] == '\000') {
+		CONDDEBUG((1, "ReadCfg(): BREAK%c found with `%s'",
+			   acStart[5], pcLine));
+		if (pcLine[0] == '\000') {
+		    printf("break %c {\n\tstring \"\";\n}\n", acStart[5]);
+		} else {
+		    char *q, *p;
+		    p = pcLine;
+		    BuildTmpString((char *)0);
+		    while ((q = strchr(p, '"')) != (char *)0) {
+			*q = '\000';
+			BuildTmpString(p);
+			BuildTmpString("\\\"");
+			p = q + 1;
+			*q = '"';
+		    }
+		    q = BuildTmpString(p);
+		    printf("break %c {\n\tstring \"%s\";\n}\n", acStart[5],
+			   q);
+		}
+	    } else {
+		Error("%s(%d) unknown variable `%s'", pcFile, iLine,
+		      acStart);
+	    }
+	    continue;
+	}
+	if ((char *)0 == (pcLine = strchr(acStart, ':')) ||
+	    (char *)0 == (pcMode = strchr(pcLine + 1, ':')) ||
+	    (char *)0 == (pcLog = strchr(pcMode + 1, ':'))) {
+	    Error("%s(%d) bad config line `%s'", pcFile, iLine, acIn);
+	    continue;
+	}
+	*pcLine++ = '\000';
+	*pcMode++ = '\000';
+	*pcLog++ = '\000';
+
+	acStart = PruneSpace(acStart);
+	pcLine = PruneSpace(pcLine);
+	pcMode = PruneSpace(pcMode);
+	pcLog = PruneSpace(pcLog);
+
+	if ((char *)0 != (pcMark = strchr(pcLog, ':'))) {
+	    *pcMark++ = '\000';
+	    pcLog = PruneSpace(pcLog);
+	    pcMark = PruneSpace(pcMark);
+	    /* Skip null intervals */
+	    if (pcMark[0] == '\000')
+		pcMark = (char *)0;
+	}
+
+	if ((char *)0 == pcMark) {
+	    pcBreak = (char *)0;
+	} else {
+	    if ((char *)0 != (pcBreak = strchr(pcMark, ':'))) {
+		*pcBreak++ = '\000';
+		pcMark = PruneSpace(pcMark);
+		pcBreak = PruneSpace(pcBreak);
+		/* Ignore null specs */
+		if (pcMark[0] == '\000')
+		    pcMark = (char *)0;
+		if (pcBreak[0] == '\000')
+		    pcBreak = (char *)0;
+	    }
+	}
+
+	if ((char *)0 != (pcRem = strchr(pcLine, '@'))) {
+	    *pcRem++ = '\000';
+	    pcLine = PruneSpace(pcLine);
+	    pcRem = PruneSpace(pcRem);
+	}
+
+	printf("console %s {\n", acStart);
+	if (pcRem == (char *)0) {
+	    printf("\tmaster localhost;\n");
+	} else {
+	    printf("\tmaster %s;\n", pcRem);
+	}
+
+	/*
+	 *  Here we substitute the console name for any '&' character in the
+	 *  logfile name.  That way you can just have something like
+	 *  "/var/console/&" for each of the conserver.cf entries.
+	 */
+	if (pcLog[0] == '&' && pcLog[1] == '\000' &&
+	    logDirectory->used > 1) {
+	    /* special case where logfile name is '&' and the LOGDIR was
+	     * seen above.  in this case we just allow inheritance to
+	     * work it's magic.
+	     */
+	} else if (pcLog[0] == '\000') {
+	    printf("\tlogfile \"\";\n");
+	} else {
+	    STRING *lfile;
+	    lfile = AllocString();
+	    BuildString((char *)0, lfile);
+	    pcStart = pcLog;
+	    BuildString(pcStart, lfile);
+	    if (logDirectory->used > 1 && lfile->used > 1 &&
+		lfile->string[0] != '/') {
+		char *p;
+		BuildTmpString((char *)0);
+		p = BuildTmpString(lfile->string);
+		BuildString((char *)0, lfile);
+		BuildString(logDirectory->string, lfile);
+		BuildStringChar('/', lfile);
+		BuildString(p, lfile);
+		BuildTmpString((char *)0);
+	    }
+	    printf("\tlogfile %s;\n", lfile->string);
+	    DestroyString(lfile);
+	}
+
+	if (pcMark) {
+	    printf("\ttimestamp %s;\n", pcMark);
+	}
+
+	if (pcBreak) {
+	    int bt;
+	    bt = atoi(pcBreak);
+	    if (bt > 9 || bt < 0) {
+		Error("%s(%d) bad break spec `%d'", pcFile, iLine, bt);
+	    } else {
+		printf("\tbreak %d;\n", bt);
+	    }
+	}
+
+	if (pcLine[0] == '!') {
+	    pcLine = PruneSpace(pcLine + 1);
+	    printf("\ttype host;\n");
+	    printf("\thost %s;\n", pcLine);
+	    printf("\tport %s;\n", pcMode);
+	} else if ('|' == pcLine[0]) {
+	    pcLine = PruneSpace(pcLine + 1);
+	    printf("\ttype exec;\n");
+	    if (pcLine == (char *)0 || pcLine[0] == '\000')
+		printf("\texec \"\";\n");
+	    else
+		printf("\texec %s;\n", pcLine);
+	} else {
+	    char p, *t;
+	    printf("\ttype device;\n");
+	    printf("\tdevice %s;\n", pcLine);
+	    t = pcMode;
+	    while (isdigit((int)(*t))) {
+		++t;
+	    }
+	    p = *t;
+	    *t = '\000';
+	    printf("\tbaud %s;\n", pcMode);
+	    switch (p) {
+		case 'E':
+		case 'e':
+		    t = "even";
+		    break;
+		case 'M':
+		case 'm':
+		    t = "mark";
+		    break;
+		case 'N':
+		case 'n':
+		case 'P':
+		case 'p':
+		    t = "none";
+		    break;
+		case 'O':
+		case 'o':
+		    t = "odd";
+		    break;
+		case 'S':
+		case 's':
+		    t = "space";
+		    break;
+		default:
+		    Error
+			("%s(%d) unknown parity type `%c' - assuming `none'",
+			 pcFile, iLine, p);
+		    t = "none";
+		    break;
+	    }
+	    printf("\tparity %s;\n", t);
+	}
+	printf("}\n");
+    }
+
+    while ((acIn =
+	    (unsigned char *)ReadLine2(fp, acInSave,
+				       &iLine)) != (unsigned char *)0) {
+	char *pcNext;
+
+	acStart = PruneSpace((char *)acIn);
+	if (acStart[0] == '#') {
+	    printf("%s\n", acStart);
+	    continue;
+	}
+
+	if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
+	    break;
+	}
+	if ((char *)0 == (pcNext = strchr(acStart, ':'))) {
+	    Error("%s(%d) missing colon?", pcFile, iLine);
+	    continue;
+	}
+
+	do {
+	    *pcNext++ = '\000';
+	} while (isspace((int)(*pcNext)));
+
+	switch (acStart[0]) {
+	    case 'a':		/* allowed, allow, allows       */
+	    case 'A':
+		if (!sawACL) {
+		    sawACL = 1;
+		    printf("access * {\n");
+		}
+		printf("\tallowed %s;\n", pcNext);
+		break;
+	    case 'r':		/* rejected, refused, refuse    */
+	    case 'R':
+		if (!sawACL) {
+		    sawACL = 1;
+		    printf("access * {\n");
+		}
+		printf("\trejected %s;\n", pcNext);
+		break;
+	    case 't':		/* trust, trusted, trusts       */
+	    case 'T':
+		if (!sawACL) {
+		    sawACL = 1;
+		    printf("access * {\n");
+		}
+		printf("\ttrusted %s;\n", pcNext);
+		break;
+	    default:
+		Error("%s(%d) unknown access key `%s'", pcFile, iLine,
+		      acStart);
+		break;
+	}
+    }
+    if (sawACL) {
+	printf("}\n");
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    char *pcFile;
+    FILE *fp;
+
+    progname = "convert";
+    fDebug = 0;
+
+
+    if (argc != 2) {
+	Error("Usage: convert old-conserver.cf");
+	return 1;
+    }
+
+    pcFile = argv[1];
+    if ((fp = fopen(pcFile, "r")) == (FILE *)0) {
+	Error("fopen(%s): %s", pcFile, strerror(errno));
+	return 1;
+    }
+
+    ReadCfg(pcFile, fp);
+    return 0;
+}

conserver/cutil.h

@@ -0,0 +1,225 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+#include <stdarg.h>
+#if HAVE_OPENSSL
+# include <openssl/ssl.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/err.h>
+# if OPENSSL_VERSION_NUMBER < 0x10100000L
+#  define TLS_method SSLv23_method
+# endif/* OPENSSL_VERSION_NUMBER < 0x10100000L */
+# if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+#  define CIPHER_SEC0
+# else
+#  define CIPHER_SEC0 ":@SECLEVEL=0"
+# endif/* OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+#endif
+#if HAVE_GSSAPI
+# include <gssapi/gssapi.h>
+#endif
+
+/* communication constants
+ */
+#define OB_IAC		0xff	/* quote char                   */
+#define OB_EXEC		'E'	/* exec a command on the client */
+#define OB_GOTO		'G'	/* goto next console            */
+#define OB_SUSP		'Z'	/* suspended by server          */
+#define OB_ABRT		'.'	/* abort                        */
+
+/* Struct to wrap information about a "file"...
+ * This can be a socket, local file, whatever.  We do this so
+ * we can add encryption to sockets (and generalize I/O).
+ */
+enum consFileType {
+    simpleFile,
+    simpleSocket,
+    simplePipe,
+#if HAVE_OPENSSL
+    SSLSocket,
+#endif
+    nothing
+};
+
+typedef enum IOState {
+    ISDISCONNECTED = 0,
+    INCONNECT,
+    ISNORMAL,
+#if HAVE_OPENSSL
+    INSSLACCEPT,
+    INSSLSHUTDOWN,
+#endif
+#if HAVE_GSSAPI
+    INGSSACCEPT,
+#endif
+    ISFLUSHING
+} IOSTATE;
+
+typedef enum flag {
+    FLAGUNKNOWN = 0,
+    FLAGTRUE,
+    FLAGFALSE
+} FLAG;
+
+
+typedef struct dynamicString {
+    char *string;
+    int used;
+    int allocated;
+    struct dynamicString *next;
+    struct dynamicString *prev;
+} STRING;
+
+typedef struct consFile {
+    /* Standard socket type stuff */
+    enum consFileType ftype;
+    int fd;
+    int fdout;			/* only used when a simplePipe */
+    STRING *wbuf;
+    FLAG errored;
+    FLAG quoteiac;
+    FLAG sawiac;
+    FLAG sawiacsusp;
+    FLAG sawiacexec;
+    FLAG sawiacabrt;
+    FLAG sawiacgoto;
+#if HAVE_OPENSSL
+    /* SSL stuff */
+    SSL *ssl;
+    FLAG waitForWrite;
+    FLAG waitForRead;
+#endif
+    /* Add crypto stuff to suit */
+#if DEBUG_CONSFILE_IO
+    int debugrfd;
+    int debugwfd;
+#endif
+} CONSFILE;
+
+typedef struct item {
+    char *id;
+    void (*reg)(char *);
+} ITEM;
+
+typedef struct section {
+    char *id;
+    void (*begin)(char *);
+    void (*end)(void);
+    void (*abort)(void);
+    void (*destroy)(void);
+    ITEM *items;
+} SECTION;
+
+typedef enum substToken {
+    ISNOTHING = 0,
+    ISNUMBER,
+    ISSTRING
+} SUBSTTOKEN;
+
+typedef struct subst {
+    /* function to retrieve a token type based on a character
+     */
+    SUBSTTOKEN (*token)(char);
+    /* data for callback function
+     */
+    void *data;
+    /* function to retrieve a value (as a char* or int or both) for
+     * a substitution
+     */
+    int (*value)(char, char **, int *);
+} SUBST;
+
+extern int isMultiProc, fDebug, fVerbose, fErrorPrinted;
+extern char *progname;
+extern pid_t thepid;
+#define MAXHOSTNAME 1024
+extern char myHostname[];
+#if !USE_IPV6
+extern struct in_addr *myAddrs;
+#endif
+extern fd_set rinit;
+extern fd_set winit;
+extern int maxfd;
+extern int debugLineNo;
+extern char *debugFileName;
+extern int line;		/* used by ParseFile */
+extern char *file;		/* used by ParseFile */
+extern SECTION sections[];	/* used by ParseFile */
+extern int isMaster;
+
+extern const char *StrTime(time_t *);
+extern void Debug(int, char *, ...);
+extern void Error(char *, ...);
+extern void Msg(char *, ...);
+extern void Verbose(char *, ...);
+extern void SimpleSignal(int, RETSIGTYPE(*)(int));
+extern int GetMaxFiles();
+extern char *FmtCtl(int, STRING *);
+extern void FmtCtlStr(char *, int, STRING *);
+extern CONSFILE *FileOpenFD(int, enum consFileType);
+extern CONSFILE *FileOpenPipe(int, int);
+extern CONSFILE *FileOpen(const char *, int, int);
+extern int FileClose(CONSFILE **);
+extern int FileRead(CONSFILE *, void *, int);
+extern int FileWrite(CONSFILE *, FLAG, char *, int);
+extern void FileVWrite(CONSFILE *, FLAG, char *, va_list);
+extern void FilePrint(CONSFILE *, FLAG, char *, ...);
+extern int FileStat(CONSFILE *, struct stat *);
+extern int FileSeek(CONSFILE *, off_t, int);
+extern int FileSend(CONSFILE *, const void *, size_t, int);
+extern int FileFDNum(CONSFILE *);
+extern int FileFDOutNum(CONSFILE *);
+extern int FileUnopen(CONSFILE *);
+extern void OutOfMem();
+extern char *BuildTmpString(const char *);
+extern char *BuildTmpStringChar(const char);
+extern char *BuildTmpStringPrint(char *, ...);
+extern char *BuildString(const char *, STRING *);
+extern char *BuildStringChar(const char, STRING *);
+extern char *BuildStringPrint(STRING *, char *, ...);
+extern char *BuildStringN(const char *, int, STRING *);
+extern char *ShiftString(STRING *, int);
+extern void InitString(STRING *);
+extern void DestroyString(STRING *);
+extern void DestroyStrings(void);
+extern STRING *AllocString(void);
+extern char *ReadLine(FILE *, STRING *, int *);
+extern enum consFileType FileGetType(CONSFILE *);
+extern void FileSetType(CONSFILE *, enum consFileType);
+extern void FileSetQuoteIAC(CONSFILE *, FLAG);
+extern FLAG FileSawQuoteSusp(CONSFILE *);
+extern FLAG FileSawQuoteExec(CONSFILE *);
+extern FLAG FileSawQuoteAbrt(CONSFILE *);
+extern FLAG FileSawQuoteGoto(CONSFILE *);
+extern void Bye(int);
+extern void DestroyDataStructures(void);
+extern int IsMe(char *);
+extern char *PruneSpace(char *);
+extern int FileCanRead(CONSFILE *, fd_set *, fd_set *);
+extern int FileCanWrite(CONSFILE *, fd_set *, fd_set *);
+extern int FileBufEmpty(CONSFILE *);
+extern int SetFlags(int, int, int);
+extern char *StrDup(const char *);
+extern int ParseIACBuf(CONSFILE *, void *, int *);
+extern void *MemMove(void *, void *, size_t);
+extern char *StringChar(STRING *, int, char);
+extern void ParseFile(char *, FILE *, int);
+#if !USE_IPV6
+extern void ProbeInterfaces(in_addr_t);
+#endif
+extern void ProcessSubst(SUBST *, char **, char **, char *, char *);
+extern char *MyVersion(void);
+extern unsigned int AtoU(char *);
+extern void StrCpy(char *, const char *, unsigned int);
+extern void Sleep(useconds_t);
+#if HAVE_OPENSSL
+extern SSL *FileGetSSL(CONSFILE *);
+extern void FileSetSSL(CONSFILE *, SSL *);
+extern int SSLVerifyCallback(int, X509_STORE_CTX *);
+extern int FileSSLAccept(CONSFILE *);
+extern int FileCanSSLAccept(CONSFILE *, fd_set *, fd_set *);
+#endif

conserver/fallback.c

@@ -1,6 +1,4 @@
 /*
- *  $Id: fallback.c,v 5.22 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -13,231 +11,244 @@
  *
  * Mike Rowan (mtr@mace.cc.purdue.edu)
  */
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <fcntl.h>
-#include <sys/socket.h>
-#include <sys/errno.h>
-#include <sys/ioctl.h>
-#include <netinet/in.h>
-#include <sys/un.h>
-#include <syslog.h>
-#include <signal.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <ctype.h>
 
-#include "cons.h"
-#include "port.h"
-
-#if HAVE_PTSNAME
-/* for grantpt() and unlockpt()						(gregf)
- */
-#include <stdlib.h>
-#endif
-
-#if NEED_UNISTD_H
-#include <unistd.h>
-#endif
-
-#if USE_STRINGS
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#if DO_VIRTUAL && ! HAVE_PTYD
-
-extern int errno;
-#if !HAVE_STRERROR
-extern char *sys_errlist[], *strchr();
-#define strerror(Me) (sys_errlist[Me])
-#endif
-
-
-static char *__pty_host;
-static char *__pty_fmt;
-
-static int iLogPri = LOG_DEBUG;
+#include <compat.h>
 
+#include <cutil.h>
 
 /*
- * Below is the string for finding /dev/ptyXX.  For each architecture we
- * leave some pty's world writable because we don't have source for
- * everything that uses pty's.  For the most part, we'll be trying to
- * make /dev/ptyq* the "free" pty's.
+ * get a pty for the user
+ *
+ * this has been revamped rather heavily for 8.0.0.  i've taken ideas
+ * from the xemacs and openssh distributions to get code that *should*
+ * work on systems i have no access to.  thanks to those reference
+ * packages, i think things are ok...hopefully it's true!
  */
-#if defined(sun)
-static char charone[] =
-	"prstuvwxyzPQRSTUVWq";
-#else
-#if defined(dynix)
-static char charone[] =
-	"prstuvwxyzPQRSTUVWq";
-#else
-#if defined(ultrix)
-static char charone[] =
-	"prstuvwxyzPQRSTUVWq";
-#else
-/* all the world's a vax ;-) */
-static char charone[] =
-	"prstuvwxyzPQRSTUVWq";
-#endif
-#endif
-#endif
+static int
+GetPseudoTTY(STRING *slave, int *slaveFD)
+{
+#if HAVE_OPENPTY
+    int fd = -1;
+    int sfd = -1;
+    int opty = 0;
+    char *pcName;
+# if HAVE_SIGACTION
+    sigset_t oldmask, newmask;
+# else
+    extern RETSIGTYPE FlagReapVirt(int);
+# endif
 
-static char chartwo[] =
+# if HAVE_SIGACTION
+    sigemptyset(&newmask);
+    sigaddset(&newmask, SIGCHLD);
+    if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
+	      strerror(errno));
+# else
+    SimpleSignal(SIGCHLD, SIG_DFL);
+# endif
+
+    opty = openpty(&fd, &sfd, NULL, NULL, NULL);
+
+# if HAVE_SIGACTION
+    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
+	      strerror(errno));
+# else
+    SimpleSignal(SIGCHLD, FlagReapVirt);
+# endif
+
+    if (opty != 0) {
+	if (fd >= 0)
+	    close(fd);
+	if (sfd >= 0)
+	    close(sfd);
+	return -1;
+    }
+    if ((char *)0 == (pcName = ttyname(sfd))) {
+	close(fd);
+	close(sfd);
+	return -1;
+    }
+    BuildString((char *)0, slave);
+    BuildString(pcName, slave);
+
+    *slaveFD = sfd;
+    return fd;
+#else
+# if (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX)
+    int fd = -1;
+    int sfd = -1;
+    char *pcName;
+#  if HAVE_SIGACTION
+    sigset_t oldmask, newmask;
+#  else
+    extern RETSIGTYPE FlagReapVirt(int);
+#  endif
+    int c;
+    /* clone list and idea stolen from xemacs distribution */
+    static char *clones[] = {
+	"/dev/ptmx",		/* Various systems */
+	"/dev/ptm/clone",	/* HPUX */
+	"/dev/ptc",		/* AIX */
+	"/dev/ptmx_bsd",	/* Tru64 */
+	(char *)0
+    };
+
+    /* try to find the pty allocator */
+    for (c = 0; clones[c] != (char *)0; c++) {
+	if ((fd = open(clones[c], O_RDWR, 0)) >= 0)
+	    break;
+    }
+    if (fd < 0)
+	return -1;
+
+#  if HAVE_SIGACTION
+    sigemptyset(&newmask);
+    sigaddset(&newmask, SIGCHLD);
+    if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
+	      strerror(errno));
+#  else
+    SimpleSignal(SIGCHLD, SIG_DFL);
+#  endif
+
+#  if HAVE_GRANTPT
+    grantpt(fd);		/* change permission of slave */
+#  endif
+
+#  if HAVE_SIGACTION
+    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
+	      strerror(errno));
+#  else
+    SimpleSignal(SIGCHLD, FlagReapVirt);
+#  endif
+
+#  if HAVE_UNLOCKPT
+    unlockpt(fd);		/* unlock slave */
+#  endif
+
+#  if defined(_AIX)
+    if ((pcName = ttyname(fd)) == (char *)0) {
+	close(fd);
+	return -1;
+    }
+#  else
+#   if HAVE_PTSNAME
+    if ((pcName = ptsname(fd)) == (char *)0) {
+	close(fd);
+	return -1;
+    }
+#   else
+    close(fd);
+    return -1;
+#   endif
+#  endif
+
+    /* go ahead and open the slave */
+    if ((sfd = open(pcName, O_RDWR, 0)) < 0) {
+	Error("GetPseudoTTY(): open(%s): %s", pcName, strerror(errno));
+	close(fd);
+	return -1;
+    }
+
+    BuildString((char *)0, slave);
+    BuildString(pcName, slave);
+
+    *slaveFD = sfd;
+    return fd;
+# else
+    /*
+     * Below is the string for finding /dev/ptyXX.  For each architecture we
+     * leave some pty's world writable because we don't have source for
+     * everything that uses pty's.  For the most part, we'll be trying to
+     * make /dev/ptyq* the "free" pty's.
+     */
+    /* all the world's a vax ;-) */
+    static char charone[] = "prstuvwxyzPQRSTUVWq";
+    static char chartwo[] =
 	"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    static char acMaster[] = "/dev/ptyXX";
+    static char acSlave[] = "/dev/ttyXX";
+    static char *pcOne = charone, *pcTwo = chartwo;
+    int fd, sfd, iLoop, iIndex = sizeof("/dev/pty") - 1;
+    char *pcOld1;
+    struct stat statBuf;
 
-#if (defined(_AIX) || defined(PTX4))
-static char acMaster[] =
-	"/dev/ptc/XXXXXXXXX";
-static char acSlave[] =
-	"/dev/pts/XXXXXXXXX";
-#else
-static char acMaster[] =
-	"/dev/ptyXX";
-static char acSlave[] =
-	"/dev/ttyXX";
-#endif /* _AIX */
-
-#if !HAVE_GETPSEUDO
-#ifdef _AIX
-/*
- * get a pty for the user (emulate the neato sequent call)		(mm)
- */
-static int
-getpseudotty(slave, master)
-char **master, **slave;
-{
-	int fd;
-	char *pcName, *pcTmp;
-
-	if (0 > (fd = open("/dev/ptc", O_RDWR|O_NDELAY, 0))) {
-		return -1;
+    iLoop = 0;
+    pcOld1 = pcOne;
+    for (;;) {
+	if ('\000' == *++pcTwo) {
+	    pcTwo = chartwo;
+	    if ('\000' == *++pcOne) {
+		pcOne = charone;
+		if ((pcOld1 == pcOne && ++iLoop > 1) || (iLoop > 32))
+		    return -1;
+	    }
 	}
-	if ((char *)0 == (pcName = ttyname(fd))) {
-		return -1;
+	acMaster[iIndex] = *pcOne;
+	acMaster[iIndex + 1] = *pcTwo;
+
+	/*
+	 * Remeber we are root - stat the file
+	 * to see if it exists before we open it
+	 * for read/write - if it doesn't we don't
+	 * have any pty's left in the row
+	 */
+	if (-1 == stat(acMaster, &statBuf) ||
+	    S_IFCHR != (statBuf.st_mode & S_IFMT)) {
+	    pcTwo = "l";
+	    continue;
 	}
-	(void)strcpy(acSlave, pcName);
-	*slave = acSlave;
 
-	(void)strcpy(acMaster, pcName);
-	acMaster[7] = 'c';
-	*master = acMaster;
+	if (0 > (fd = open(acMaster, O_RDWR | O_NONBLOCK, 0))) {
+	    continue;
+	}
+	acSlave[iIndex] = *pcOne;
+	acSlave[iIndex + 1] = *pcTwo;
+	if (-1 == access(acSlave, F_OK)) {
+	    close(fd);
+	    continue;
+	}
+	break;
+    }
 
-	return fd;
+    /* go ahead and open the slave */
+    if ((sfd = open(acSlave, O_RDWR, 0)) < 0) {
+	Error("GetPseudoTTY(): open(%s): %s", acSlave, strerror(errno));
+	close(fd);
+	return -1;
+    }
+
+    BuildString((char *)0, slave);
+    BuildString(acSlave, slave);
+
+    *slaveFD = sfd;
+    return fd;
+# endif/* (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX) */
+#endif /* HAVE_OPENPTY */
 }
 
-#else
-#if  HAVE_PTSNAME
-
-/* get a pty for the user -- emulate the neato sequent call under	(gregf)
- * DYNIX/ptx v4.0
- */
-static int
-getpseudotty(slave, master)
-char **master, **slave;
-{
-	int fd;
-	char *pcName, *pcTmp;
-
-	if (0 > (fd = open("/dev/ptmx", O_RDWR, 0))) {
-		return -1;
-	}
-	grantpt(fd);			/* change permission of slave */
-	unlockpt(fd);			/* unlock slave */
-	if ((char *)0 == (pcName = ttyname(fd))) {
-		return -1;
-	}
-	(void)strcpy(acMaster, pcName);
-	*master = acMaster;
-
-	if ((char *) 0 == (pcName = ptsname(fd))) {
-		return -1;
-	}
-
-	(void)strcpy(acSlave, pcName);
-	*slave = acSlave;
-
-	return fd;
-}
-
-#else
 /*
- * get a pty for the user (emulate the neato sequent call)		(ksb)
- */
-static int
-getpseudotty(slave, master)
-char **master, **slave;
-{
-	static char *pcOne = charone, *pcTwo = chartwo;
-	auto int fd, iLoop, iIndex = sizeof("/dev/pty")-1;
-	auto char *pcOld1;
-	auto struct stat statBuf;
-
-	iLoop = 0;
-	pcOld1 = pcOne;
-	for (;;) {
-		if ('\000' == *++pcTwo) {
-			pcTwo = chartwo;
-			if ('\000' == *++pcOne) {
-				pcOne = charone;
-				if (pcOld1 == pcOne && ++iLoop > 1 || iLoop > 32)
-					return -1;
-			}
-		}
-		acMaster[iIndex] = *pcOne;
-		acMaster[iIndex+1] = *pcTwo;
-
-		/*
-		 * Remeber we are root - stat the file
-		 * to see if it exists before we open it
-		 * for read/write - if it doesn't we don't
-		 * have any pty's left in the row
-		 */
-		if (-1 == stat(acMaster, &statBuf) || S_IFCHR != (statBuf.st_mode&S_IFMT)) {
-			pcTwo = "l";
-			continue;
-		}
-
-		if (0 > (fd = open(acMaster, O_RDWR|O_NDELAY, 0))) {
-			continue;
-		}
-		acSlave[iIndex] = *pcOne;
-		acSlave[iIndex+1] = *pcTwo;
-		if (-1 == access(acSlave, F_OK)) {
-			(void) close(fd);
-			continue;
-		}
-		break;
-	}
-	*master = acMaster;
-	*slave = acSlave;
-	return fd;
-}
-#endif /* PTX version */
-#endif /* _AIX */
-#endif /* !HAVE_GETPSEUDO */
-
-/*
- * get a Joe pty bacause the daemon is not with us, sadly.		(ksb)
+ * get a pty using the GetPseudoTTY code above
  */
 int
-FallBack(pcSlave, pcMaster)
-char *pcSlave, *pcMaster;
+FallBack(char **slave, int *sfd)
 {
-	auto int fd;
-	auto char *pcTSlave, *pcTMaster;
+    int fd;
+    static STRING *pcTSlave = (STRING *)0;
 
-	if (-1 == (fd = getpseudotty(& pcTSlave, & pcTMaster))) {
-		return -1;
-	}
-	(void) strcpy(pcSlave, pcTSlave);
-	(void) strcpy(pcMaster, pcTMaster);
-	return fd;
+    if (pcTSlave == (STRING *)0)
+	pcTSlave = AllocString();
+
+    if ((fd = GetPseudoTTY(pcTSlave, sfd)) == -1) {
+	return -1;
+    }
+    if ((*slave) != (char *)0)
+	free(*slave);
+    if (((*slave) = StrDup(pcTSlave->string))
+	== (char *)0)
+	OutOfMem();
+    return fd;
 }
-
-#endif /* no code if it is not used */

conserver/group.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: group.h,v 5.11 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -34,17 +32,57 @@
  * 4. This notice may not be removed or altered.
  */
 
-#define MAXPSWDLEN	16	/* max length of encrypted password	*/
+/* timers used to have various things happen */
+#define T_STATE		0
+#define T_CIDLE		1
+#define T_MARK		2
+#define T_REINIT	3
+#define T_AUTOUP	4
+#define T_ROLL		5
+#define T_INITDELAY	6
+#define T_MAX		7	/* T_MAX *must* be last */
 
-typedef struct grpent {		/* group info				*/
-	int port;		/* port group listens on		*/
-	int pid;		/* pid of server for group		*/
-	int imembers;		/* number of consoles in this group	*/
-	CONSENT *pCElist;	/* list of consoles in this group	*/
-	CLIENT *pCLall;		/* all clients to scan after select	*/
-	char passwd[MAXPSWDLEN];/* encrypted password for this group	*/
+/* return values used by CheckPass()
+ */
+#define AUTH_SUCCESS	0	/* ok                                   */
+#define AUTH_NOUSER	1	/* no user                              */
+#define AUTH_INVALID	2	/* invalid password                     */
+
+typedef struct grpent {		/* group info                           */
+    unsigned int id;		/* uniqueue group id                    */
+    unsigned short port;	/* port group listens on                */
+    pid_t pid;			/* pid of server for group              */
+    int imembers;		/* number of consoles in this group     */
+    CONSENT *pCElist;		/* list of consoles in this group       */
+    CONSENT *pCEctl;		/* our control `console'                */
+    CONSCLIENT *pCLall;		/* all clients to scan after select     */
+    CONSCLIENT *pCLfree;	/* head of free list                    */
+    struct grpent *pGEnext;	/* next group entry                     */
 } GRPENT;
 
+extern time_t timers[];
 
-extern void Spawn();
-extern int CheckPass();
+extern void Spawn(GRPENT *, int);
+extern int CheckPass(char *, char *, FLAG);
+extern void TagLogfile(const CONSENT *, char *, ...);
+extern void TagLogfileAct(const CONSENT *, char *, ...);
+extern void DestroyGroup(GRPENT *);
+extern void DestroyConsent(GRPENT *, CONSENT *);
+extern void SendClientsMsg(CONSENT *, char *);
+extern void ResetMark(void);
+extern void DestroyConsentUsers(CONSENTUSERS **);
+extern CONSENTUSERS *ConsentFindUser(CONSENTUSERS *, char *);
+extern int ConsentUserOk(CONSENTUSERS *, char *);
+extern void DisconnectClient(GRPENT *, CONSCLIENT *, char *, FLAG);
+extern int ClientAccess(CONSENT *, char *);
+extern void DestroyClient(CONSCLIENT *);
+extern int CheckPasswd(CONSCLIENT *, char *, FLAG);
+extern void DeUtmp(GRPENT *, int);
+extern void ClientWantsWrite(CONSCLIENT *);
+extern void SendIWaitClientsMsg(CONSENT *, char *);
+#if HAVE_OPENSSL
+extern int AttemptSSL(CONSCLIENT *);
+#endif
+#if HAVE_GSSAPI
+extern int AttemptGSSAPI(CONSCLIENT *);
+#endif

conserver/main.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: main.h,v 5.15 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -36,18 +34,32 @@
 
 /* program options and stuff
  */
-extern char rcsid[];
-extern char *progname;
-extern int fAll, fVerbose, fSoftcar, fNoinit, fInteractive, fDebug;
-extern char chDefAcc;
-extern char *pcConfig;
-extern char *pcPasswd;
+extern int fAll, fNoinit, fInteractive, fStrip, fDaemon, fReopen,
+    fNoautoreup, fSyntaxOnly;
+#if USE_IPV6
+extern struct addrinfo *bindAddr;
+extern struct addrinfo *bindBaseAddr;
+#else
+extern in_addr_t bindAddr;
 extern struct sockaddr_in in_port;
-extern char acMyHost[];
-extern char acMyAddr[];
-extern int domainHack;
-
-#if defined(SERVICE)
-extern char acService[];
 #endif
-
+extern unsigned short bindPort, bindBasePort;
+extern char *pcConfig;
+extern int cMaxMemb;
+extern CONFIG *optConf;
+extern CONFIG *config;
+extern CONFIG defConfig;
+extern CONSFILE *unifiedlog;
+#if USE_UNIX_DOMAIN_SOCKETS
+extern char *interface;
+#endif
+#if HAVE_OPENSSL
+extern SSL_CTX *ctx;
+#endif
+#if HAVE_GSSAPI
+extern gss_name_t gss_myname;
+extern gss_cred_id_t gss_mycreds;
+#endif
+extern void ReopenLogfile(void);
+extern void ReopenUnifiedlog(void);
+extern void DumpDataStructures(void);

conserver/master.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: master.h,v 5.9 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -37,4 +35,7 @@
 /*
  * stuff the master process needs
  */
-extern void Master();
+extern CONSCLIENT *pCLmall;
+extern CONSCLIENT *pCLmfree;
+extern void Master(void);
+extern void SignalKids(int);

conserver/port.h

@@ -1,392 +0,0 @@
-/*
- *  $Id: port.h,v 1.17 2000-12-13 12:31:07-08 bryan Exp $
- *
- *  Copyright conserver.com, 2000
- *
- *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
- */
-
-/*
- * Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
- * 47907.  All rights reserved.
- *
- * Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
- *
- * This software is not subject to any license of the American Telephone
- * and Telegraph Company or the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on
- * any computer system, and to alter it and redistribute it freely, subject
- * to the following restrictions:
- *
- * 1. Neither the authors nor Purdue University are responsible for any
- *    consequences of the use of this software.
- *
- * 2. The origin of this software must not be misrepresented, either by
- *    explicit claim or by omission.  Credit to the authors and Purdue
- *    University must appear in documentation and sources.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- *    misrepresented as being the original software.
- *
- * 4. This notice may not be removed or altered.
- */
-
-/*
- * this is the configuration file for the Ohio State/PUCC console
- * server.  Just define the macros below to somehting that looks good
- * and give it a go.  It'll complain (under conserver -V) if things
- * look really bad.
- *
- * all PTX, PTX2, and PTX4 code added by gregf@sequent.com		(gregf)
- */
-#if !( defined(SUN5) || defined(BSDOS3) || defined(LINUX2) || defined(IRIX6) )
-#error "Platform needs to be defined.  See port.h"
-#endif
-
-#if (defined(PTX2) || defined(PTX4))
-#define PTX
-#endif
-
-/* some machine specific details
- */
-#if !defined(USE_OLDSEL)
-#if	defined(IBMR2)
-#include <sys/select.h>
-#endif
-#endif
-#if !defined(HAVE_UWAIT)
-#define HAVE_UWAIT	!(defined(IBMR2)||defined(SUN5)||defined(HPUX8)||defined(HPUX9)||defined(PTX)||defined(IRIX5)||defined(BSDOS3)||defined(IRIX6))
-#endif
-
-#if !defined(HAVE_WAIT3)
-#define HAVE_WAIT3	!(defined(SUN5)||defined(PTX))
-#endif
-
-/* This is the port number used in the connection.  It can use either
- * /etc/services or a hardcoded port (SERVICE name has precedence).
- * (You can -D one in the Makefile to override these.)
- */
-/* #define PORT 782 /* only if you cannot put in /etc/services */
-#if !defined(SERVICE)
-#if !defined(PORT)
-#define SERVICE		"conserver"
-#endif
-#endif
-
-/* Wait for a part of a second before slapping console server.
- * Good for CISCO terminal servers that get upset when you
- * attack with intense socket connections
- */
-#if !defined(USLEEP_FOR_SLOW_PORTS)
-#define USLEEP_FOR_SLOW_PORTS 100000
-#endif
-
-/* The name of the host which will act as the console server
- */
-#if !defined(HOST)
-#define HOST		"console"
-#endif
-
-/* How long should we wait for a TCP socket to be created when talking
- * to network terminal servers?  10 second default
- */
-#if !defined(CONNECTTIMEOUT)
-#define CONNECTTIMEOUT	10
-#endif
-
-/* the default escape sequence used to give meta commands
- */
-#if !defined(DEFATTN)
-#define DEFATTN		'\005'
-#endif
-#if !defined(DEFESC)
-#define DEFESC		'c'
-#endif
-
-/* Location of the configuration file
- */
-#if !defined(CONFIG)
-#define CONFIG		"/etc/conserver.cf"
-#endif
-
-/* Location of ANL designed passwd file */
-#if !defined(PASSWD_FILE)
-#define PASSWD_FILE	"/etc/conserver.passwd"
-#endif
-
-/* The maximum number of serial lines that can be handled by a child process
- */
-#if !defined(MAXMEMB)
-#define MAXMEMB		8
-#endif
-
-
-/* The maximum number of child processes spawned.
- */
-#if !defined(MAXGRP)
-#define MAXGRP		32
-#endif
-
-/* the max number of characters conserver will replay for you (the r command)
- */
-#if !defined(MAXREPLAY)
-#define MAXREPLAY	(80*25)
-#endif
-
-/* if the encrypted passwd is in a shadow file, define HAVE_SHADOW 	(gregf)
- */
-#if !defined(HAVE_SHADOW)
-#define HAVE_SHADOW	(defined(PTX)||defined(SUN5)||defined(IRIX6))
-#endif
-
-/* we'd like to line buffer our output, if we know how
- */
-#if !defined(USE_SETLINEBUF)
-#define USE_SETLINEBUF	(!(defined(HPUX7)||defined(HPUX8)||defined(HPUX9)||defined(PTX)))
-#endif
-
-/* we'd like to line buffer our output, if we know how; PTX uses setvbuf (gregf)
- */
-#if !defined(USE_SETVBUF)
-#define USE_SETVBUF	(defined(PTX))
-#endif
-
-/* hpux doesn't have getdtablesize() and they don't provide a macro
- * in non-KERNEL cpp mode
- */
-#if defined(HPUX7)||defined(HPUX8)||defined(HPUX9)
-#define getdtablesize()	64
-#endif
-
-/* the console server will provide a pseudo-device console which
- * allows operators to run backups and such without a hard wired
- * line (this is also good for testing the server to see if you
- * might wanna use it).  Turn this on only if you (might) need it.
- */
-#if !defined(DO_VIRTUAL)
-#define DO_VIRTUAL	1
-#endif
-
-#if DO_VIRTUAL
-/* if the virtual console option is on we need a source to ptys,
- * the PUCC ptyd daemon is the best source be know, else fall back
- * on some emulation code?? (XXX)
- */
-#if !defined(HAVE_PTYD)
-#define HAVE_PTYD	(defined(S81)||defined(VAX8800))
-#endif
-
-#if !defined(HAVE_GETPSEUDO)
-#define HAVE_GETPSEUDO	(defined(PTX2))
-#endif
-
-#if !defined(HAVE_PTSNAME)
-#define	HAVE_PTSNAME 	(defined(PTX4))
-#endif
-
-#if !defined(HAVE_LDTERM)
-#define HAVE_LDTERM	(defined(SUN5))
-#endif
-
-#if !defined(HAVE_STTY_LD)
-#define HAVE_STTY_LD	(defined(IRIX5))
-#endif
-
-#endif /* virtual (process on a pseudo-tty) console support */
-
-#if !defined(HAVE_SETSID)
-#define HAVE_SETSID	(defined(IBMR2)||defined(SUN5)||defined(HPUX7)||defined(HPUX8)||defined(HPUX9)||defined(PTX)||defined(IRIX5)||defined(LINUX2)||defined(IRIX6)||defined(BSDOS3))
-#endif
-
-/* should we use flock to keep multiple conservers from hurting each other?
- * PTX has lockf... should probably port code to work with this (gregf)
- */
-#if !defined(USE_FLOCK)
-#define USE_FLOCK	(!(defined(IBMR2)||defined(SUN5)||defined(HPUX7)||defined(HPUX8)||defined(HPUX9)||defined(PTX)||defined(LINUX2)||defined(IRIX6)||defined(BSDOS3)))
-#endif
-
-/* should we try to pop streams modules off?
- */
-#if !defined(USE_STREAMS)
-#define USE_STREAMS	(defined(SUN4)||defined(SUN5)||defined(PTX)||defined(IRIX5)||defined(IRIX6))
-#endif
-
-/* if we do not have old style tty emulation use termios.h
- */
-#if !defined(USE_TERMIO)
-#define USE_TERMIO	(defined(ETA10)||defined(V386))
-#endif
-#if !defined(USE_TERMIOS)
-#define USE_TERMIOS	(defined(HPUX7)||defined(HPUX8)||defined(HPUX9)||defined(SUN5)||defined(PTX)||defined(IRIX5)||defined(LINUX2)||defined(IRIX6)||defined(SUN4))
-#endif
-#if !defined(USE_TCBREAK)
-#define USE_TCBREAK	(defined(PTX)||defined(BSDOS3)||defined(LINUX2)||defined(SUN5))
-#endif
-
-/* if we have <strings.h> define this to 1, else define to 0
- */
-#if !defined(USE_STRINGS)
-#define USE_STRINGS	(defined(SUN4)||defined(DYNIX)||defined(EPIX)||defined(IRIX5)||defined(IRIX6)||defined(BSDOS3))
-#endif
-
-#if !defined(NEED_UNISTD_H)
-#define NEED_UNISTD_H	(defined(SUN5)||defined(PTX))
-#endif
-
-#if !defined(USE_SYS_TIME_H)
-#define USE_SYS_TIME_H	(!defined(PTX))
-#endif
-
-#if USE_STRINGS
-#if !defined(strchr)
-#define	strchr	index
-#endif
-#if !defined(strrchr)
-#define strrchr	rindex
-#endif
-#endif
-
-/* used to force the server process to clear parity, which is for farmers
- */
-#if !defined(CPARITY)
-#define CPARITY		1
-#endif
-
-
-/* if you do not have fd_set's here is a possible emulation
- */
-#if USE_OLDSEL
-typedef long fd_set;
-
-#define FD_ZERO(a) {*(a)=0;}
-#define FD_SET(d,a) {*(a) |= (1 << (d));}
-#define FD_CLR(d,a) {*(a) &= ~(1 << (d));}
-#define FD_ISSET(d,a) (*(a) & (1 << (d)))
-#endif
-
-#if USE_TERMIOS
-#if defined(LINUX2)
-#include <sys/ioctl.h>
-#endif
-#if defined(HPUX7)||defined(HPUX8)||defined(HPUX9)
-#define TCGETS  _IOR('T', 16, struct termios)
-#define TCSETS  _IOW('T', 17, struct termios)
-#endif
-#if defined(PTX2)
-#define TCGETS  TCGETP
-#define TCSETS  TCSETP
-#endif
-#endif
-
-/* which type does wait(2) take for status location
- */
-#if HAVE_UWAIT
-#define WAIT_T	union wait
-#if ! defined WEXITSTATUS
-#define WEXITSTATUS(x)	((x).w_retcode)
-#endif
-#else
-#define WAIT_T	int
-#endif
-
-/* which type signal handlers return on this machine
- */
-#if defined(sun) || defined(NEXT2) || defined(SUN5) || defined(PTX) || defined(IRIX5) || defined(BSDOS3) || defined(LINUX2) || defined(IRIX6)
-#define SIGRETS	void
-#else
-#define SIGRETS	int
-#endif
-
-/* which type to use for global flags set by signal handlers */
-#if defined(SUN5)
-#define SIGFLAG volatile sig_atomic_t
-#else
-#define SIGFLAG int
-#endif
-
-#if !defined(USE_SIGACTION)
-#define USE_SIGACTION (defined(SUN4)||defined(SUN5)||defined(LINUX2))
-#endif
-
-#if USE_SIGACTION
-extern void Set_signal(int isg, SIGRETS (*disp)(int));
-#else
-#define Set_signal(sig, disp) (void)signal((sig), (disp))
-#endif
-
-/* do we have a (working) setsockopt call
- */
-#if !defined(HAVE_SETSOCKOPT)
-#define HAVE_SETSOCKOPT	(defined(sun)||defined(PTX)||defined(LINUX2)||defined(IRIX6)||defined(BSDOS3))
-#endif
-
-/* does this system have the ANSI strerror() function?
- */
-#if !defined(HAVE_STRERROR)
-#define HAVE_STRERROR	(defined(IBMR2)||defined(ETA10)||defined(V386)||defined(SUN5)||defined(NEXT2)||defined(HPUX8)||defined(HPUX9)||defined(PTX)||defined(IRIX5)||defined(LINUX2)||defined(IRIX6)||defined(BSDOS3))
-#endif
-#if ! HAVE_STRERROR
-extern int errno;
-extern char *sys_errlist[];
-#define strerror(Me) (sys_errlist[Me])
-#endif
-
-#if !defined(HAVE_H_ERRLIST)
-#define HAVE_H_ERRLIST  (defined(SUN4)||defined(SUN3)||defined(FREEBSD)|defined(NETBSD)||defined(PTX)||defined(IRIX5)||defined(LINUX2)||defined(IRIX6)||defined(BSDOS3))
-#endif
-#if HAVE_H_ERRLIST
-extern int h_errno;
-extern char *h_errlist[];
-#define hstrerror(Me)   (h_errlist[Me])
-#else
-#define hstrerror(Me)   "host lookup error"
-#endif
-
-#if !defined(HAVE_RLIMIT)
-#if (defined(SUN5)||defined(PTX4)||defined(LINUX2)||defined(BSDOS3)||defined(IRIX6))
-#define HAVE_RLIMIT	1
-#else
-#define HAVE_RLIMIT	0
-#endif
-#endif
-
-/* that's all.  just run
- *	make
- *	./conserver -V
- */
-
-/* communication constants
- */
-#define OB_SUSP		'Z'		/* suspended by server		*/
-#define OB_DROP		'.'		/* dropped by server		*/
-
-/* Due to C's poor man's macros the macro below would break if statements,
- * What we want
- *	macro()			{ stuff }
- * but the syntax gives us
- *	macro()			{ stuff };
- *
- * the extra semicolon breaks if statements!
- * Of course, the one we use makes lint scream:
- *	macro()			do { stuff } while (0)
- *
- * which is a statement and makes if statements safe
- */
-#if defined(lint)
-extern int shut_up_lint;
-#else
-#define shut_up_lint	0
-#endif
-
-/* this macro efficently outputs a constant string to a fd
- * of course it doesn't check the write :-(
- */
-#define CSTROUT(Mfd, Mstr)	do {	\
-	static char _ac[] = Mstr; \
-	write(Mfd, _ac, sizeof(_ac)-1); \
-	} while (shut_up_lint)
-
-extern char *calloc(), *malloc(), *realloc();

conserver/readcfg.h

@@ -1,55 +1,75 @@
 /*
- *  $Id: readcfg.h,v 5.9 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
  */
 
-/*
- * Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
- * 47907.  All rights reserved.
- *
- * Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
- *
- * This software is not subject to any license of the American Telephone
- * and Telegraph Company or the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on
- * any computer system, and to alter it and redistribute it freely, subject
- * to the following restrictions:
- *
- * 1. Neither the authors nor Purdue University are responsible for any
- *    consequences of the use of this software.
- *
- * 2. The origin of this software must not be misrepresented, either by
- *    explicit claim or by omission.  Credit to the authors and Purdue
- *    University must appear in documentation and sources.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- *    misrepresented as being the original software.
- *
- * 4. This notice may not be removed or altered.
- */
+#define BREAKDELAYDEFAULT 250
+#define BREAKLISTSIZE 35	/* ('z'-('a'-1))+('9'-('1'-1)) */
+#define BREAKALPHAOFFSET 39	/* ('a'-('9'+1)) */
 
-/* we read in which hosts to trust and which ones we proxy for
- * from a file, into these structures
- */
+typedef struct config {
+    STRING *name;
+    FLAG autocomplete;
+    char defaultaccess;
+    FLAG daemonmode;
+    char *logfile;
+    char *passwdfile;
+    char *primaryport;
+    FLAG redirect;
+    FLAG loghostnames;
+    int reinitcheck; /* stored in sec, configured in min or sec */
+    char *secondaryport;
+    char *unifiedlog;
+    int initdelay;
+#if HAVE_SETPROCTITLE
+    FLAG setproctitle;
+#endif
+#if HAVE_OPENSSL
+    char *sslcredentials;
+    FLAG sslrequired;
+    FLAG sslreqclientcert;
+    char *sslcacertificatefile;
+#endif
+} CONFIG;
 
-extern GRPENT
-	aGroups[MAXGRP];		/* group info			*/
-extern CONSENT
-	aConsoles[MAXGRP*MAXMEMB];	/* console list			*/
-extern REMOTE
-	*pRCList;		/* list of remote consoles we know about */
-extern ACCESS
-	*pACList;		/* `who do you love' (or trust)		*/
+typedef struct breaks {
+    STRING *seq;
+    int delay;
+    FLAG confirm;
+} BREAKS;
 
-extern int
-	iAccess;		/* how many access restrictions we have	*/
-extern int
-	iLocal;			/* how many local consoles we have	*/
+typedef struct tasks {
+    char id;
+    STRING *cmd;
+    STRING *descr;
+    uid_t uid;
+    gid_t gid;
+    char *subst;
+    FLAG confirm;
+    struct tasks *next;
+} TASKS;
 
-extern void ReadCfg();
+extern NAMES *userList;		/* user list */
+extern GRPENT *pGroups;		/* group info */
+extern REMOTE *pRCList;		/* list of remote consoles we know about */
+extern REMOTE *pRCUniq;		/* list of uniq console servers */
+extern ACCESS *pACList;		/* `who do you love' (or trust) */
+extern CONSENTUSERS *pADList;	/* list of admin users */
+extern CONSENTUSERS *pLUList;	/* list of limited users */
+extern BREAKS breakList[BREAKLISTSIZE];	/* list of break sequences */
+extern TASKS *taskList;		/* list of tasks */
+extern SUBST *taskSubst;	/* substitution function data for tasks */
+extern CONFIG *pConfig;		/* settings seen by config parser */
+extern SUBST *substData;	/* substitution function data */
+
+extern void ReadCfg(char *, FILE *);
+extern void ReReadCfg(int, int);
+extern void DestroyBreakList(void);
+extern void InitBreakList(void);
+extern void DestroyTaskList(void);
+extern void DestroyUserList(void);
+extern void DestroyConfig(CONFIG *);
+extern NAMES *FindUserList(char *);
+extern NAMES *AddUserList(char *);
+extern CONSENT *FindConsoleName(CONSENT *, char *);

conserver/stamper.sh

@@ -1,44 +0,0 @@
-#!/bin/sh
-# $Id: stamper.sh,v 4.1 91/06/19 14:40:46 ksb Exp $
-#
-# The outputs a time stamp once an hour (on the hour, we hope).
-# We take a list of logfiles to stamp
-#
-PROGNAME=`basename $0 .sh`
-if [ "$#" -eq 0 ]
-then
-	echo "$PROGNAME: usage files" 1>&2
-	exit 1
-fi
-
-# sleep until the top of the hour
-# output a mark on each log file
-# sleep for nearly an hour
-while true
-do
-	(
-	IFS="$IFS:"
-
-	# _ Wed Jun 19 14:31:02 EST 1991
-	# $1 $2  $3 $4 $5 $6 $7 $8  $9
-	set _ `date`
-
-	#sleep `expr 3600 - \( $6 \* 60 + $7 \)`
-	)
-
-	mark="[-- MARK -- `date`]"
-	for file
-	do
-		if [ _"-" = _"$file" ]
-		then
-			echo "$mark"
-		else
-			echo "$mark" >>$file
-		fi
-	done
-
-	sleep 3530
-done
-
-# NOTREACHED
-exit 0

conserver/version.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: version.h,v 1.19 2000-12-14 16:21:18-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -8,4 +6,15 @@
  *  Copyright GNAC, Inc., 1998
  */
 
-#define THIS_VERSION "conserver.com version 6.1.7"
+#define COPYRIGHT "@(#) Copyright 1990 The Ohio State University.\n\
+@(#) Copyright 1992 Purdue Research Foundation.\n\
+@(#) Copyright 1998 GNAC, Inc.\n\
+@(#) Copyright 2000 conserver.com.\n\
+All rights reserved.\n"
+
+#define VERSION_DATE	"2022/07/07"
+#define VERSION_MAJOR	8
+#define VERSION_MINOR	2
+#define VERSION_REV	7
+#define VERSION_TEXT	"conserver.com version"
+#define VERSION_UINT	(VERSION_MAJOR * 1000000 + VERSION_MINOR * 1000 + VERSION_REV)

console/INSTALL.old

@@ -1,35 +0,0 @@
-# $Id: INSTALL,v 4.1 91/06/19 15:27:49 ksb Exp $
-#
-
-Prep:
-
- Did you do the prep work in ../conserver yet?  If not please start there.
-
-
-Compiling:
-
- Try a
-	make
- in this directory.  If cons.h is correct this should just compile.
-
-
-First test:
-
- Run a version command:
-	./console -V
- and see something like:
-	console: $Id: INSTALL,v 4.1 91/06/19 15:27:49 ksb Exp $
-	console: initial master server `staff.cc.purdue.edu'
-	console: default escape sequence `^Ec'
-	console: loopback address for mentor.cc.purdue.edu is 127.0.0.1
-
-
- Finish the INSTALL in conserver now.
-
-
-Connect to the conserver on your dumb port,
-
- Try all the commands.  Especially ^Ecz and ^Ecd/^Eco.
-
- Try two connections to the same console, note the cool way you can force
- the other guy off (^Ecf).

console/Makefile

@@ -1,58 +0,0 @@
-#	$Id: Makefile,v 1.11 1999-01-25 15:38:39-08 bryan Exp $
-#
-#	Makefile for console client progran
-#
-
-PROG=console
-PREFIX=/usr/local
-BIN=${PREFIX}/bin
-ETC=${PREFIX}/etc
-MAN=${PREFIX}/man
-MANSECT=8
-
-C=../conserver
-
-LINCLUDE= ${INCLUDE} -I$C
-CFLAGS= ${DEBUG} ${CDEFS} ${LINCLUDE}
-
-HDR=	
-SRC=	console.c
-OBJ=	console.o
-
-all: ${PROG}
-
-${PROG}: ${OBJ}
-	${CC} -o $@ ${CFLAGS} ${OBJ} ${LIBS}
-
-clean: FRC
-	rm -f Makefile.bak ${PROG} *.tbl a.out *.o core errs lint.out tags
-
-depend: ${HDR} ${SRC} FRC
-	makedepend ${CDEFS} ${LINCLUDE} ${SRC}
-
-dirs: ${BIN}
-
-install: all dirs FRC
-	${INSTALL} -cs ${PROG} ${BIN}/${PROG}
-
-${MAN}/man${MANSECT}:
-	${INSTALL} -d $@
-
-install.man: ${MAN}/man${MANSECT}
-	tbl console.man > console.tbl
-	${INSTALL} -c console.tbl ${MAN}/man${MANSECT}/console.${MANSECT}
-
-lint: ${HDR} ${SRC} FRC
-	lint -h ${CDEFS} ${LINCLUDE} ${SRC}
-
-tags: ${HDR} ${SRC}
-	ctags -t ${HDR} ${SRC}
-
-/ ${BIN}:
-	${INSTALL} -d $@
-
-FRC:
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-console.o: ../conserver/cons.h ../conserver/port.h ../conserver/version.h

console/Makefile.in

@@ -0,0 +1,63 @@
+### Path settings
+datarootdir = @datarootdir@
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sysconfdir = @sysconfdir@
+mandir = @mandir@
+
+### Installation programs and flags
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
+LN_S = @LN_S@
+MKDIR = @MKDIR@
+
+### Compiler and link options
+CC	= @CC@
+CFLAGS	= @CFLAGS@
+DEFS	= @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)\"
+CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) -I$(top_srcdir)/conserver $(DEFS) @CPPFLAGS@
+LDFLAGS	= @LDFLAGS@
+LIBS	= @LIBS@
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+CONSOLE_OBJS = console.o getpassword.o readconf.o ../conserver/cutil.o
+CONSOLE_HDRS = ../config.h $(top_srcdir)/compat.h \
+	       $(top_srcdir)/conserver/cutil.h \
+	       $(top_srcdir)/conserver/version.h \
+	       $(srcdir)/getpassword.h $(srcdir)/readconf.h
+ALL = console
+
+
+all: $(ALL)
+
+$(CONSOLE_OBJS): $(CONSOLE_HDRS)
+
+console: $(CONSOLE_OBJS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o console $(CONSOLE_OBJS) $(LIBS)
+
+../conserver/cutil.o:
+	( cd ../conserver && $(MAKE) $(MAKE_FLAGS) cutil.o ) || exit 1;
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+
+clean:
+	rm -f *~ *.o $(ALL) core
+
+distclean: clean
+	rm -f Makefile
+
+install: console
+	$(MKDIR) $(DESTDIR)$(bindir)
+	$(INSTALL_PROGRAM) console $(DESTDIR)$(bindir)
+	$(MKDIR) $(DESTDIR)$(mandir)/man1
+	$(INSTALL) -m 0644 console.man $(DESTDIR)$(mandir)/man1/console.1
+
+.PHONY: clean distclean install

console/README.old

@@ -1,67 +0,0 @@
-# $Id: README,v 4.2 92/07/27 08:47:14 ksb Exp $
-
-BUGS:
-	This program depends on a header file in ../conserver/cons.h,
-	which is dones't know how to make.
-
-What does it do?
-
- The console switch (conserver) uses some tty ports on a `switch machine' to
- read the output of many host machines.  Admins can use a client program
- (console) to connect to any console under control of the `switch'.  Thus from
- my terminal here on the second floor I can control the console for each of
- the machines in the machine room 3 floors below me!
-
- The `switch' host is monitored by an operator who sees all the error output
- from all the consoles (in a xterm here at PUCC).  This operator can call up a
- console on any machine in a flash and respond to problems.  He is aware of
- problems without having to poll many CRTs stacked out in the machine room --
- he and the tape drives can be in a quiet place.
-
-
-What platforms?
-
- It runs under 4.2/4.3bsd, IBM's AIX6000, SunOS 4.X, and HPUX.
- Only the client runs under HPUX at this release.  It depends on
- select(2) and sockets.
-
-
-What do I need to evaluate it?
-
- I believe a modem could be used in a pinch as a `host', anything that you can
- trick into producing tty I/O.  Even a dumb tty, but then you must do the
- echo.  Another port on the same machine was used for testing at one point...
- and an EPROM programmer might even work.
-
-
-Who would be interested in this kind of thing?
-
- Anyone with more than one machine with a glass tty would love it, it also
- gets rid of the need for paper consoles.
-
-
-Is this software restricted in distribution?
-
- Tom has an Ohio State copyright on the stuff, I'm sure that there will be no
- problem with distribution.  {He ripped the Purdue ECN copyright off the code
- he got, I didn't change his.}  Tom has not replied to any of my email in ~3
- months....
-
-
-Why this version rather than any other?
-
- The PUCC version supports many more features (multiple `switch' machines for
- when you run out of ports; job control; down'd consoles, etc) than either the
- Ohio State or Purdue ECN versions.
-
-
-How much trouble is it to port?
-
- The code is ~2000 lines for the server and ~1150 for the client.  Not too
- hard to read in ~3 hours.  It should work with a little push on any BSD type
- UNIX.
-
-
---
-"When you find me here, at the end of my rope!"
-kayessbee, Kevin Braunsdorf, ksb@cc.purdue.edu, pur-ee!ksb, purdue!ksb

console/console.man

@@ -1,196 +0,0 @@
-.\" $Id: console.man,v 1.5 1999-04-12 22:40:55-07 bryan Exp $
-.TH CONSOLE 8 "Local"
-.SH NAME
-console \- console server client program
-.SH SYNOPSIS
-\fBconsole\fP [\-\fBaAfFsS\fP] [\-\fBrv\fP] [\-\fBe\fP \fIesc\fP] [\-\fBM\fP \fIserver\fP] \fIhost\fP
-.br
-\fBconsole\fP [\-\fBv\fP] [\-\fBhdDuVwx\fP] [\-\fBb\fP \fImessage\fP]
-.br
-\fBconsole\fP [\-\fBqQ\fP] [\-\fBM\fP \fIserver\fP]
-.SH DESCRIPTION
-.B Console
-is used to manipulate console terminals remotely or poll running
-\fIconserver\fP(8L) daemons for status information.
-.PP
-.B Console
-queries the user for the their passwd before
-granting interactive access to a console (on a non-trusted system)
-since such a session may provide single-user access.
-.PP
-In the non-interactive mode
-.B console
-outputs only the requested information.
-.SH OPTIONS
-.TP
-.B \-a
-Access a console with a two-way connection (this is the default).
-.TP
-.BI \-b message
-Broadcast a \fImessage\fP to all users connected to the console server.
-.TP
-.B \-d
-Display daemon versions.  The \fIconsole\fP client connects to each
-server to request its version information.  The uppercase varient of
-this option only requests the primary server's version.
-.TP
-.BI \-e esc
-Set the initial two character escape sequence to
-those represented by \fIesc\fP.
-Any of the forms output by \fIcat\fP(1)'s \-\fBv\fP option
-are accepted.  The default value is ``^Ec''.
-.TP
-.B \-f
-Same as
-.I \-a
-except it will force any existing connection into spy mode.
-.TP
-.B \-h
-Display a brief help message.
-.TP
-.BI \-M server
-The \fIconsole\fP client program polls \fIserver\fP as the primary server,
-rather than the hard coded default (``console'').
-.TP
-.B \-q
-The \fIconsole\fP client requests the server daemon quit (shutdown).
-A password is sent in the protocol stream, if none is required for
-the local host to shutdown the server just press return.
-.TP
-.B \-Q
-Like -q, but just acts on the primary server.
-.TP
-.B \-r
-Request a raw connection to the group control virtual console,
-this is only useful for learning the protocol used by the
-interactive sequence.
-.TP
-.B \-s
-Requests a read-only (spy mode) connection.
-If this mode all the escape sequences (below) work, or report errors,
-but all other keyboard input is discarded.
-.TP
-.B \-u
-Show a list of all consoles with status and attached users.
-.TP
-.B \-V
-Output the version of the console client program.
-.TP
-.B \-v
-Be more verbose during when building the connection(s).
-Use this option in combination with any of `show' options (below)
-for added benefit.
-.TP
-.B \-w
-Show a list of all connections to consoles.
-.TP
-.B \-x
-Show a list of consoles and devices.
-.PP
-The \-\fBA\fP, \-\fBF\fP, or \-\fBS\fP options have the same effect as
-their lower case variants.
-In addition they each request the last 20 lines of the console output after
-making the connection.
-.PP
-Any default (\-\fBa\fP) connection is dropped to spy mode if
-someone else is attached read-write.
-.SH "ESCAPE SEQUENCES"
-The connection can be controlled by a two character escape sequence, followed
-by a command.  The default escape sequence is ``control-E c''
-(octal 005 143).  Commands are:
-.sp
-.TS
-c l.
-a	switch to attach mode
-c	toggle flow control (don't do this)
-d	down the current console
-e	change the escape sequence to the next two characters
-f	force a switch to attach mode
-g	group info
-L	toggle logging on/off
-l1	send a 3-second serial line break (might halt a Sun)
-	("ell" then "one", not the L1 key)
-o	reopen the line to clear errors (silo overflows)
-p	replay the last 60 lines of output
-r	replay the last 20 lines of output
-s	switch to spy mode
-u	show other users on this port
-v	show the version of the group server
-w	who is using this console
-x	examine this group's devices and modes.
-z	suspend this connection
-?	display list of commands
-^I	toggle tab expansion
-^J	continue, ignore the escape sequence
-^R	replay the last line only
-\.	disconnect
-.TE
-.sp
-.PP
-If any other character is hit after the escape sequence, all three characters
-will be discarded.
-Note that a line break or a down command
-can only be sent from a full two-way attachment.
-To send the escape sequence through the connection one must redefine
-the outer escape sequence.
-.PP
-In the \-u output, the login \fB<none>\fP indicates no one is
-viewing that console, the login \fB<spies>\fP indicates that
-no one has a full two-way attachment.  When no one is attached to
-a console its output is cloned to the stdout of the server process.
-.SH EXAMPLES
-.TP
-console \-u
-Outputs something like:
-.sp
-.RS
-.TS
-l18 l l.
-dumb	up	<none>
-expert	up	ksb@mentor
-tyro	up	<spies>
-mentor	up	<none>
-sage	up	fine@cis
-.TE
-.RE
-.sp
-The \fB<none>\fP indicates no one is viewing \fIdumb\fP or \fImentor\fP,
-the \fB<spies>\fP indicates only read-only connections exist for \fItyro\fP,
-other \fIlogin\fP@\fIhost\fP entries are the currently attached
-\fIsage\fP and \fIexpert\fP.
-.TP
-console \-w
-Outputs something like:
-.sp
-.RS
-.TS
-l18 l l.
-ksb@extra	attach 2days	expert
-file@cis	attach 21:46	sage
-dmr@alice	spy     0:04	tyro
-.TE
-.RE
-.sp
-The third column is the idle time of the user.  Either hours:minutes or number
-of days is displayed.
-.TP
-console \-e \*(lq^[1\*(rq lv426
-Requests a connection to the host ``lv426'' with the escape characters
-set to ``escape one''.
-.SH BUGS
-Connections suspended under Dynix sometimes break the kernel when
-resumed.  Suspended connections are a poor idea in general, just
-disconnect instead.
-.PP
-It is possible to create a loop of console connections, with ugly results.
-Never run \fIconsole\fP from within a console connection.
-.PP
-The \-\fBr\fP option doesn't help to explain how connections get built.
-.SH AUTHORS
-Thomas A. Fine, Ohio State Computer Science.
-.br
-Kevin Braunsdorf, Purdue University Computing Center
-.br
-Bryan Stansell, Global Networking and Computing, Inc.
-.SH "SEE ALSO"
-conserver.cf(5L), conserver(8L)

console/getpassword.c

@@ -0,0 +1,138 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ *
+ *  Copyright GNAC, Inc., 1998
+ */
+
+#include <compat.h>
+
+#include <pwd.h>
+
+#include <cutil.h>
+#include <version.h>
+
+
+/* the next two routines assure that the users tty is in the
+ * correct mode for us to do our thing
+ */
+static int screwy = 0;
+static struct termios o_tios;
+/* this holds the password given to us by the user */
+static STRING *pass = (STRING *)0;
+
+
+/*
+ * show characters that are already tty processed,
+ * and read characters before cononical processing
+ * we really use cbreak at PUCC because we need even parity...
+ */
+static void
+C2Raw(int fd)
+{
+    struct termios n_tios;
+
+    if (!isatty(fd) || 0 != screwy)
+	return;
+
+    if (0 != tcgetattr(fd, &o_tios)) {
+	Error("tcgetattr(%d): %s", fd, strerror(errno));
+	Bye(EX_UNAVAILABLE);
+    }
+    n_tios = o_tios;
+    n_tios.c_iflag &= ~(IUCLC | IXON);
+    n_tios.c_oflag &= ~OPOST;
+    n_tios.c_lflag &= ~(ISIG | ECHO | IEXTEN);
+    n_tios.c_cc[VMIN] = 1;
+    n_tios.c_cc[VTIME] = 0;
+    if (0 != tcsetattr(fd, TCSANOW, &n_tios)) {
+	Error("tcsetattr(%d, TCSANOW): %s", fd, strerror(errno));
+	Bye(EX_UNAVAILABLE);
+    }
+    screwy = 1;
+}
+
+/*
+ * put the tty back as it was, however that was
+ */
+static void
+C2Normal(int fd)
+{
+    if (!screwy)
+	return;
+    tcsetattr(fd, TCSANOW, &o_tios);
+    screwy = 0;
+}
+
+char *
+GetPassword(char *prompt)
+{
+    int fd;
+    int nc;
+    char buf[BUFSIZ];
+    int done = 0;
+
+    if (prompt == (char *)0)
+	prompt = "";
+    if ((pass = AllocString()) == (STRING *)0)
+	OutOfMem();
+    BuildString((char *)0, pass);
+
+    if ((fd = open("/dev/tty", O_RDWR)) == -1) {
+	Error("could not open `/dev/tty': %s", strerror(errno));
+	return (char *)0;
+    }
+
+    C2Raw(fd);
+    write(fd, prompt, strlen(prompt));
+    while (!done) {
+	int i;
+	if ((nc = read(0, buf, sizeof(buf))) == 0)
+	    break;
+	for (i = 0; i < nc; ++i) {
+	    if (buf[i] == 0x0d || buf[i] == 0x0a) {
+		/* CR, NL */
+		done = 1;
+		break;
+	    } else
+		BuildStringChar(buf[i], pass);
+	}
+    }
+    C2Normal(fd);
+    /*
+       {
+       static STRING *c = (STRING *) 0;
+       if ((c = AllocString()) == (STRING *) 0)
+       OutOfMem();
+       write(fd, "\n'", 2);
+       if (pass->used) {
+       FmtCtlStr(pass->string, pass->used - 1, c);
+       write(fd, c->string, c->used - 1);
+       }
+       write(fd, "'\n", 2);
+       }
+     */
+    write(fd, "\n", 1);
+    close(fd);
+    /* this way a (char*)0 is only returned on error */
+    if (pass->string == (char *)0)
+	return "";
+    else
+	return pass->string;
+}
+
+void
+ClearPassword(void)
+{
+    if (pass == (STRING *)0 || pass->allocated == 0)
+	return;
+
+#if HAVE_MEMSET
+    memset((void *)(pass->string), '\000', pass->allocated);
+#else
+    bzero((char *)(pass->string), pass->allocated);
+#endif
+
+    BuildString((char *)0, pass);
+}

console/getpassword.h

@@ -1,9 +1,8 @@
 /*
- *  $Id: cons-gnac.h,v 5.44 2000-12-13 12:31:07-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
  */
+
+extern char *GetPassword(char *);
+extern void *ClearPassword(void);

console/readconf.c

@@ -0,0 +1,726 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+#include <compat.h>
+
+#include <cutil.h>
+#include <readconf.h>
+
+CONFIG *parserConfigTemp = (CONFIG *)0;
+CONFIG *parserConfigDefault = (CONFIG *)0;
+CONFIG *pConfig = (CONFIG *)0;
+TERM *parserTermTemp = (TERM *)0;
+TERM *parserTermDefault = (TERM *)0;
+TERM *pTerm = (TERM *)0;
+
+void
+DestroyConfig(CONFIG *c)
+{
+    if (c == (CONFIG *)0)
+	return;
+    if (c->username != (char *)0)
+	free(c->username);
+    if (c->master != (char *)0)
+	free(c->master);
+    if (c->port != (char *)0)
+	free(c->port);
+    if (c->escape != (char *)0)
+	free(c->escape);
+#if HAVE_OPENSSL
+    if (c->sslcredentials != (char *)0)
+	free(c->sslcredentials);
+    if (c->sslcacertificatefile != (char *)0)
+	free(c->sslcacertificatefile);
+    if (c->sslcacertificatepath != (char *)0)
+	free(c->sslcacertificatepath);
+#endif
+    free(c);
+}
+
+void
+ApplyConfigDefault(CONFIG *c)
+{
+    if (parserConfigDefault == (CONFIG *)0)
+	return;
+
+    if (parserConfigDefault->username != (char *)0) {
+	if (c->username != (char *)0)
+	    free(c->username);
+	if ((c->username =
+	     StrDup(parserConfigDefault->username)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->master != (char *)0) {
+	if (c->master != (char *)0)
+	    free(c->master);
+	if ((c->master = StrDup(parserConfigDefault->master)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->port != (char *)0) {
+	if (c->port != (char *)0)
+	    free(c->port);
+	if ((c->port = StrDup(parserConfigDefault->port)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->escape != (char *)0) {
+	if (c->escape != (char *)0)
+	    free(c->escape);
+	if ((c->escape = StrDup(parserConfigDefault->escape)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->striphigh != FLAGUNKNOWN)
+	c->striphigh = parserConfigDefault->striphigh;
+    if (parserConfigDefault->replay != FLAGUNKNOWN)
+	c->replay = parserConfigDefault->replay;
+    if (parserConfigDefault->playback != FLAGUNKNOWN)
+	c->playback = parserConfigDefault->playback;
+#if HAVE_OPENSSL
+    if (parserConfigDefault->sslcredentials != (char *)0) {
+	if (c->sslcredentials != (char *)0)
+	    free(c->sslcredentials);
+	if ((c->sslcredentials =
+	     StrDup(parserConfigDefault->sslcredentials)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->sslcacertificatefile != (char *)0) {
+	if (c->sslcacertificatefile != (char *)0)
+	    free(c->sslcacertificatefile);
+	if ((c->sslcacertificatefile =
+	     StrDup(parserConfigDefault->sslcacertificatefile)) ==
+	    (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->sslcacertificatepath != (char *)0) {
+	if (c->sslcacertificatepath != (char *)0)
+	    free(c->sslcacertificatepath);
+	if ((c->sslcacertificatepath =
+	     StrDup(parserConfigDefault->sslcacertificatepath)) ==
+	    (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->sslrequired != FLAGUNKNOWN)
+	c->sslrequired = parserConfigDefault->sslrequired;
+    if (parserConfigDefault->sslenabled != FLAGUNKNOWN)
+	c->sslenabled = parserConfigDefault->sslenabled;
+#endif
+}
+
+void
+ConfigBegin(char *id)
+{
+    CONDDEBUG((1, "ConfigBegin(%s) [%s:%d]", id, file, line));
+    if (id == (char *)0 || id[0] == '\000') {
+	Error("empty config name [%s:%d]", file, line);
+	return;
+    }
+    if (parserConfigTemp != (CONFIG *)0)
+	DestroyConfig(parserConfigTemp);
+    if ((parserConfigTemp = (CONFIG *)calloc(1, sizeof(CONFIG)))
+	== (CONFIG *)0)
+	OutOfMem();
+    ApplyConfigDefault(parserConfigTemp);
+    parserConfigTemp->name = AllocString();
+    BuildString(id, parserConfigTemp->name);
+}
+
+void
+ConfigEnd(void)
+{
+    CONDDEBUG((1, "ConfigEnd() [%s:%d]", file, line));
+
+    if (parserConfigTemp == (CONFIG *)0)
+	return;
+
+    if (parserConfigTemp->name->used > 1) {
+	if ((parserConfigTemp->name->string[0] == '*' &&
+	     parserConfigTemp->name->string[1] == '\000') ||
+	    IsMe(parserConfigTemp->name->string)) {
+	    DestroyConfig(parserConfigDefault);
+	    parserConfigDefault = parserConfigTemp;
+	    parserConfigTemp = (CONFIG *)0;
+	}
+    }
+
+    DestroyConfig(parserConfigTemp);
+    parserConfigTemp = (CONFIG *)0;
+}
+
+void
+ConfigAbort(void)
+{
+    CONDDEBUG((1, "ConfigAbort() [%s:%d]", file, line));
+    if (parserConfigTemp == (CONFIG *)0)
+	return;
+
+    DestroyConfig(parserConfigTemp);
+    parserConfigTemp = (CONFIG *)0;
+}
+
+void
+ConfigDestroy(void)
+{
+    CONDDEBUG((1, "ConfigDestroy() [%s:%d]", file, line));
+
+    if (parserConfigTemp != (CONFIG *)0) {
+	DestroyConfig(parserConfigTemp);
+	parserConfigTemp = (CONFIG *)0;
+    }
+
+    if (parserConfigDefault != (CONFIG *)0) {
+	DestroyConfig(pConfig);
+	pConfig = parserConfigDefault;
+	parserConfigDefault = (CONFIG *)0;
+    }
+}
+
+void
+DestroyTerminal(TERM *t)
+{
+    if (t == (TERM *)0)
+	return;
+    if (t->attach != (char *)0)
+	free(t->attach);
+    if (t->attachsubst != (char *)0)
+	free(t->attachsubst);
+    if (t->detach != (char *)0)
+	free(t->detach);
+    if (t->detachsubst != (char *)0)
+	free(t->detachsubst);
+    free(t);
+}
+
+void
+ApplyTermDefault(TERM *t)
+{
+    if (parserTermDefault == (TERM *)0)
+	return;
+
+    if (parserTermDefault->attach != (char *)0) {
+	if (t->attach != (char *)0)
+	    free(t->attach);
+	if ((t->attach = StrDup(parserTermDefault->attach)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserTermDefault->attachsubst != (char *)0) {
+	if (t->attachsubst != (char *)0)
+	    free(t->attachsubst);
+	if ((t->attachsubst =
+	     StrDup(parserTermDefault->attachsubst)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserTermDefault->detach != (char *)0) {
+	if (t->detach != (char *)0)
+	    free(t->detach);
+	if ((t->detach = StrDup(parserTermDefault->detach)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserTermDefault->detachsubst != (char *)0) {
+	if (t->detachsubst != (char *)0)
+	    free(t->detachsubst);
+	if ((t->detachsubst =
+	     StrDup(parserTermDefault->detachsubst)) == (char *)0)
+	    OutOfMem();
+    }
+}
+
+void
+TerminalBegin(char *id)
+{
+    CONDDEBUG((1, "TerminalBegin(%s) [%s:%d]", id, file, line));
+    if (id == (char *)0 || id[0] == '\000') {
+	Error("empty terminal name [%s:%d]", file, line);
+	return;
+    }
+    if (parserTermTemp != (TERM *)0)
+	DestroyTerminal(parserTermTemp);
+    if ((parserTermTemp = (TERM *)calloc(1, sizeof(TERM)))
+	== (TERM *)0)
+	OutOfMem();
+    ApplyTermDefault(parserTermTemp);
+    parserTermTemp->name = AllocString();
+    BuildString(id, parserTermTemp->name);
+}
+
+void
+TerminalEnd(void)
+{
+    static char *term = (char *)0;
+
+    CONDDEBUG((1, "TerminalEnd() [%s:%d]", file, line));
+
+    if (parserTermTemp == (TERM *)0)
+	return;
+
+    if (term == (char *)0) {
+	if ((term = getenv("TERM")) == (char *)0) {
+	    term = "";
+	}
+    }
+
+    if (parserTermTemp->name->used > 1) {
+	if ((parserTermTemp->name->string[0] == '*' &&
+	     parserTermTemp->name->string[1] == '\000') ||
+	    strcmp(parserTermTemp->name->string, term) == 0) {
+	    DestroyTerminal(parserTermDefault);
+	    parserTermDefault = parserTermTemp;
+	    parserTermTemp = (TERM *)0;
+	}
+    }
+
+    DestroyTerminal(parserTermTemp);
+    parserTermTemp = (TERM *)0;
+}
+
+void
+TerminalAbort(void)
+{
+    CONDDEBUG((1, "TerminalAbort() [%s:%d]", file, line));
+    if (parserTermTemp == (TERM *)0)
+	return;
+
+    DestroyTerminal(parserTermTemp);
+    parserTermTemp = (TERM *)0;
+}
+
+void
+TerminalDestroy(void)
+{
+    CONDDEBUG((1, "TerminalDestroy() [%s:%d]", file, line));
+
+    if (parserTermTemp != (TERM *)0) {
+	DestroyTerminal(parserTermTemp);
+	parserTermTemp = (TERM *)0;
+    }
+
+    if (parserTermDefault != (TERM *)0) {
+	DestroyTerminal(pTerm);
+	pTerm = parserTermDefault;
+	parserTermDefault = (TERM *)0;
+    }
+}
+
+void
+ProcessYesNo(char *id, FLAG *flag)
+{
+    if (id == (char *)0 || id[0] == '\000')
+	*flag = FLAGFALSE;
+    else if (strcasecmp("yes", id) == 0 || strcasecmp("true", id) == 0 ||
+	     strcasecmp("on", id) == 0)
+	*flag = FLAGTRUE;
+    else if (strcasecmp("no", id) == 0 || strcasecmp("false", id) == 0 ||
+	     strcasecmp("off", id) == 0)
+	*flag = FLAGFALSE;
+}
+
+void
+ConfigItemEscape(char *id)
+{
+    CONDDEBUG((1, "ConfigItemEscape(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->escape != (char *)0)
+	free(parserConfigTemp->escape);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->escape = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->escape = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+ConfigItemMaster(char *id)
+{
+    CONDDEBUG((1, "ConfigItemMaster(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->master != (char *)0)
+	free(parserConfigTemp->master);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->master = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->master = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+ConfigItemPlayback(char *id)
+{
+    int i;
+
+    CONDDEBUG((1, "ConfigItemPlayback(%s) [%s:%d]", id, file, line));
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->playback = 0;
+	return;
+    }
+    for (i = 0; id[i] != '\000'; i++) {
+	if (!isdigit((int)id[i])) {
+	    Error("invalid playback value [%s:%d]", file, line);
+	    return;
+	}
+    }
+    if (i > 4) {
+	Error("playback value too large [%s:%d]", file, line);
+	return;
+    }
+    parserConfigTemp->playback = (unsigned short)atoi(id) + 1;
+}
+
+void
+ConfigItemPort(char *id)
+{
+    CONDDEBUG((1, "ConfigItemPort(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->port != (char *)0)
+	free(parserConfigTemp->port);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->port = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->port = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+ConfigItemReplay(char *id)
+{
+    int i;
+
+    CONDDEBUG((1, "ConfigItemReplay(%s) [%s:%d]", id, file, line));
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->replay = 0;
+	return;
+    }
+    for (i = 0; id[i] != '\000'; i++) {
+	if (!isdigit((int)id[i])) {
+	    Error("invalid replay value [%s:%d]", file, line);
+	    return;
+	}
+    }
+    if (i > 4) {
+	Error("replay value too large [%s:%d]", file, line);
+	return;
+    }
+    parserConfigTemp->replay = (unsigned short)atoi(id) + 1;
+}
+
+void
+ConfigItemSslcredentials(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslcredentials(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslcredentials != (char *)0)
+	free(parserConfigTemp->sslcredentials);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslcredentials = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslcredentials = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslcredentials ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslcacertificatefile(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslcacertificatefile(%s) [%s:%d]", id, file,
+	       line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslcacertificatefile != (char *)0)
+	free(parserConfigTemp->sslcacertificatefile);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslcacertificatefile = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslcacertificatefile = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslcacertificatefile ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslcacertificatepath(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslcacertificatepath(%s) [%s:%d]", id, file,
+	       line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslcacertificatepath != (char *)0)
+	free(parserConfigTemp->sslcacertificatepath);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslcacertificatepath = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslcacertificatepath = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslcacertificatepath ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslrequired(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslrequired(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    ProcessYesNo(id, &(parserConfigTemp->sslrequired));
+#else
+    Error
+	("sslrequired ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslenabled(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslenabled(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    ProcessYesNo(id, &(parserConfigTemp->sslenabled));
+#else
+    Error("sslenabled ignored - encryption not compiled into code [%s:%d]",
+	  file, line);
+#endif
+}
+
+void
+ConfigItemStriphigh(char *id)
+{
+    CONDDEBUG((1, "ConfigItemStriphigh(%s) [%s:%d]", id, file, line));
+    ProcessYesNo(id, &(parserConfigTemp->striphigh));
+}
+
+void
+ConfigItemUsername(char *id)
+{
+    CONDDEBUG((1, "ConfigItemUsername(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->username != (char *)0)
+	free(parserConfigTemp->username);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->username = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->username = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+SUBST *substData = (SUBST *)0;
+
+SUBSTTOKEN
+SubstToken(char c)
+{
+    switch (c) {
+	case 'u':
+	case 'c':
+	    return ISSTRING;
+	default:
+	    return ISNOTHING;
+    }
+}
+
+int
+SubstValue(char c, char **s, int *i)
+{
+    int retval = 0;
+
+    if (s != (char **)0) {
+	CONFIG *pc;
+	if (substData->data == (void *)0)
+	    return 0;
+
+	pc = (CONFIG *)(substData->data);
+	if (c == 'u') {
+	    (*s) = pc->username;
+	    retval = 1;
+	} else if (c == 'c') {
+	    (*s) = pc->console;
+	    retval = 1;
+	}
+    }
+
+    return retval;
+}
+
+void
+InitSubstCallback(void)
+{
+    if (substData == (SUBST *)0) {
+	if ((substData = (SUBST *)calloc(1, sizeof(SUBST))) == (SUBST *)0)
+	    OutOfMem();
+	substData->value = &SubstValue;
+	substData->token = &SubstToken;
+    }
+}
+
+
+void
+TerminalItemAttach(char *id)
+{
+    CONDDEBUG((1, "TerminalItemAttach(%s) [%s:%d]", id, file, line));
+
+    if (parserTermTemp->attach != (char *)0)
+	free(parserTermTemp->attach);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserTermTemp->attach = (char *)0;
+	return;
+    }
+    if ((parserTermTemp->attach = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+TerminalItemAttachsubst(char *id)
+{
+    CONDDEBUG((1, "TerminalItemAttachsubst(%s) [%s:%d]", id, file, line));
+    ProcessSubst(substData, (char **)0, &(parserTermTemp->attachsubst),
+		 "attachsubst", id);
+}
+
+void
+TerminalItemDetach(char *id)
+{
+    CONDDEBUG((1, "TerminalItemDetach(%s) [%s:%d]", id, file, line));
+
+    if (parserTermTemp->detach != (char *)0)
+	free(parserTermTemp->detach);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserTermTemp->detach = (char *)0;
+	return;
+    }
+    if ((parserTermTemp->detach = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+TerminalItemDetachsubst(char *id)
+{
+    CONDDEBUG((1, "TerminalItemDetachsubst(%s) [%s:%d]", id, file, line));
+    ProcessSubst(substData, (char **)0, &(parserTermTemp->detachsubst),
+		 "detachsubst", id);
+}
+
+ITEM keyConfig[] = {
+    {"escape", ConfigItemEscape},
+    {"master", ConfigItemMaster},
+    {"playback", ConfigItemPlayback},
+    {"port", ConfigItemPort},
+    {"replay", ConfigItemReplay},
+    {"sslcredentials", ConfigItemSslcredentials},
+    {"sslcacertificatefile", ConfigItemSslcacertificatefile},
+    {"sslcacertificatepath", ConfigItemSslcacertificatepath},
+    {"sslrequired", ConfigItemSslrequired},
+    {"sslenabled", ConfigItemSslenabled},
+    {"striphigh", ConfigItemStriphigh},
+    {"username", ConfigItemUsername},
+    {(char *)0, (void *)0}
+};
+
+ITEM keyTerminal[] = {
+    {"attach", TerminalItemAttach},
+    {"attachsubst", TerminalItemAttachsubst},
+    {"detach", TerminalItemDetach},
+    {"detachsubst", TerminalItemDetachsubst},
+    {(char *)0, (void *)0}
+};
+
+SECTION sections[] = {
+    {"config", ConfigBegin, ConfigEnd, ConfigAbort, ConfigDestroy,
+     keyConfig},
+    {"terminal", TerminalBegin, TerminalEnd, TerminalAbort,
+     TerminalDestroy, keyTerminal},
+    {(char *)0, (void *)0, (void *)0, (void *)0, (void *)0}
+};
+
+void
+ReadConf(char *filename, FLAG verbose)
+{
+    FILE *fp;
+
+    if ((FILE *)0 == (fp = fopen(filename, "r"))) {
+	if (verbose == FLAGTRUE)
+	    Error("could not open `%s'", filename);
+	return;
+    }
+
+    /* initialize the substition bits */
+    InitSubstCallback();
+
+    parserConfigDefault = pConfig;
+    pConfig = (CONFIG *)0;
+
+    parserTermDefault = pTerm;
+    pTerm = (TERM *)0;
+
+    ParseFile(filename, fp, 0);
+
+    /* shouldn't really happen, but in case i screw up the stuff
+     * ParseFile calls...
+     */
+    if (pConfig == (CONFIG *)0) {
+	if ((pConfig = (CONFIG *)calloc(1, sizeof(CONFIG)))
+	    == (CONFIG *)0)
+	    OutOfMem();
+    }
+
+    if (pTerm == (TERM *)0) {
+	if ((pTerm = (TERM *)calloc(1, sizeof(TERM)))
+	    == (TERM *)0)
+	    OutOfMem();
+    }
+
+    if (fDebug) {
+#define EMPTYSTR(x) x == (char *)0 ? "(null)" : x
+#define FLAGSTR(x) x == FLAGTRUE ? "true" : (x == FLAGFALSE ? "false" : "unset")
+	CONDDEBUG((1, "pConfig->username = %s",
+		   EMPTYSTR(pConfig->username)));
+	CONDDEBUG((1, "pConfig->master = %s", EMPTYSTR(pConfig->master)));
+	CONDDEBUG((1, "pConfig->port = %s", EMPTYSTR(pConfig->port)));
+	CONDDEBUG((1, "pConfig->escape = %s", EMPTYSTR(pConfig->escape)));
+	CONDDEBUG((1, "pConfig->striphigh = %s",
+		   FLAGSTR(pConfig->striphigh)));
+	CONDDEBUG((1, "pConfig->replay = %hu", pConfig->replay));
+	CONDDEBUG((1, "pConfig->playback = %hu", pConfig->playback));
+#if HAVE_OPENSSL
+	CONDDEBUG((1, "pConfig->sslcredentials = %s",
+		   EMPTYSTR(pConfig->sslcredentials)));
+	CONDDEBUG((1, "pConfig->sslcacertificatefile = %s",
+		   EMPTYSTR(pConfig->sslcacertificatefile)));
+	CONDDEBUG((1, "pConfig->sslcacertificatepath = %s",
+		   EMPTYSTR(pConfig->sslcacertificatepath)));
+	CONDDEBUG((1, "pConfig->sslrequired = %s",
+		   FLAGSTR(pConfig->sslrequired)));
+	CONDDEBUG((1, "pConfig->sslenabled = %s",
+		   FLAGSTR(pConfig->sslenabled)));
+#endif
+	CONDDEBUG((1, "pTerm->attach = %s", EMPTYSTR(pTerm->attach)));
+	CONDDEBUG((1, "pTerm->attachsubst = %s",
+		   EMPTYSTR(pTerm->attachsubst)));
+	CONDDEBUG((1, "pTerm->detach = %s", EMPTYSTR(pTerm->detach)));
+	CONDDEBUG((1, "pTerm->detachsubst = %s",
+		   EMPTYSTR(pTerm->detachsubst)));
+    }
+
+    fclose(fp);
+}

console/readconf.h

@@ -0,0 +1,41 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+typedef struct config {
+    STRING *name;
+    char *console;
+    char *username;
+    char *master;
+    char *port;
+    char *escape;
+    FLAG striphigh;
+    FLAG exitdown;
+    unsigned short replay;
+    unsigned short playback;
+#if HAVE_OPENSSL
+    char *sslcredentials;
+    char *sslcacertificatefile;
+    char *sslcacertificatepath;
+    FLAG sslrequired;
+    FLAG sslenabled;
+#endif
+} CONFIG;
+
+typedef struct term {
+    STRING *name;
+    char *attach;
+    char *attachsubst;
+    char *detach;
+    char *detachsubst;
+} TERM;
+
+extern CONFIG *pConfig;
+extern TERM *pTerm;
+extern SUBST *substData;
+
+extern void ReadConf(char *, FLAG);
+extern void DestroyConfig(CONFIG *);
+extern void DestroyTerminal(TERM *);

contrib/README

@@ -1,14 +1,24 @@
 Various contributions by folks....
 
+    chat
+        Author:   Greg Woods <woods@weird.com>
+	Synopsis: A send/expect program...source code from the NetBSD
+		  distribution and modified by Greg Woods to work
+		  a bit better with conserver
+
     solaris-package
 	Author:   Michael Sullivan <mike@trdlnk.com>
 	Synopsis: Creates a solaris package
 
+    redhat-rpm
+	Author:   Paul Heinlein <heinlein@measurecast.com>
+	Synopsis: Files for a Redhat-tuned RPM
+
+    maketestcerts
+	Author:   Bryan Stansell <bryan@conserver.com>
+	Synopsis: Silly script I used to create test SSL certs
+
 I can't verify that these scripts will work for everyone.  Hopefully they
 will be helpful.
 
 Bryan Stansell
-
-#
-#  $Id: README,v 1.1 1999-08-24 14:24:41-07 bryan Exp $
-#

contrib/chat/Makefile.in

@@ -0,0 +1,53 @@
+### Path settings
+datarootdir = @datarootdir@
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sysconfdir = @sysconfdir@
+mandir = @mandir@
+
+### Installation programs and flags
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
+LN_S = @LN_S@
+MKDIR = @MKDIR@
+
+### Compiler and link options
+CC	= @CC@
+CFLAGS	= @CFLAGS@
+DEFS	= @DEFS@
+CPPFLAGS = -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@
+LDFLAGS	= @LDFLAGS@
+LIBS	= @LIBS@
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+CHAT_OBJS = chat.o
+CHAT_HDRS = ../../config.h
+ALL = chat
+
+all: $(ALL)
+
+chat: $(CHAT_OBJS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o chat $(CHAT_OBJS) $(LIBS)
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+
+clean:
+	rm -f *~ *.o $(ALL) core
+
+distclean: clean
+	rm -f Makefile
+
+install: chat
+	$(MKDIR) $(DESTDIR)$(bindir)
+	$(INSTALL_PROGRAM) chat $(DESTDIR)$(bindir)
+	$(MKDIR) $(DESTDIR)$(mandir)/man1
+	$(INSTALL) chat.man $(DESTDIR)$(mandir)/man1/chat.1
+
+.PHONY: clean distclean install

contrib/chat/README

@@ -0,0 +1,8 @@
+Information from Greg Woods <woods@weird.com>:
+
+    This version of "chat" is derived from the NetBSD variant found in
+    /usr/src/usr.sbin/pppd/chat.
+
+    It has had a new '-I' command-line flag added so that it can ignore
+    the fact it's not running on a TTY device (i.e. to allow it to work
+    over a socket).

contrib/chat/chat.man

@@ -0,0 +1,511 @@
+.\" -*- nroff -*-
+.\" manual page [] for chat 1.8
+.\" Id: chat.8,v 1.9 1999/09/06 05:10:23 paulus Exp
+.\" SH section heading
+.\" SS subsection heading
+.\" LP paragraph
+.\" IP indented paragraph
+.\" TP hanging label
+.TH CHAT 8 "22 May 1999" "Chat Version 1.22"
+.SH "NAME"
+chat \- Automated conversational script with a modem
+.SH "SYNOPSIS"
+.B chat
+[
+.I options
+]
+.I script
+.SH "DESCRIPTION"
+.LP
+The \fIchat\fR program defines a conversational exchange between the
+computer and the modem. Its primary purpose is to establish the
+connection between the Point-to-Point Protocol Daemon (\fIpppd\fR) and
+the remote's \fIpppd\fR process.
+.SH "OPTIONS"
+.TP
+.B -f \fI<chat file>
+Read the chat script from the chat \fIfile\fR. The use of this option
+is mutually exclusive with the chat script parameters. The user must
+have read access to the file. Multiple lines are permitted in the
+file. Space or horizontal tab characters should be used to separate
+the strings.
+.TP
+.B -t \fI<timeout>
+Set the timeout for the expected string to be received. If the string
+is not received within the time limit then the reply string is not
+sent. An alternate reply may be sent or the script will fail if there
+is no alternate reply string. A failed script will cause the
+\fIchat\fR program to terminate with a non-zero error code.
+.TP
+.B -r \fI<report file>
+Set the file for output of the report strings. If you use the keyword
+\fIREPORT\fR, the resulting strings are written to this file. If this
+option is not used and you still use \fIREPORT\fR keywords, the
+\fIstderr\fR file is used for the report strings.
+.TP
+.B -e
+Start with the echo option turned on. Echoing may also be turned on
+or off at specific points in the chat script by using the \fIECHO\fR
+keyword. When echoing is enabled, all output from the modem is echoed
+to \fIstderr\fR.
+.TP
+.B -E
+Enables environment variable substituion within chat scripts using the
+standard \fI$xxx\fR syntax.
+.TP
+.B -v
+Request that the \fIchat\fR script be executed in a verbose mode. The
+\fIchat\fR program will then log the execution state of the chat
+script as well as all text received from the modem and the output
+strings sent to the modem.  The default is to log through the SYSLOG;
+the logging method may be altered with the -S and -s flags. SYSLOGs
+are logged to facility LOG_LOCAL2.
+.TP
+.B -V
+Request that the \fIchat\fR script be executed in a stderr verbose
+mode. The \fIchat\fR program will then log all text received from the
+modem and the output strings sent to the modem to the stderr device. This
+device is usually the local console at the station running the chat or
+pppd program.
+.TP
+.B -s
+Use stderr.  All log messages from '-v' and all error messages will be
+sent to stderr.
+.TP
+.B -S
+Do not use the SYSLOG.  By default, error messages are sent to the
+SYSLOG.  The use of -S will prevent both log messages from '-v' and
+error messages from being sent to the SYSLOG (to facility LOG_LOCAL2).
+.TP
+.B -T \fI<phone number>
+Pass in an arbitary string, usually a phone number, that will be
+substituted for the \eT substitution metacharacter in a send string.
+.TP
+.B -U \fI<phone number 2>
+Pass in a second string, usually a phone number, that will be
+substituted for the \eU substitution metacharacter in a send string.
+This is useful when dialing an ISDN terminal adapter that requires two
+numbers.
+.TP
+.B script
+If the script is not specified in a file with the \fI-f\fR option then
+the script is included as parameters to the \fIchat\fR program.
+.SH "CHAT SCRIPT"
+.LP
+The \fIchat\fR script defines the communications.
+.LP
+A script consists of one or more "expect-send" pairs of strings,
+separated by spaces, with an optional "subexpect-subsend" string pair,
+separated by a dash as in the following example:
+.IP
+ogin:-BREAK-ogin: ppp ssword: hello2u2
+.LP
+This line indicates that the \fIchat\fR program should expect the string
+"ogin:". If it fails to receive a login prompt within the time interval
+allotted, it is to send a break sequence to the remote and then expect the
+string "ogin:". If the first "ogin:" is received then the break sequence is
+not generated.
+.LP
+Once it received the login prompt the \fIchat\fR program will send the
+string ppp and then expect the prompt "ssword:". When it receives the
+prompt for the password, it will send the password hello2u2.
+.LP
+A carriage return is normally sent following the reply string. It is not
+expected in the "expect" string unless it is specifically requested by using
+the \er character sequence.
+.LP
+The expect sequence should contain only what is needed to identify the
+string. Since it is normally stored on a disk file, it should not contain
+variable information. It is generally not acceptable to look for time
+strings, network identification strings, or other variable pieces of data as
+an expect string.
+.LP
+To help correct for characters which may be corrupted during the initial
+sequence, look for the string "ogin:" rather than "login:". It is possible
+that the leading "l" character may be received in error and you may never
+find the string even though it was sent by the system. For this reason,
+scripts look for "ogin:" rather than "login:" and "ssword:" rather than
+"password:".
+.LP
+A very simple script might look like this:
+.IP
+ogin: ppp ssword: hello2u2
+.LP
+In other words, expect ....ogin:, send ppp, expect ...ssword:, send hello2u2.
+.LP
+In actual practice, simple scripts are rare. At the vary least, you
+should include sub-expect sequences should the original string not be
+received. For example, consider the following script:
+.IP
+ogin:--ogin: ppp ssword: hello2u2
+.LP
+This would be a better script than the simple one used earlier. This would look
+for the same login: prompt, however, if one was not received, a single
+return sequence is sent and then it will look for login: again. Should line
+noise obscure the first login prompt then sending the empty line will
+usually generate a login prompt again.
+.SH "COMMENTS"
+Comments can be embedded in the chat script. A comment is a line which
+starts with the \fB#\fR (hash) character in column 1. Such comment
+lines are just ignored by the chat program. If a '#' character is to
+be expected as the first character of the expect sequence, you should
+quote the expect string, or give its octal value, `\e043'.
+In a script file if you want to wait for a prompt that starts with a '#'
+character, you would have to write something like this:
+.IP
+# Now wait for the prompt and send logout string
+.br
+\'# ' logout
+.SH "SENDING DATA FROM A FILE"
+If the string to send starts with an at sign (@), the rest of the
+string is taken to be the name of a file to read to get the string to
+send.  If the last character of the data read is a newline, it is
+removed.  The file can be a named pipe (or fifo) instead of a regular
+file.  This provides a way for \fBchat\fR to communicate with another
+program, for example, a program to prompt the user and receive a
+password typed in.
+.SH "ABORT STRINGS"
+Many modems will report the status of the call as a string. These
+strings may be \fBCONNECTED\fR or \fBNO CARRIER\fR or \fBBUSY\fR. It
+is often desirable to terminate the script should the modem fail to
+connect to the remote. The difficulty is that a script would not know
+exactly which modem string it may receive. On one attempt, it may
+receive \fBBUSY\fR while the next time it may receive \fBNO CARRIER\fR.
+.LP
+These "abort" strings may be specified in the script using the \fIABORT\fR
+sequence. It is written in the script as in the following example:
+.IP
+ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATDT5551212 CONNECT
+.LP
+This sequence will expect nothing; and then send the string ATZ. The
+expected response to this is the string \fIOK\fR. When it receives \fIOK\fR,
+the string ATDT5551212 to dial the telephone. The expected string is
+\fICONNECT\fR. If the string \fICONNECT\fR is received the remainder of the
+script is executed. However, should the modem find a busy telephone, it will
+send the string \fIBUSY\fR. This will cause the string to match the abort
+character sequence. The script will then fail because it found a match to
+the abort string. If it received the string \fINO CARRIER\fR, it will abort
+for the same reason. Either string may be received. Either string will
+terminate the \fIchat\fR script.
+.SH "CLR_ABORT STRINGS"
+This sequence allows for clearing previously set \fBABORT\fR strings.
+\fBABORT\fR strings are kept in an array of a pre-determined size (at
+compilation time); \fBCLR_ABORT\fR will reclaim the space for cleared
+entries so that new strings can use that space.
+.SH "SAY STRINGS"
+The \fBSAY\fR directive allows the script to send strings to the user
+at the terminal via standard error.  If \fBchat\fR is being run by
+pppd, and pppd is running as a daemon (detached from its controlling
+terminal), standard error will normally be redirected to the file
+/etc/ppp/connect-errors.
+.LP
+\fBSAY\fR strings must be enclosed in single or double quotes. If
+carriage return and line feed are needed in the string to be output,
+you must explicitly add them to your string.
+.LP
+The SAY strings could be used to give progress messages in sections of
+the script where you want to have 'ECHO OFF' but still let the user
+know what is happening.  An example is:
+.IP
+ABORT BUSY
+.br
+ECHO OFF
+.br
+SAY "Dialling your ISP...\en"
+.br
+\'' ATDT5551212
+.br
+TIMEOUT 120
+.br
+SAY "Waiting up to 2 minutes for connection ... "
+.br
+CONNECT ''
+.br
+SAY "Connected, now logging in ...\n"
+.br
+ogin: account
+.br
+ssword: pass
+.br
+$ \c
+SAY "Logged in OK ...\n"
+\fIetc ...\fR
+.LP
+This sequence will only present the SAY strings to the user and all
+the details of the script will remain hidden. For example, if the
+above script works, the user will see:
+.IP
+Dialling your ISP...
+.br
+Waiting up to 2 minutes for connection ... Connected, now logging in ...
+.br
+Logged in OK ...
+.LP
+.SH "REPORT STRINGS"
+A \fBreport\fR string is similar to the ABORT string. The difference
+is that the strings, and all characters to the next control character
+such as a carriage return, are written to the report file.
+.LP
+The report strings may be used to isolate the transmission rate of the
+modem's connect string and return the value to the chat user. The
+analysis of the report string logic occurs in conjunction with the
+other string processing such as looking for the expect string. The use
+of the same string for a report and abort sequence is probably not
+very useful, however, it is possible.
+.LP
+The report strings to no change the completion code of the program.
+.LP
+These "report" strings may be specified in the script using the \fIREPORT\fR
+sequence. It is written in the script as in the following example:
+.IP
+REPORT CONNECT ABORT BUSY '' ATDT5551212 CONNECT '' ogin: account
+.LP
+This sequence will expect nothing; and then send the string
+ATDT5551212 to dial the telephone. The expected string is
+\fICONNECT\fR. If the string \fICONNECT\fR is received the remainder
+of the script is executed. In addition the program will write to the
+expect-file the string "CONNECT" plus any characters which follow it
+such as the connection rate.
+.SH "CLR_REPORT STRINGS"
+This sequence allows for clearing previously set \fBREPORT\fR strings.
+\fBREPORT\fR strings are kept in an array of a pre-determined size (at
+compilation time); \fBCLR_REPORT\fR will reclaim the space for cleared
+entries so that new strings can use that space.
+.SH "ECHO"
+The echo options controls whether the output from the modem is echoed
+to \fIstderr\fR. This option may be set with the \fI-e\fR option, but
+it can also be controlled by the \fIECHO\fR keyword. The "expect-send"
+pair \fIECHO\fR \fION\fR enables echoing, and \fIECHO\fR \fIOFF\fR
+disables it. With this keyword you can select which parts of the
+conversation should be visible. For instance, with the following
+script:
+.IP
+ABORT   'BUSY'
+.br
+ABORT   'NO CARRIER'
+.br
+''      ATZ
+.br
+OK\er\en  ATD1234567
+.br
+\er\en    \ec
+.br
+ECHO    ON
+.br
+CONNECT \ec
+.br
+ogin:   account
+.LP
+all output resulting from modem configuration and dialing is not visible,
+but starting with the \fICONNECT\fR (or \fIBUSY\fR) message, everything
+will be echoed.
+.SH "HANGUP"
+The HANGUP options control whether a modem hangup should be considered
+as an error or not.  This option is useful in scripts for dialling
+systems which will hang up and call your system back.  The HANGUP
+options can be \fBON\fR or \fBOFF\fR.
+.br
+When HANGUP is set OFF and the modem hangs up (e.g., after the first
+stage of logging in to a callback system), \fBchat\fR will continue
+running the script (e.g., waiting for the incoming call and second
+stage login prompt). As soon as the incoming call is connected, you
+should use the \fBHANGUP ON\fR directive to reinstall normal hang up
+signal behavior.  Here is an (simple) example script:
+.IP
+ABORT   'BUSY'
+.br
+''      ATZ
+.br
+OK\er\en  ATD1234567
+.br
+\er\en    \ec
+.br
+CONNECT \ec
+.br
+\'Callback login:' call_back_ID
+.br
+HANGUP OFF
+.br
+ABORT "Bad Login"
+.br
+\'Callback Password:' Call_back_password
+.br
+TIMEOUT 120
+.br
+CONNECT \ec
+.br
+HANGUP ON
+.br
+ABORT "NO CARRIER"
+.br
+ogin:--BREAK--ogin: real_account
+.br
+\fIetc ...\fR
+.LP
+.SH "TIMEOUT"
+The initial timeout value is 45 seconds. This may be changed using the \fB-t\fR
+parameter.
+.LP
+To change the timeout value for the next expect string, the following
+example may be used:
+.IP
+ATZ OK ATDT5551212 CONNECT TIMEOUT 10 ogin:--ogin: TIMEOUT 5 assword: hello2u2
+.LP
+This will change the timeout to 10 seconds when it expects the login:
+prompt. The timeout is then changed to 5 seconds when it looks for the
+password prompt.
+.LP
+The timeout, once changed, remains in effect until it is changed again.
+.SH "SENDING EOT"
+The special reply string of \fIEOT\fR indicates that the chat program
+should send an EOT character to the remote. This is normally the
+End-of-file character sequence. A return character is not sent
+following the EOT.
+.PR
+The EOT sequence may be embedded into the send string using the
+sequence \fI^D\fR.
+.SH "GENERATING BREAK"
+The special reply string of \fIBREAK\fR will cause a break condition
+to be sent. The break is a special signal on the transmitter. The
+normal processing on the receiver is to change the transmission rate.
+It may be used to cycle through the available transmission rates on
+the remote until you are able to receive a valid login prompt.
+.PR
+The break sequence may be embedded into the send string using the
+\fI\eK\fR sequence.
+.SH "ESCAPE SEQUENCES"
+The expect and reply strings may contain escape sequences. All of the
+sequences are legal in the reply string. Many are legal in the expect.
+Those which are not valid in the expect sequence are so indicated.
+.TP
+.B ''
+Expects or sends a null string. If you send a null string then it will still
+send the return character. This sequence may either be a pair of apostrophe
+or quote characters.
+.TP
+.B \eb
+represents a backspace character.
+.TP
+.B \ec
+Suppresses the newline at the end of the reply string. This is the only
+method to send a string without a trailing return character. It must
+be at the end of the send string. For example,
+the sequence hello\ec will simply send the characters h, e, l, l, o.
+.I (not valid in expect.)
+.TP
+.B \ed
+Delay for one second. The program uses sleep(1) which will delay to a
+maximum of one second.
+.I (not valid in expect.)
+.TP
+.B \eK
+Insert a BREAK
+.I (not valid in expect.)
+.TP
+.B \en
+Send a newline or linefeed character.
+.TP
+.B \eN
+Send a null character. The same sequence may be represented by \e0.
+.I (not valid in expect.)
+.TP
+.B \ep
+Pause for a fraction of a second. The delay is 1/10th of a second.
+.I (not valid in expect.)
+.TP
+.B \eq
+Suppress writing the string to the SYSLOG. The string ?????? is
+written to the log in its place.
+.I (not valid in expect.)
+.TP
+.B \er
+Send or expect a carriage return.
+.TP
+.B \es
+Represents a space character in the string. This may be used when it
+is not desirable to quote the strings which contains spaces. The
+sequence 'HI\ TIM' and HI\esTIM are the same.
+.TP
+.B \et
+Send or expect a tab character.
+.TP
+.B \eT
+Send the phone number string as specified with the \fI-T\fR option
+.I (not valid in expect.)
+.TP
+.B \eU
+Send the phone number 2 string as specified with the \fI-U\fR option
+.I (not valid in expect.)
+.TP
+.B \e\e
+Send or expect a backslash character.
+.TP
+.B \eddd
+Collapse the octal digits (ddd) into a single ASCII character and send that
+character.
+.I (some characters are not valid in expect.)
+.TP
+.B \^^C
+Substitute the sequence with the control character represented by C.
+For example, the character DC1 (17) is shown as \^^Q.
+.I (some characters are not valid in expect.)
+.SH "ENVIRONMENT VARIABLES"
+Environment variables are available within chat scripts, if  the \fI-E\fR
+option was specified in the command line. The metacharacter \fI$\fR is used
+to introduce the name of the environment variable to substitute. If the
+substition fails, because the requested environment variable is not set,
+\fInothing\fR is replaced for the variable.
+.SH "TERMINATION CODES"
+The \fIchat\fR program will terminate with the following completion
+codes.
+.TP
+.B 0
+The normal termination of the program. This indicates that the script
+was executed without error to the normal conclusion.
+.TP
+.B 1
+One or more of the parameters are invalid or an expect string was too
+large for the internal buffers. This indicates that the program as not
+properly executed.
+.TP
+.B 2
+An error occurred during the execution of the program. This may be due
+to a read or write operation failing for some reason or chat receiving
+a signal such as SIGINT.
+.TP
+.B 3
+A timeout event occurred when there was an \fIexpect\fR string without
+having a "-subsend" string. This may mean that you did not program the
+script correctly for the condition or that some unexpected event has
+occurred and the expected string could not be found.
+.TP
+.B 4
+The first string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 5
+The second string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 6
+The third string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 7
+The fourth string marked as an \fIABORT\fR condition occurred.
+.TP
+.B ...
+The other termination codes are also strings marked as an \fIABORT\fR
+condition.
+.LP
+Using the termination code, it is possible to determine which event
+terminated the script. It is possible to decide if the string "BUSY"
+was received from the modem as opposed to "NO DIAL TONE". While the
+first event may be retried, the second will probably have little
+chance of succeeding during a retry.
+.SH "SEE ALSO"
+Additional information about \fIchat\fR scripts may be found with UUCP
+documentation. The \fIchat\fR script was taken from the ideas proposed
+by the scripts used by the \fIuucico\fR program.
+.LP
+uucp(1), uucico(8)
+.SH "COPYRIGHT"
+The \fIchat\fR program is in public domain. This is not the GNU public
+license. If it breaks then you get to keep both pieces.

contrib/maketestcerts

@@ -0,0 +1,55 @@
+#!/bin/sh
+
+#
+# This is a "simple" script that I've used to create test certificates
+# for conserver and it's OpenSSL bits.  It's far from perfect...or useful
+# outside of my own purposes.  If this helps, cool.  In the end I put the
+# rootcert.pem file in my global certs directory (OPENSSL_ROOT/ssl/certs),
+# point the server to server.pem and point the client at client.pem.  I
+# then run the c_rehash command.
+#
+# You can also use the sslcacertificatefile options to point the client/server
+# at rootcert.pem instead of populating the global repository
+#
+
+[ -f rootreq.pem -a -f rootkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -nodes
+US
+California
+Folsom
+conserver.com
+Conserver CA
+conserver.com
+
+
+
+EOD
+[ -f rootcert.pem ] || openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca -signkey rootkey.pem -out rootcert.pem
+[ -f root.pem ] || cat rootcert.pem rootkey.pem > root.pem
+
+[ -f serverreq.pem -a -f serverkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem -nodes
+US
+California
+Folsom
+conserver.com
+conserver
+conserver
+
+
+
+EOD
+[ -f servercert.pem ] || openssl x509 -req -in serverreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out servercert.pem
+[ -f server.pem ] || cat servercert.pem serverkey.pem rootcert.pem > server.pem
+
+[ -f clientreq.pem -a -f clientkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem -nodes
+US
+California
+Folsom
+conserver.com
+console
+console
+
+
+
+EOD
+[ -f clientcert.pem ] || openssl x509 -req -in clientreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem
+[ -f client.pem ] || cat clientcert.pem clientkey.pem rootcert.pem > client.pem

contrib/redhat-rpm/README

@@ -0,0 +1,25 @@
+Bits of some relavent communication from Paul Heinlein:
+
+    Date: Tue, 17 Apr 2001 13:19:46 -0700 (PDT)
+    From: Paul Heinlein <heinlein@measurecast.com>
+    To: Bryan Stansell <bryan@conserver.com>
+    Subject: Red Hat conserver init script for Linux
+
+    Below my sig I've pasted an init script that will start and stop
+    conserver on Red Hat Linux. It's set up to work with the chkconfig
+    runlevel manager that ships with Red Hat.
+
+    ----------------------------------------------
+
+    Date: Tue, 17 Apr 2001 15:58:18 -0700 (PDT)
+    From: Paul Heinlein <heinlein@measurecast.com>
+    To: Bryan Stansell <bryan@conserver.com>
+    Subject: Re: Conserver patch
+
+    If this spec file goes in the root directory of the distribution as
+    conserver.spec, then Red Hat users will be able to build rpms by doing no
+    more than
+
+    % rpm -ta conserver-7.x.x.tar.gz
+
+    I'll be happy to do any tweaking necessary to get this to work.

contrib/redhat-rpm/conserver.defaults

@@ -0,0 +1,5 @@
+# server options
+#OPTIONS="-p 33000 -d"
+# run as different user that root
+#RUNAS=conservr
+

contrib/redhat-rpm/conserver.init

@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# conserver -- serial-port console daemon
+#
+# chkconfig: 2345 92 08
+# description: conserver is a serial-port console daemon
+# config: /etc/conserver.cf
+#
+
+DAEMON=/usr/sbin/conserver
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Source defaults
+. /etc/default/conserver
+
+# Check that networking is up.
+[  ${NETWORKING} = "no" ] && exit 0
+
+# make sure conserver is installed and executable
+[ -x $DAEMON  ] || exit 1
+
+
+start()
+{
+	echo -n "Starting conserver: "
+	daemon --user "${RUNAS-}" $DAEMON ${OPTIONS--d}
+	RETVAL=$?
+	[ "$RETVAL" = 0 ] && touch /var/lock/subsys/conserver
+	echo
+}
+
+stop()
+{
+	echo -n "Shutting down conserver: "
+	killproc conserver
+	RETVAL=$?
+	[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/conserver
+	echo
+}
+  
+# See how we were called.
+case "$1" in
+  start)
+    start
+    ;;
+  stop)
+    stop
+    ;;
+  status)
+    status conserver
+    ;;
+  restart)
+    stop
+    start
+    ;;
+  reload)
+    echo -n "Reloading conserver: "
+    killproc conserver -HUP
+    RETVAL=$?
+    echo
+    ;;
+  *)
+    echo "Usage: conserver {start|stop|restart|reload|status}"
+    RETVAL=1
+esac
+
+exit $RETVAL

contrib/redhat-rpm/conserver.spec

@@ -0,0 +1,173 @@
+#
+# rpm spec file for conserver, but I don't think it'll work on any
+# platform that doesn't have red hat rpm >= 4.0.2 installed.
+#
+
+%define pkg conserver
+%define ver 
+
+# define the name of the machine on which the main conserver
+# daemon will be running if you don't want to use the default
+# hostname (console)
+%define master console
+
+# what red hat (or other distibution) version are you running?
+%define distver 1
+
+# compile arguments. defaults to 0
+# example: rpmbuild -bb conserver.spec --with openssl
+%define with_openssl  %{?_with_openssl:  1} %{?!_with_openssl:  0}
+%define with_libwrap  %{?_with_libwrap:  1} %{?!_with_libwrap:  0}
+%define with_pam      %{?_with_pam:      1} %{?!_with_pam:      0}
+%define with_dmalloc  %{?_with_dmalloc:  1} %{?!_with_dmalloc:  0}
+%define with_freeipmi %{?_with_freeipmi: 1} %{?!_with_freeipmi: 0}
+
+# additionally you can use macros logfile pidfile
+# example: rpmbuild -bb conserver.spec --define "pidfile /var/run/conserver/pid"
+
+Name: %{pkg}
+Version: %{ver}
+Release: %{distver}
+License: BSD
+Summary: Serial console server daemon/client
+Group: System Environment/Daemons
+URL: http://www.conserver.com/
+Source: http://www.conserver.com/%{pkg}-%{ver}.tar.gz
+BuildRoot: %{_tmppath}/%{pkg}-buildroot
+%if %{with_openssl}
+Requires: openssl
+BuildRequires: openssl-devel
+%endif
+%if %{with_pam}
+BuildRequires: pam-devel
+%endif
+%if %{with_libwrap}
+Requires: tcp_wrappers
+%endif
+%if %{with_dmalloc}
+Requires: dmalloc
+BuildRequires: dmalloc
+%endif
+%if %{with_freeipmi}
+Requires: freeipmi
+BuildRequires: freeipmi-devel
+%endif
+Prefix: %{_prefix}
+
+%package server
+Summary: Serial console server daemon
+Group: System Environment/Daemons
+
+%package client
+Summary: Serial console server client
+Group: Applications/Internet
+
+%description
+Conserver is a daemon that allows multiple users to watch a
+serial console at the same time.  It can log the data, allows users to
+take write-access of a console (one at a time), and has a variety of
+bells and whistles to accentuate that basic functionality.
+
+%description server
+conserver-server is a daemon that allows multiple users to watch a
+serial console at the same time.  It can log the data, allows users to
+take write-access of a console (one at a time), and has a variety of
+bells and whistles to accentuate that basic functionality.
+
+%description client
+conserver-client to connect to conserver-server using a tcp port.
+Allows multiple users to watch a serial console at the same time.
+
+%prep
+%{__rm} -rf %{buildroot}
+%setup -q
+
+
+%build
+# we don't want to install the solaris conserver.rc file
+f="conserver/Makefile.in"
+%{__mv} $f $f.orig
+%{__sed} -e 's/^.*conserver\.rc.*$//' < $f.orig > $f
+
+%configure %{?_with_openssl} %{?_with_libwrap} %{?_with_dmalloc} %{?_with_freeipmi} %{?_with_pam} %{?logfile: --with-logfile=%{logfile}} %{?pidfile: --with-pidfile=%{pidfile}} %{?master: --with-master=%{master}}
+
+make
+
+
+%install
+%{makeinstall}
+
+# put commented copies of the sample configure files in the
+# system configuration directory
+%{__mkdir_p} %{buildroot}/%{_sysconfdir}
+%{__sed} -e 's/^/#/' \
+  < conserver.cf/conserver.cf \
+  > %{buildroot}/%{_sysconfdir}/conserver.cf
+%{__sed} -e 's/^/#/' \
+  < conserver.cf/conserver.passwd \
+  > %{buildroot}/%{_sysconfdir}/conserver.passwd
+
+# install copy of init script
+%{__mkdir_p} %{buildroot}/%{_initrddir}
+%{__cp} contrib/redhat-rpm/conserver.init %{buildroot}/%{_initrddir}/conserver
+
+# install copy of init script defaults
+%{__mkdir_p} %{buildroot}/%{_sysconfdir}/default
+%{__cp} contrib/redhat-rpm/conserver.defaults %{buildroot}/%{_sysconfdir}/default/conserver
+
+%clean
+%{__rm} -rf %{buildroot}
+
+
+%post server
+if [ -x %{_initrddir}/conserver ]; then
+  /sbin/chkconfig --add conserver
+fi
+# make sure /etc/services has a conserver entry
+if ! egrep '\<conserver\>' /etc/services > /dev/null 2>&1 ; then
+  echo "console		782/tcp		conserver" >> /etc/services
+fi
+
+
+%preun server
+if [ "$1" = 0 ]; then
+  if [ -x %{_initrddir}/conserver ]; then
+    %{_initrddir}/conserver stop
+    /sbin/chkconfig --del conserver
+  fi
+fi
+
+# we need this even if empty
+#%files
+
+%files server
+%defattr(-,root,root)
+%doc CHANGES FAQ INSTALL README conserver.cf
+%config(noreplace) %{_sysconfdir}/conserver.cf
+%config(noreplace) %{_sysconfdir}/conserver.passwd
+%config(noreplace) %{_sysconfdir}/default/conserver
+%attr(555,root,root) %{_initrddir}/conserver
+%{_libdir}/conserver/convert
+%{_mandir}/man8/conserver.8.gz
+%{_mandir}/man5/conserver.cf.5.gz
+%{_mandir}/man5/conserver.passwd.5.gz
+%{_datadir}/examples/conserver/conserver.cf
+%{_datadir}/examples/conserver/conserver.passwd
+%{_sbindir}/conserver
+
+%files client
+%defattr(-,root,root)
+%doc CHANGES FAQ INSTALL README
+%{_bindir}/console
+%{_mandir}/man1/console.1.gz
+
+%changelog
+* Wed Oct 14 2009 Jodok Ole Muellers <muellejo@aschendorff.de>
+  - Changed the conserver.spec file to create separate subpackages
+    for client and server by using the %package directive.
+* Wed Sep 25 2009 Fabien Wernli
+  - added configure prerequisites
+* Thu Sep 24 2009 Fabien Wernli
+  - added prefix to configure
+  - changed some hardcoded values to proper macros:
+    didn't work on x64 lib -> lib64