ExternalVendorCode/conserver
1
0
Fork 0
mirror of https://github.com/bstansell/conserver.git synced 2025-06-24 17:55:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: ExternalVendorCode:v7.1.0
Branches Tags
ExternalVendorCode:master ExternalVendorCode:cirrus-freebsd-fix
ExternalVendorCode:v8.2.7 ExternalVendorCode:v8.2.6 ExternalVendorCode:v8.2.5 ExternalVendorCode:v8.2.4 ExternalVendorCode:v8.2.3 ExternalVendorCode:v8.2.2 ExternalVendorCode:v8.2.1 ExternalVendorCode:v8.2.0 ExternalVendorCode:v8.1.20 ExternalVendorCode:v8.1.19 ExternalVendorCode:v8.1.18 ExternalVendorCode:v8.1.17 ExternalVendorCode:v8.1.16 ExternalVendorCode:v8.1.15 ExternalVendorCode:v8.1.14 ExternalVendorCode:v8.1.13 ExternalVendorCode:v8.1.12 ExternalVendorCode:v8.1.11 ExternalVendorCode:v8.1.10 ExternalVendorCode:v8.1.9 ExternalVendorCode:v8.1.8 ExternalVendorCode:v8.1.7 ExternalVendorCode:v8.1.6 ExternalVendorCode:v8.1.5 ExternalVendorCode:v8.1.4 ExternalVendorCode:v8.1.3 ExternalVendorCode:v8.1.2 ExternalVendorCode:v8.1.1 ExternalVendorCode:v8.1.0 ExternalVendorCode:v8.0.9 ExternalVendorCode:v8.0.8 ExternalVendorCode:v8.0.7 ExternalVendorCode:v8.0.6 ExternalVendorCode:v8.0.5 ExternalVendorCode:v8.0.4 ExternalVendorCode:v8.0.3 ExternalVendorCode:v8.0.2 ExternalVendorCode:v8.0.1 ExternalVendorCode:v8.0.0 ExternalVendorCode:v7.2.7 ExternalVendorCode:v7.2.6 ExternalVendorCode:v7.2.5 ExternalVendorCode:v7.2.4 ExternalVendorCode:v7.2.3 ExternalVendorCode:v7.2.2 ExternalVendorCode:v7.2.1 ExternalVendorCode:v7.2.0 ExternalVendorCode:v7.1.4 ExternalVendorCode:v7.1.3 ExternalVendorCode:v7.1.2 ExternalVendorCode:v7.1.1 ExternalVendorCode:v7.1.0 ExternalVendorCode:v7.0.3 ExternalVendorCode:v7.0.2 ExternalVendorCode:v7.0.1 ExternalVendorCode:v7.0.0 ExternalVendorCode:v6.1.7 ExternalVendorCode:vGNAC-6.16 ExternalVendorCode:vGNAC-6.15 ExternalVendorCode:vGNAC-6.14 ExternalVendorCode:vGNAC-6.13 ExternalVendorCode:vGNAC-6.12 ExternalVendorCode:vGNAC-6.11 ExternalVendorCode:vGNAC-6.10 ExternalVendorCode:vGNAC-6.09 ExternalVendorCode:vGNAC-6.08 ExternalVendorCode:vGNAC-6.07 ExternalVendorCode:vGNAC-6.06 ExternalVendorCode:vGNAC-6.05
...
compare: ExternalVendorCode:v8.0.0
Branches Tags
ExternalVendorCode:master ExternalVendorCode:cirrus-freebsd-fix
ExternalVendorCode:v8.2.7 ExternalVendorCode:v8.2.6 ExternalVendorCode:v8.2.5 ExternalVendorCode:v8.2.4 ExternalVendorCode:v8.2.3 ExternalVendorCode:v8.2.2 ExternalVendorCode:v8.2.1 ExternalVendorCode:v8.2.0 ExternalVendorCode:v8.1.20 ExternalVendorCode:v8.1.19 ExternalVendorCode:v8.1.18 ExternalVendorCode:v8.1.17 ExternalVendorCode:v8.1.16 ExternalVendorCode:v8.1.15 ExternalVendorCode:v8.1.14 ExternalVendorCode:v8.1.13 ExternalVendorCode:v8.1.12 ExternalVendorCode:v8.1.11 ExternalVendorCode:v8.1.10 ExternalVendorCode:v8.1.9 ExternalVendorCode:v8.1.8 ExternalVendorCode:v8.1.7 ExternalVendorCode:v8.1.6 ExternalVendorCode:v8.1.5 ExternalVendorCode:v8.1.4 ExternalVendorCode:v8.1.3 ExternalVendorCode:v8.1.2 ExternalVendorCode:v8.1.1 ExternalVendorCode:v8.1.0 ExternalVendorCode:v8.0.9 ExternalVendorCode:v8.0.8 ExternalVendorCode:v8.0.7 ExternalVendorCode:v8.0.6 ExternalVendorCode:v8.0.5 ExternalVendorCode:v8.0.4 ExternalVendorCode:v8.0.3 ExternalVendorCode:v8.0.2 ExternalVendorCode:v8.0.1 ExternalVendorCode:v8.0.0 ExternalVendorCode:v7.2.7 ExternalVendorCode:v7.2.6 ExternalVendorCode:v7.2.5 ExternalVendorCode:v7.2.4 ExternalVendorCode:v7.2.3 ExternalVendorCode:v7.2.2 ExternalVendorCode:v7.2.1 ExternalVendorCode:v7.2.0 ExternalVendorCode:v7.1.4 ExternalVendorCode:v7.1.3 ExternalVendorCode:v7.1.2 ExternalVendorCode:v7.1.1 ExternalVendorCode:v7.1.0 ExternalVendorCode:v7.0.3 ExternalVendorCode:v7.0.2 ExternalVendorCode:v7.0.1 ExternalVendorCode:v7.0.0 ExternalVendorCode:v6.1.7 ExternalVendorCode:vGNAC-6.16 ExternalVendorCode:vGNAC-6.15 ExternalVendorCode:vGNAC-6.14 ExternalVendorCode:vGNAC-6.13 ExternalVendorCode:vGNAC-6.12 ExternalVendorCode:vGNAC-6.11 ExternalVendorCode:vGNAC-6.10 ExternalVendorCode:vGNAC-6.09 ExternalVendorCode:vGNAC-6.08 ExternalVendorCode:vGNAC-6.07 ExternalVendorCode:vGNAC-6.06 ExternalVendorCode:vGNAC-6.05

13 Commits
v7.1.0 ... v8.0.0

Author SHA1 Message Date
Bryan Stansell
4f71385126 Imported from conserver-8.0.0.tar.gz 2003-09-22 13:49:53 -07:00
Bryan Stansell
626270495d Imported from conserver-7.2.7.tar.gz 2003-04-09 08:30:48 -07:00
Bryan Stansell
d8dfd2cb9a Imported from conserver-7.2.6.tar.gz 2003-03-10 18:08:07 -08:00
Bryan Stansell
19eedadfe0 Imported from conserver-7.2.5.tar.gz 2003-01-27 17:48:36 -08:00
Bryan Stansell
48556ace3a Imported from conserver-7.2.4.tar.gz 2002-10-14 14:03:35 -07:00
Bryan Stansell
a55f7d1974 Imported from conserver-7.2.3.tar.gz 2002-09-23 14:31:15 -07:00
Bryan Stansell
38ab668078 Imported from conserver-7.2.2.tar.gz 2002-06-05 15:06:43 -07:00
Bryan Stansell
9617199b8c Imported from conserver-7.2.1.tar.gz 2002-03-25 18:03:03 -08:00
Bryan Stansell
6a9573fea0 Imported from conserver-7.2.0.tar.gz 2002-03-12 01:12:20 -08:00
Bryan Stansell
f56f90b76c Imported from conserver-7.1.4.tar.gz 2002-01-21 02:58:05 -08:00
Bryan Stansell
d113cab186 Imported from conserver-7.1.3.tar.gz 2001-10-16 21:33:13 -07:00
Bryan Stansell
d8b3cd4fb9 Imported from conserver-7.1.2.tar.gz 2001-10-15 22:49:17 -07:00
Bryan Stansell
03aa79c53d Imported from conserver-7.1.1.tar.gz 2001-08-04 21:11:57 -07:00
77 changed files with 25737 additions and 7819 deletions
Expand all files Collapse all files

315
CHANGES
View File

@ -1,6 +1,317 @@
CHANGES
=======
version 8.0.0 (Sep 22, 2003):
- better error messages and management of the user's password
- 8.0.0-beta4 mistakenly lost conserver.passwd usage
- empty passwords now don't trigger a passwd prompt (like 7.2.7)
- upgraded to autoconf-2.57 and use recent config.guess/sub
files - suggested by Jorgen Hagg <jorgen.hagg@axis.com>
- we now install the conserver.rc file as well as sample
conserver.cf and conserver.passwd files in
$(prefix)/share/examples/conserver - suggested by
Hubert Feyrer <hubertf@netbsd.org>
version 8.0.0-beta4 (Aug 24, 2003):
- totally rewrote the client/server communication, allowing SSL
connections to occur first, protecting *all* information
- added 'admin' keyword to the 'access' portion of the config
file for specifying users able to issue the 'quit' command
- removed client -G option since it's not really useful any more
- added client -t option for sending "text messages" to users,
which is similar to broadcast messages, but you can specify
the user and/or console - suggested by Trevor Fiatal
<trevor@seven.com>
- added client -d option for disconnecting users specified by
username and/or console - suggested by Trevor Fiatal
<trevor@seven.com>
- removed --with-64bit configure option as 64bit operation is
reported to work just fine
- break strings with '\d' are interpreted as a delay, which can
be specified in the config file (default 250ms)
- removed 'reset -x' portion of default break sequence #3
- remote conserver hostnames now properly match - had to be a
character string match previously
- hostname aliases now checked against access lists and the
matched name is used for logging
- added --with-trustrevdns to enable the use of reverse DNS
information for access list checks [not recommended] - see the
INSTALL file for full details on who should actually need this
Many thanks to Chuck Rouzer <crouzer@yahoo.com> for all the
help with FreeBSD support and the following issues...
- fixed 'make test' problem on hosts where 'localhost' doesn't
resolve to 127.0.0.1
- fixed interface probe problem under *BSD
- added openpty() interface for pty allocation
version 8.0.0-beta3 (Aug 8, 2003):
- master process no longer forks on client requests - handles
them with select() like child process
- alarm()/SIGALRM usage removed and replaced with counters and
timer on select() call
- removed caching of timeouts to terminal servers - each
socket connection now has a proper timeout (and can happen
simultaniously)
- partial write()s are properly buffered and retried
- made all sockets (including SSL) non-buffered
- client now supports piping data to it and properly printing
all server data ("echo '^Ecr^Ec.' | console universe")
version 8.0.0-beta2 (Jul 17, 2003):
- console aliases added with 'aliases' console keyword
- two stop bit support for serial devices - requested by Kelly
Setzer <setzer@placemark.com>
- added support for inet_aton() over inet_addr()
- all server interfaces now used to identify console management
- server interfaces probed with SIOCGIFCONF ioctl, if available
- added flow control options 'ixon', 'ixany', 'ixoff', and
'crtscts'
- added info to console client -i output
- man pages updated, however the wording needs work
version 8.0.0-beta1 (Jul 4, 2003):
- ***NOTICE*** the format of conserver.cf and conserver.passwd
has completely changed. see the INSTALL file for
upgrade instructions (it should be "fairly painless").
some documentation has been updated to reflect the new world,
some hasn't - my goal for beta2 is to have all the docs updated
- many command-line options now also conserver.cf options options
- POSIX termios interface now required for compilation - some
POSIX requirements were already in the code and others will
undoubtedly creep in as time goes by
- configure --with-regex option removed because of conserver.cf
and conserver.passwd changes
- added -S option to server for syntax checking of the
configuration file - suggested by Dave Stuit <djs@tellme.com>
- authorized users now either have r/w or r/o access to consoles
- getpassword.o replaces getpass() and getpassphrase() so we can
get any string length
- fixed rm commands in test script - patch by Petter Reinholdtsen
<pere@hungry.com>
version 7.2.7 (Apr 9, 2003):
- added test suite ('make test') for basic client/server
communication tests
- changed configure script to provide better checking of options,
hp-ux specifics, and functions
- console names are no longer case-sensitive
- fixed case-sensitive DNS name comparisons - reported by
Peter Chubb <peter@chubb.wattle.id.au> via Jorgen Hagg
<jorgen.hagg@axis.com>
- added dmalloc and openssl version numbers to -V output
- reordered includes for openssl-0.9.7a compatibility
- conserver.rc looks at pidfile to find the master pid - suggested
by Petter Reinholdtsen <petter.reinholdtsen@usit.uio.no>
- misplaced code regarding --with-regex - patch by Andreas Wrede
<andreas@planix.com>
- added password support for HP-UX trusted systems - immense
help by Greg Brown <gregb_ka6max@hotmail.com>
- potential SIGUSR1 bug where cached terminal server availability
wasn't being cleared correctly - reported by Dave Stuit
<djs@tellme.com>
- server is now more forgiving about errors instead of just
giving up and shutting everything down
- consoles that have trouble coming up (and are forced down)
now log when they come back up - suggested by Dave Stuit
<djs@tellme.com>
version 7.2.6 (Mar 10, 2003):
- the -b conserver option was mostly broken (since 7.2.0)
- changed logging format so that all messages are of a similar
form
- fixed bad port number in 'cached previous timeout' message -
reported by Dave Stuit <djs@tellme.com>
- now using pid_t type for better compatibility
- fixed the RPM and Solaris package to include the man
page for conserver.passwd - suggested by R P Herrold
<herrold@owlriver.com>
- added restart option (-HUP) to conserver startup scripts
- added -B option to client for sending messages to a single
server - suggested by Dave Stuit <djs@tellme.com>
- added --with-dmalloc for memory usage debugging
- bug with multiple interfaces and -M option not maching hostname
in configuration file - patch by Igor Sviridov <sia@nest.org>
- memory leak using openssl library plugged
- automatic reinitialization of failed consoles now retries
every minute like the manpage says it does - reported by Chris
Fowler <cfowler@outpostsentinel.com>
- when -R option is used, substring matches on console names
from clients only match local console names (and if that
fails just remote console names) but ambiguous name list
returns both local and remote consoles - suggested by Todd
Stansell <todd@stansell.org>
version 7.2.5 (Jan 27, 2003):
- fixed many documentation bugs - reported by Dave Stuit
<djs@tellme.com>
- added -I option to client which operates like -i, but on the
primary conserver only - suggested by Dave Stuit
<djs@tellme.com>
- added SIGUSR2, which does not reread the configuration file,
but does everything else SIGHUP does - suggested at LISA 2002
- fixed bug where LOGDIR setting gets used even if no logfile
is wanted
- added -R option to server to prevent client redirection to
other conserver hosts - suggested by Todd Stansell
<todd@stansell.org>
version 7.2.4 (Oct 14, 2002):
- added --with-openssl for some client/server encryption
- added -E option to client and server to allow for non-encrypted
connections (encryption is the default if compiled in)
- added -c option so credentials (certificate and key) can be
exchanged between client and server
- expanded -V output to show what optional bits actually got
compiled into the code (libwrap, regex, etc)
- compilation errors on non-shadow file systems without using
--with-pam - reported by Jesper Frank Nemholt <jfn@dassic.com>
- client now prefers $LOGNAME, then $USER, then the current uid
for its -l default - suggested by Dave Stuit <djs@tellme.com>
- putting back socklen_t usage - it's the right thing to do,
so tell me where it breaks things
- configure options --with-cffile and --with-pwdfile now
recognize fully-qualified pathnames - suggested by Kjell
Andresen <kjell.andresen@usit.uio.no>
version 7.2.3 (Sep 23, 2002):
- checking for duplicate console names got lost in the major
7.2.0 rewrite of that code. it's back now, with a couple of
other edge-case fixes i noticed while scanning the code -
reported by Dave Stuit <djs@tellme.com>
- added --with-pam and PAM authentication support - suggested
by Stu May <jsmay@wasteofbits.com>
- added -F server option to prevent automatic reinitialization
of failed consoles ('|' syntax consoles which exit with a
zero status are still reinitialized) - requested by William P
LePera <lepera@us.ibm.com> and Malcolm Gibbs
<Malcolm.Gibbs005@msd.govt.nz>
- successful automatic reinitialization of consoles now attaches
a client that wants read-write mode
- added read-only client wish to become read-write in -i output
- moved to autoconf-2.54 and fixed some small configure.in bugs
Many thanks to John R. Jackson <jrj@purdue.edu> for the following
fixes, cleanups, and enhancements...
- "lost timestamps" bug (SIGALRM/sleep()/usleep()/tcp_wrapper
interaction)
- compiler warnings, bad fileOpenFD tests, and ability to use
a colon after an equal in the config file (LOGDIR=C:\Logs)
- autologin fix for Solaris BSM support
version 7.2.2 (Jun 05, 2002):
- added 'n' as token for no-parity - patch by Greg A. Woods
<woods@weird.com>
- extra timestamps occur when consoles come back up after being
down longer than their timestamp period - reported by Dave
Stuit <djs@gnac.com>
- AIX 5.1 pseudo-terminal support broken - patch by William P
LePera <lepera@us.ibm.com>
- PID file overwritten and not unlinked on exit - reported by
William P LePera <lepera@us.ibm.com>
- signals cleaned up in master, child, and sub-proc sections
- SIGPIPE now ignored - reported by Greg A. Woods
<woods@weird.com>
version 7.2.1 (Mar 25, 2002):
- bug regarding timestamp/break reading - patch by Benn Oshrin
<benno@columbia.edu>
- console names in conserver.passwd can be regular expressions
if enabled using --with-regex - based on code from Vladislav
Patenko <vp@goldentele.com>
- breaks recorded to console logs if 'b' option used in
timestamp-spec - suggested by Dave Stuit <djs@gnac.com>
version 7.2.0 (Mar 12, 2002):
- check for valid baud rates (invalid resulted in '0') -
reported by Andrew Gallatin <gallatin@cs.duke.edu>
- a broadcast messages to others on your console can now be
sent via ^Ecb
version 7.2.0-beta3 (Feb 25, 2002):
- allow for 57600 and 115200 baud rates - patch by Andreas
Wrede <andreas@planix.com>
- TCP traffic now escaped according to Telnet protocol
- the highly desired dynamic reconfiguration of conserver is
here! the HUP signal now triggers a read of the
configuration file and adjustment of consoles
- configure flags shown in -V output
version 7.2.0-beta2 (Feb 14, 2002):
- new -W client option for showing who's attached to a single
conserver master - suggested by Dave Stuit <djs@gnac.com>
- maxfiles() clashes with HP-UX 11 'maxfiles' variable - patch
by Adam Morris <AMorris@providence.org>
- removed use of socklen_t type for better compatibility
- removed TELCMD/TELOPT use for compatibility
version 7.2.0-beta1 (Jan 29, 2002):
- static structures and strings are now dynamic in server
- MAXGRP (--with-maxgrp) has been removed as it's now dynamic
- new -m server option for setting the maximum consoles per
process - the default is still set with --with-maxmemb
- new -i client option (and ^Eci) that displays console
information in a machine-parseable format
- two debug levels (second level by using two -D options)
- ANSI prototypes and definitions (when available)
version 7.1.4 (Jan 21, 2002):
- console -[PqQ] didn't work - patch by Han Pilmeyer
<han@zk3.dec.com>
- maxfiles() didn't check FD_SETSIZE - patch by Justin Grudzien
<grudzien@31337.com>
- New -o and -O server flags for automatically reconnecting
downed consoles - patch by Benn Oshrin <benno@columbia.edu>
- Automatic reconnection of consoles on read failures, retried
every minute
- Up to nine break sequences can be defined in the
configuration file and assigned to consoles individually,
accessed via new ^ecl[?0-9] escape sequences
- console logs are marked with "up" and "down" timestamps
The following based on code by John R. Jackson <jrj@cc.purdue.edu>
- sequential timestamps merged into one range during playback
- timestamps done on "nice" boundaries (hour, minute, etc.)
- lots of code cleanup, optimizations, etc.
version 7.1.3 (Oct 16, 2001):
- NetBSD 1.5 termios bug/compatibility - patch by Andreas Wrede
<aew.conserver@planix.com>
- Missing quotes broke ^ecl1 code - reported by William Charles
<william.charles@db.com>
- Alternate break code didn't exist for local ports
version 7.1.2 (Oct 15, 2001):
- fixed line-based timestamp code - reported by Benn Oshrin
<benno@columbia.edu>
- tcp_wrappers support (--with-libwrap)
- CLOCAL bit set for local ports - patch by Egan Ford
<egan@us.ibm.com>
- timestamp added to 'lost carrier' error - suggested by Todd
Stansell <todd@stansell.org>
- Alternate break sequence for Solaris 8 is available as ^ecl2
escape sequence - patch by William Charles
<william.charles@db.com>
The following suggested by Trevor Fiatal <trevor@seven.com>
- Widened username field of 'console -w' output
- Added server hostname to password entry prompt
- AC_CHECK_LIB replaced with AC_SEARCH_LIBS in configure.in so
that irrelevant (and sometimes incompatible) libraries aren't
linked in
version 7.1.1 (Aug 4, 2001):
- Now using getlogin() for real username info - suggested by
Dave Stuit <djs@gnac.com>
- gethostbyname() failure for a console now doesn't cause a
shutdown - reported by Todd Stansell <todd@stansell.org>
- Shutdown via client -q/-Q fixed (broken in 7.1.0 because of
master process fork() code)
- Password file parsing fixed to allow for empty passwords -
allowing users to access conserver without a password prompt
- Both the password and configuration files no longer have
line length limitations, they now support comments (`#' lines),
and lines with leading whitespace are continuations of
previous lines
- Client hostname/ip sometimes not printed - reported by Todd
Stansell <todd@stansell.org>
version 7.1.0 (Jul 26, 2001):
- Hostname in access list that began with a digit was treated as
an IP address - only strings using [0-9./] are considered CIDR
@ -40,7 +351,7 @@ version 7.1.0 (Jul 26, 2001):
- Improved process handling (POSIX waitpid() now necessary)
- Significant rework of STREAMS-based pseudo-tty code
- TCP connections ('!' config syntax) now have some Telnet protocol
knowledge, removing the "noise" seen when conneting to a terminal
knowledge, removing the "noise" seen when connecting to a terminal
server - reported by Todd Stansell <todd@stansell.org>
- Various code and message "pretty-printing" done
- Client and server both run in Windows (tested with Windows
@ -206,5 +517,5 @@ before version 6.05:
and enhancements of various types were applied.
#
# $Id: CHANGES,v 1.41 2001-07-26 16:42:26-07 bryan Exp $
# $Id: CHANGES,v 1.103 2003-09-22 10:42:00-07 bryan Exp $
#

127
FAQ
View File

@ -1,4 +1,4 @@
Conserver FAQ
=============
@ -14,6 +14,11 @@ directed to faq@conserver.com. The FAQ answers the following questions:
6) What does "console: gethostbyname: console: host lookup error"
mean (or something close to that)?
7) How do I set up a serial port for no parity?
8) Is "Conserver" a Trademark or Registered Trademark?
9) When I connect to a console, it says it is down. Why?
10) Is there a technical reason why --with-maxmemb's default is 16?
I've changed mine to 96.
99) OK, things just don't seem to work. Help?!?
1) What is conserver?
@ -60,24 +65,126 @@ directed to faq@conserver.com. The FAQ answers the following questions:
When conserver was compiled, it was told to use the /etc/services
entry of "conserver" (what came after getservbyname:). You'll need
to either recompile conserver and hard-code a port number (using
PORT instead of SERVICE in conserver/cons.h) or enter "conserver"
in /etc/services.
--with-port=<num>) or enter "conserver" in /etc/services.
6) What does "console: gethostbyname: console: host lookup error"
mean (or something close to that)?
When the console command was compiled, it was told to use the
hostname "console" (what came after gethostbyname:) as the master
conserver host. You'll need to either recompile console with the
appropriate name of your conserver host or add an alias of "console".
In most cases, adding an alias is my suggestion.
conserver host. You'll need to either reconfigure with the
appropriate name of your conserver host (--with-master=<name>) or
add an alias of "console". In most cases, adding an alias is my
suggestion.
7) How do I set up a local serial port for no parity?
The conserver.cf man page will have this in the 6.17 release,
but the answer is to use a 'p' after the baud rate. So, '9600p'
is 9600 baud, no parity.
The manpage has the answer to this question. For those that don't
want to read it, here are some guidelines. For pre-7.2.2, you'd
want to use a 'p' after the baud rate ("9600p", for example). For
7.2.2 thru 7.2.7, you can use an 'n'. For 8.0.0 and beyond, you use
'parity none;'.
8) Is "Conserver" a trademark or registered trademark?
The best answer I can give is "not as far as I know". A couple of
quick searches through the source code doesn't find any claim of a
trademark. I've never done a registered trademark search, but if
it had been registered (by a previous author), I'm sure it would be
mentioned. But I'm no lawyer and don't deal with these types of
things, so I'm not exactly sure what I'm taking about and my answer
becomes a very vague "not as far as I know".
9) When I connect to a console, it says it is down. Why?
There are multiple reasons why this might happen. First, see if it's
just a remnant of some other temporary problem. Try and bring the
console up by doing a '^Eco' from the client. If that doesn't work,
there's a more serious problem which, hopefully, the conserver logfile
will explain. Check the log for any permission problems, connection
refused messages, etc. You might get more useful information in
the log by using the -v option or even by enabling debugging with
-D (ideally that shouldn't be necessary). Depending on the type of
console, your system might be out of pseudo-terminals, another process
might have a terminal server port occupied (another console server or
telnet session), or there was an unseen typo in a path or hostname.
The logfile should show hints of things like this and other issues.
10) Is there a technical reason why --with-maxmemb's default is 16?
I've changed mine to 96.
The following is an array of things you need to think about when
adjusting --with-maxmemb. It's a bit long, but it's an important
question.
The big reason (and the main reason for conserver spawning multiple
processes) is the maximum number of open files a process can have.
Each console can have a few file descriptors associated with it
(device, logfile, connected users, and listening socket). So, each
process will have about ( 2 * consoles + users + 1 ) open files
(--with-maxmemb sets the maximum number of consoles per process
in the equation). Although most current operating systems allow a
large number of open files per process, the general assumption is
it's still pretty low.
You also have the speed of your conserver host vs the rates at which
data could be streaming to it. Go back a decade and this was probably
more of an issue than today, but it's still something to think about.
And then you have the problem of delays. If any of the 96 console
connections "lock up", it'll delay all activity on the 96 consoles.
With 16, there's less of an impact. This can be an issue once the
server is up or during startup. Also, with 16 consoles per process,
you get a bit more parallelization during startup.
So, is there any reason not to up the number to 96? No. Assuming you
know the risks and weigh things appropriately. If I remember right,
I've upped the number to 48 at some sites. But that was mainly to
reduce the memory footprint in older versions of the code which had
statically allocated buffers. No need to worry about that with the
current code. Personally, I wouldn't change from 16 unless there
was a really good reason (like wanting to only have one child process
for firewall rules or some such reason).
99) OK, things just don't seem to work. Help?!?
Yes, this is a pretty vague question, but here are a few tips that
might help.
- Is your low-level serial connection correct? Incorrect cables,
adapters, wiring, etc. could be the issue. Using a signal tracer
or attaching other equipment that's known to work (like a laptop)
might be enlightening. Check out
http://www.conserver.com/consoles/msock.html for basic serial
information (or http://www.conserver.com/consoles/ for even more
info).
- Can you talk to the serial port with different software? Try
using tip or minicom or another application to make sure you can
interact with the port. If you're not seeing the right info
here, there may be a baud rate issue, a lack of a getty (or
equivalent) running on the host or...*shrug*. But, if you've
determined that you already have a valid low-level signal
connection, you shouldn't have to worry about that level of
problem.
- So, you're getting the proper interaction from other
applications, but not conserver? Are the port name and baud rate
correct in the conserver.cf file? When you start conserver
(adding -v doesn't hurt), are there any warnings/errors? Is the
port in the "up" state when you use "console -u"? If not, what
happens when you connect and then do a "^eco" escape sequence to
bring it up? What does the conserver process say when you do
this? These are the types of things I look at first. If that
doesn't help you determine the problem, others will want to see
this info (and possibly the same steps with both the client and
server using the -D option) to be able to help. Posting your
questions to the users mailing list is probably your next step.
- Have you tried a search on the conserver site (it searches
mailing list traffic as well) to see if someone else has gone
through the same problem?
#
# $Id: FAQ,v 1.3 2001-04-04 16:58:49-07 bryan Exp $
# $Id: FAQ,v 1.9 2003-08-23 12:27:10-07 bryan Exp $
#

221
INSTALL
View File

@ -1,5 +1,5 @@
INSTALL
=======
INSTALL
=======
Upgrading?
@ -10,20 +10,90 @@ Upgrading?
new features added to the client if you're considering *not*
upgrading.
Version 8.0.0
- The client/server protocol has been rearchitected. You *MUST*
use an 8.0.0 client with an 8.0.0 server. No combination of
client/server will work with pre-8.0.0 code.
- Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires
you to change your conserver.cf and conserver.passwd files
because both of the file formats have changed.
The conserver.cf file changes are so major that there is a
convert program available in the conserver subdirectory. Just
run './conserver/convert <old-cf-file>' and it will attempt a
conversion to the new format, sending it to stdout. Any errors
will be printed to stderr. There are a couple of things
you might need to adjust. First are the user access lists.
If you are restricting users to certain consoles in your old
conserver.passwd file, you'll need to move those restrictions
into the new conserver.cf file. Restrictions are set with the
'ro' and 'rw' tags in the configuration file. Second are the
'access' blocks. What get produced by the convert program
will be functionally equivalent to the old behavior, but you
may be able to tune things to better suit your environment.
The conserver.passwd file's console restrictions have moved,
as described above. So to convert the conserver.passwd file,
all you really need to do is something like:
awk -F: '{print $1 ":" $2}' <old-passwd-file>
If you have comments or continuation lines in your file,
you'll have to do a bit more cleanup to strip out the third
field (which is what the awk command is intending to do).
- Conserver no longer trusts reverse DNS information by default.
If you use the --with-trustrevdns configure flag, you can
re-enable the use of gethostbyaddr() [I don't recommended it,
however]. If you are using domain names in access lists,
you'll either need to change those to use hostnames and/or ip
addresses/ranges or use the --with-trustrevdns flag. For
example, if you have (in the
8.0.0 format):
allowed conserver.com; # allow *.conserver.com
then you'll need to worry about this change. If you only use
full hostnames, you shouldn't have to do anything.
Version 7.2.4
- If SSL support is compiled into the code, older versions of
the client and server are, by default, incompatible because
encrypted connections are a requirement. Use of the -E flag in
the client and/or server can work around this (but I discourage
this - please upgrade the clients and servers instead).
Version 7.2.0
- The code related to broadcast messages in the client (-b) has
changed. If you want the username to come across properly in
the broadcast message, you'll need to make sure you upgrade
to the 7.2.0 client.
Version 7.1.1
- Both conserver.passwd and conserver.cf file parsing behaves
the same now. Both use leading whitespace as a continuation
line indicator - if you have leading whitespace on a line
(aside from comments) you probably should remove it.
Version 7.1.0
- The client/server protocol has changed. You *MUST* use a
7.1.0 client with a 7.1.0 and above server. A 7.1.0 client
is *not* backward compatible with a pre-7.1.0 server.
- The client/server protocol has changed. You *MUST* use a
7.1.0 client with a 7.1.0 and above server. A 7.1.0 client
is *not* backward compatible with a pre-7.1.0 server.
- Some of the flags in the client (-d, -D, and -r) and server
(-n) have been given new identities to make the client and
server flags more uniform.
- Some of the flags in the client (-d, -D, and -r) and server
(-n) have been given new identities to make the client and
server flags more uniform.
- The conserver.passwd file now uses the first username match
to determine access rights - if you have multiple instances
of a username in an existing password file, they must be
combined into one to continue to work.
- The conserver.passwd file now uses the first username match
to determine access rights - if you have multiple instances
of a username in an existing password file, they must be
combined into one to continue to work.
Quickie Instructions
@ -32,6 +102,10 @@ Quickie Instructions
- Run './configure'
- Run 'make'
- Run 'make test'
- If all is well, run 'make install'
- Now set up config files, etc. (see below)
@ -44,26 +118,39 @@ Detailed Instructions
the defaults shown, you're set. If not, here are the conserver
unique options:
--with-port=PORT Specify port number [conserver]
--with-base=PORT Base port for secondary channel [0]
--with-master=MASTER Specify master server hostname [console]
--with-cffile=CFFILE Specify config filename [conserver.cf]
--with-pwdfile=PWDFILE Specify password filename [conserver.passwd]
--with-logfile=LOGFILE Specify log filename [/var/log/conserver]
--with-pidfile=PIDFILE Specify PID filepath [/var/run/conserver.pid]
--with-maxmemb=MAXMEMB Specify maximum consoles per process [16]
--with-maxgrp=MAXGRP Specify maximum number of processes [32]
--with-timeout=TIMEOUT Specify connect() timeout in seconds [10]
--with-port=PORT Specify port number [conserver]
--with-base=PORT Base port for secondary channel [0]
--with-master=MASTER Specify master server hostname [console]
--with-cffile=CFFILE Specify config filename
[SYSCONFDIR/conserver.cf]
--with-pwdfile=PWDFILE Specify password filename
[SYSCONFDIR/conserver.passwd]
--with-logfile=LOGFILE Specify log filename [/var/log/conserver]
--with-pidfile=PIDFILE Specify PID filepath [/var/run/conserver.pid]
--with-maxmemb=MAXMEMB Specify maximum consoles per process [16]
--with-timeout=TIMEOUT Specify connect() timeout in seconds [10]
--with-trustrevdns Trust reverse DNS information
--with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support
--with-openssl[=PATH] Compile in OpenSSL support
--with-dmalloc[=PATH] Compile in dmalloc support
--with-pam Enable PAM support
Not surprisingly, some match the old conserver/cons.h items...here
they are for reference:
PORT or SERVICE - Socket used to communicate
HOST - Hostname of console server
CONFIG - Config file path
PASSWD_FILE - Password file path
MAXMEMB - Number of consoles per child process
MAXGRP - Number of child processes
PORT or SERVICE - Socket used to communicate
HOST - Hostname of console server
CONFIG - Config file path
PASSWD_FILE - Password file path
MAXMEMB - Number of consoles per child process
A couple of notes. First, --with-libwrap will add tcp_wrappers
lookups to all socket connections in the server. --with-openssl
will add encryption between the client and server when you connect
to a console. things such as 'console -q', 'console -w', etc. are
still unencrypted, as well as connections from conserver to any
terminal servers. --with-dmalloc should only be used to do memory
allocation debugging and not used in production.
- Run './configure'. This will detect system specific
information. The --prefix option will redirect where things are
@ -72,6 +159,11 @@ Detailed Instructions
- Now run 'make'. Hopefully things will compile.
- To test your binaries, run 'make test'. If there are problems, it
should mean something is wrong, but check the output differences
to make sure it wasn't a temporary failure. I tried to make the
tests generic, but I may have missed something.
- Once things build, you can run 'make install'.
- If you'd like to build the autologin application, you'll need to
@ -82,35 +174,70 @@ Detailed Instructions
configuration files and such.
+ Does your conserver master hostname exist? This is the
hostname specified with the --with-master option. By default
the hostname is "console", so make sure it's in DNS, hosts
files, or whatever.
hostname specified with the --with-master option. By default
the hostname is "console", so make sure it's in DNS, hosts
files, or whatever.
+ If you used a symbolic name for the --with-port option (by
default it uses "conserver", so the answer would be yes),
you'll need to enter a definition in your services file
(directly, via NIS, or whatever). Here's what we use:
default it uses "conserver", so the answer would be yes),
you'll need to enter a definition in your services file
(directly, via NIS, or whatever). Here's what we use:
console 782/tcp conserver # console server
console 782/tcp conserver # console server
If you used a number, you shouldn't have to worry about this
step.
If you used a number, you shouldn't have to worry about this
step.
+ Next, make sure conserver runs during boot. The init script we
use under Solaris is installed in <PREFIX>/etc/conserver.rc.
Use that or some form of it for your own /etc/init.d script or
an entry in startup files (/etc/rc, /etc/rc.local, or
whatever).
use under Solaris is installed in <PREFIX>/etc/conserver.rc.
Use that or some form of it for your own /etc/init.d script or
an entry in startup files (/etc/rc, /etc/rc.local, or
whatever).
+ Now for the fun stuff. You need to create a conserver.cf and
conserver.passwd file. Those are defined with the
--with-cffile and --with-pwdfile settings. If you ever need to
know what values were compiled into conserver, run 'conserver
-V'. See the conserver.cf/INSTALL file for instructions on
setup of these files.
conserver.passwd file. Those are defined with the
--with-cffile and --with-pwdfile settings. If you ever need to
know what values were compiled into conserver, run 'conserver
-V'. See the conserver.cf/INSTALL file for instructions on
setup of these files.
- That's it! Just start up the console server and enjoy!
Other Information And Gotchas
- Debian Linux Distribution
The Debian folks have conserver distributed with the package
names of conserver-client and conserver-server. They are in
the distribution "sid" and the "non-free" part (because the
Ohio State license doesn't explicitly allow for modification to
the code, even though it's totally implied and the intention of
the author - I've even got proof in email! Oh well, can't
blame the Debian folks for being cautious - they've been burned
before, apparently).
- Potential GCC bug
Adam Morris <AMorris@providence.org> reported a problem with
the following line in console/console.c:
if ((in_addr_t) (-1) == pPort->sin_addr.s_addr) {
This tickles a GCC bug under HP-UX 11.11 using GCC 3.0.2 in
64-bit mode with optimization enabled (-O). The bug could
possibly be provoked in other combinations as well. His fix is
to change the line to:
if ((in_addr_t) (-1) == inet_addr(pcToHost)) {
It's also reported that newer versions of the compiler fix the
issue, so if you happen to have problems with the client
connecting to servers, you might be tickling this bug and you
can upgrade the compiler, turn off the optimization, or apply
this code change.
#
# $Id: INSTALL,v 1.17 2001-07-25 17:33:29-07 bryan Exp $
# $Id: INSTALL,v 1.32 2003-08-23 11:20:55-07 bryan Exp $
#

5
Makefile.in
View File

@ -25,6 +25,9 @@ autologin:
autologin.install:
( cd autologin && $(MAKE) install $(MAKE_FLAGS) ) || exit 1;
test:
( cd test && ./dotest ) || exit 1
install:
for n in $(SUBDIRS); do \
( cd $$n && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1; \
@ -41,4 +44,4 @@ distclean:
done
rm -f config.cache config.log config.status config.h Makefile
.PHONY: autologin autologin.install clean distclean install all
.PHONY: autologin autologin.install clean distclean install all test

38
README
View File

@ -18,6 +18,42 @@ Downloading
The latest version can be found at http://www.conserver.com/
Systems Tested
Here's a list of systems that I've been told can successfully
compile conserver. If anyone has more to add to this list (or
something on the list doesn't work any more), please let me know.
AIX 4.3.3/5.1/5.2, native cc
BSDI BSD/OS 3.X, gcc
Cygwin (w2k),gcc 2.95.3
DEC Tru64 4.0, gcc
DEC Tru64 4.0/5.1, native cc
FreeBSD 4.2/4.8/5.1 (x86), gcc
HP-UX 10.20, gcc
HP-UX 11.10 parisc and ia64, native cc
Irix 6.15, native cc
Linux 2.2.18 (x86), gcc
Linux 2.4.2 (x86), gcc
Linux ia64, native gcc
Linux RedHat 6.2 and 7.2 (x86), native gcc
MacOS X, native gcc
Solaris 2.5.1 thru 9 (sparc/x86), gcc
Solaris 7/8, native cc
Contributions
Contributions distributed with the code can be found in the contrib
subdirectory. Other tools that complement conserver are listed
below.
Zinc
----
According to the website, Zinc is a console log output management
program. For more information, visit the website at:
http://www.columbia.edu/acis/sy/unixdev/zinc
#
# $Id: README,v 1.16 2001-06-15 04:34:31-07 bryan Exp $
# $Id: README,v 1.22 2003-08-23 12:34:24-07 bryan Exp $
#

70
TODO
View File

@ -3,91 +3,87 @@
Warning to those who aren't me: this is an unorganized list of things
that might be classified as bugs, improvements, random thoughts or
suggestions. Hopefully it will get cleaned up over time.
suggestions. Hopefully it will get cleaned up over time (yeah,
right!).
Bryan Stansell
---------------------------------------------------------------------------
- conserver.passwd parsing needs improvement
- shouldn't use strtok() (bryan::any == bryan:any)
- empty passwords not allowed
- Singular logging so that swatch/logsurfer can watch for errors across
the board - unloved output comes close
- Telnet protocol should be improved
- Not even RFC 854 compliant
- Data sent to terminal server not encapsulated
- Option negotiation ignored - should we negotiate anything?
- Others?
- reread of conserver.cf - totally difficult
- non-dynamic memory allocation
- no IPC for coordinated updates
- additions only may work
- deletions only may work
- reimplement the whole thing *would* work
- better shadow file support
- PAM support
- what does this mean? i've forgotten.
- syslog?
Daniel E. Singer <des@cs.duke.edu> would like to see it - especially
in regards to --use-libwrap code
- alternate (md5) password encryption support in conserver.passwd
- actually happens if the crypt() call supports it, like under linux
- hpux has bigcrypt() also, which we support, so maybe we're covered
- config file examples for various configurations
- per-line timestamps
- only when not connected?
- flow control configuration (hardcoded on, i think)
- pipe input/output (console <-> program) via 'console'
- group permissions (better user management in general)
- 64-bit compilation support (have a patch set contributed, somewhere, i think)
- some apps (net-ups thing, gdb) might need to talk to user
- autologout? setting per console? gack, would have to interpret data.
- "listen" capability (watch all/multiple consoles)
- alternate break (^ecl2?)
- aliases for console entries
- send data to multiple consoles (carbon copy) -
Steve Lammert <slammert@panasas.com>
- authentication to terminal servers (ssh, passphrase, whatever)
- "not" or "except" in passwd file (!console).
- multi-homed/multi-ip hosts not supported well
- other names/ip addrs not detected as local, necessarily
- acls don't look at aliases properly
- the whole thing needs some serious help
- ssh should probably just be handled by invoking the ssh command.
so, that's really already covered, no?
- passphrase...hmmm..could really use some sort of send/expect
thing here. you could write a wrapper script of sorts, but it
really would be nice to have a raw socket and do the right thing.
- cyclades ts1000/2000 port : "Moses, Joel" <jmoses@deloitte.com>
- dynamic memory allocation
- buf[BUFSIZ] in conserver/group.c CheckPasswd().
- kill --with-maxgrp
- config file for client (list of masters, for example)
- strftime() idea for logfile names : Lars Kellogg-Stedman <lars@larsshack.org>
- 9600baud log replay?
- SSH/SSL/Encryption of some type between client/server
- server -M flag should accept multiple addresses (comma separated)
- should client as well?
- logfile rotation based on size
- automatic log rotation in general : Egan Ford <egan@us.ibm.com>
- website docs on serial port configs
- PCs (solaris x86, linux, *bsd, etc)
- lilo
- bios support
- suggestions by Trevor Fiatal <trevor@seven.com>
- include server hostname on 'console -x' output
- ability to configure strings to be sent to a console whenever it is
(re)opened (eg. a termserver login) : Greg A. Woods
<woods@planix.com>
- ability to configure strings to be sent to a console periodically :
Greg A. Woods <woods@planix.com>
- show attach/detach events to/of spy console clients : Greg A. Woods
<woods@planix.com>
#
# $Id: TODO,v 1.11 2001-07-25 17:36:21-07 bryan Exp $
# $Id: TODO,v 1.36 2003-08-24 15:11:03-07 bryan Exp $
#

49
acconfig.h
View File

@ -1,49 +0,0 @@
/*
* Socket used to communicate
*/
#undef DEFPORT
/*
* Base socket used for secondary channel
*/
#undef DEFBASEPORT
/*
* Hostname of console server
*/
#undef MASTERHOST
/*
* Config file path
*/
#undef CONFIGFILE
/*
* Password file path
*/
#undef PASSWDFILE
/*
* Logfile path
*/
#undef LOGFILEPATH
/*
* Number of consoles per child process
*/
#undef MAXMEMB
/*
* Number of child processes
*/
#undef MAXGRP
/*
* TCP connection timeout
*/
#undef CONNECTTIMEOUT
/*
* pidfile to write to
*/
#undef PIDFILE

19
autologin/README
View File

@ -1,10 +1,15 @@
I have not touched the autologin directory. See the README.old and
INSTALL.old files if you interested in the program. I cannot guarantee
it will compile, install, or run. It is definately not integrated with
../Makefile or any of the porting support. If you have patches that
make it work, please send them to me and I'll be more than happy to
incorporate them.
This file used to say "I have not touched the autologin directory."
That's no longer true. I've applied patches submitted by the user
community (see the CHANGES file for details). I still cannot guarantee
anything, but it sounds like at least one person out there is
successfully using the code. And now for my original hand-waving...
See the README.old and INSTALL.old files if you interested in the
program. I cannot guarantee it will compile, install, or run. It is
definately not integrated with ../Makefile or any of the porting
support. If you have patches that make it work, please send them to me
and I'll be more than happy to incorporate them.
No one I've ever talked to found a need for something like autologin.
Good luck.
@ -12,5 +17,5 @@ Good luck.
Bryan Stansell
#
# $Id: README,v 1.1 1999-01-21 22:59:40-08 bryan Exp $
# $Id: README,v 1.2 2002-09-23 14:08:42-07 bryan Exp $
#

132
autologin/autologin.c
View File

@ -13,13 +13,35 @@
#include <config.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <grp.h>
#include <pwd.h>
#include <utmp.h>
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
/*
* There is no official registry of non-vendor audit event numbers,
* but the following should be OK.
*
* You need to add a line by hand to /etc/security/audit_event to make
* praudit(1) look pretty:
*
* 32900:AUE_autologin:autologin:lo
*
* If you have to change the value for AUE_autologin, you'll also need
* to change the /etc/security/audit_event line.
*/
#define AUE_autologin 32900
#include <sys/unistd.h>
#include <netdb.h>
#include <bsm/audit.h>
#include <bsm/libbsm.h>
#include <libintl.h>
#endif
#include <compat.h>
@ -47,7 +69,7 @@
*/
#ifndef lint
char *rcsid = "$Id: autologin.c,v 1.22 93/09/04 21:48:41 ksb Exp $";
char *rcsid = "$Id: autologin.c,v 1.23 2002-09-20 23:29:39-07 bryan Exp $";
#endif /* not lint */
extern char *progname;
gid_t awGrps[NGROUPS_MAX];
@ -97,8 +119,18 @@ Process()
# endif
# endif
#endif
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
char my_hostname[MAXHOSTNAMELEN];
#endif
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
if (0 != gethostname(my_hostname, sizeof(my_hostname))) {
(void) fprintf(stderr, "%s: gethostname: %s\n", strerror(errno));
exit(1);
/* NOTREACHED */
}
#endif
if ((char *)0 != pcCommand) {
if ((char *)0 == (pcCmd = (char *)malloc(strlen(pcCommand) + 4))) {
(void) fprintf(stderr, "%s: malloc: %s\n", progname, strerror(errno));
@ -128,6 +160,7 @@ Process()
}
wUid = pwd->pw_uid;
wGid = pwd->pw_gid;
(void)endpwent();
#ifdef HAVE_GETUSERATTR
/* getuserattr() returns a funny list of groups:
* "grp1\0grp2\0grp3\0\0"
@ -142,6 +175,7 @@ Process()
}
}
#endif /* HAVE_GETUSERATTR */
(void)endgrent();
if ((char *)0 != pcTty) {
if ( '/' == *pcTty ) {
@ -200,6 +234,100 @@ Process()
}
}
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
if (!cannot_audit(0)) {
# if defined(HAVE_GETAUDIT_ADDR)
struct auditinfo_addr audit_info;
# else
struct auditinfo audit_info;
# endif
au_mask_t audit_mask;
# if !defined(HAVE_GETAUDIT_ADDR)
struct hostent *hp;
# endif
int iAuditFile;
int fShowEvent = 1;
token_t *ptAuditToken;
(void)memset(&audit_info, 0, sizeof(audit_info));
audit_info.ai_auid = wUid;
audit_info.ai_asid = getpid();
audit_mask.am_success = audit_mask.am_failure = 0;
(void) au_user_mask(pcLogin, &audit_mask);
audit_info.ai_mask.am_success = audit_mask.am_success;
audit_info.ai_mask.am_failure = audit_mask.am_failure;
# if defined(HAVE_GETAUDIT_ADDR)
(void)aug_get_machine(my_hostname,
&audit_info.ai_termid.at_addr[0],
&audit_info.ai_termid.at_type);
# else
if ((char *)0 != (hp = gethostbyname(my_hostname))
&& AF_INET == hp->h_addrtype) {
(void)memcpy(&audit_info.ai_termid.machine,
hp->h_addr,
sizeof(audit_info.ai_termid.machine));
}
# endif
# if defined(HAVE_GETAUDIT_ADDR)
if (0 > setaudit_addr(&audit_info, sizeof(audit_info)))
# else
if (0 > setaudit(&audit_info))
# endif
{
fprintf(stderr, "%s: setaudit failed: %s\n",
progname,
strerror(errno));
fShowEvent = 0;
}
if (fShowEvent) {
fShowEvent = au_preselect(AUE_autologin,
&audit_mask,
AU_PRS_SUCCESS,
AU_PRS_REREAD);
}
if (fShowEvent) {
iAuditFile = au_open();
# if defined(HAVE_GETAUDIT_ADDR)
ptAuditToken = au_to_subject_ex(wUid,
wUid,
wGid,
wUid,
wGid,
audit_info.ai_asid,
audit_info.ai_asid,
&audit_info.ai_termid),
# else
ptAuditToken = au_to_subject(wUid,
wUid,
wGid,
wUid,
wGid,
audit_info.ai_asid,
audit_info.ai_asid,
&audit_info.ai_termid),
# endif
(void)au_write(iAuditFile, ptAuditToken);
ptAuditToken = au_to_text(gettext("successful login"));
(void)au_write(iAuditFile, ptAuditToken);
if ((char *)0 != pcCmd) {
ptAuditToken = au_to_text(pcCmd);
(void)au_write(iAuditFile, ptAuditToken);
}
# if defined(HAVE_GETAUDIT_ADDR)
ptAuditToken = au_to_return32(0, 0);
# else
ptAuditToken = au_to_return(0, 0);
# endif
(void)au_write(iAuditFile, ptAuditToken);
if(0 > au_close(iAuditFile, AU_TO_WRITE, AUE_autologin)) {
fprintf(stderr, "%s: audit write failed",
progname,
strerror(errno));
}
}
}
#endif
/* Open the TTY for stdin, stdout and stderr
*/
if ((char *)0 != pcDevTty) {

108
compat.h
View File

@ -1,5 +1,52 @@
#include <config.h>
/* things everything seems to need */
#include <stdio.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>
#include <ctype.h>
#include <signal.h>
/* If, when processing a logfile for replaying the last N lines,
* we end up seeing more than MAXREPLAYLINELEN characters in a line,
* abort processing and display the data. Why? There could be some
* very large logfiles and very long lines and we'd chew up lots of
* memory and send a LOT of data down to the client - all potentially
* bad. If there's a line over this in size, would you really want to
* see the whole thing (and possibly others)?
*/
#if !defined(MAXREPLAYLINELEN)
# define MAXREPLAYLINELEN 10000
#endif
/* the default escape sequence used to give meta commands
*/
#if !defined(DEFATTN)
# define DEFATTN '\005'
#endif
#if !defined(DEFESC)
# define DEFESC 'c'
#endif
/* For legacy compile-time setting of the port...
*/
#if ! defined(DEFPORT)
# if defined(SERVICENAME)
# define DEFPORT SERVICENAME
# else
# if defined(PORTNUMBER)
# define DEFPORT PORTNUMBER
# else
# define DEFPORT "conserver"
# endif
# endif
#endif
#if STDC_HEADERS
# include <string.h>
@ -11,6 +58,10 @@
# define strrchr rindex
# endif
#endif
#if !HAVE_STRCASECMP && HAVE_STRICMP
# define strcasecmp stricmp
# define strncasecmp strnicmp
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
@ -38,17 +89,7 @@ typedef long fd_set;
# include <sys/ioctl_compat.h>
#endif
#ifdef HAVE_TERMIOS_H
# include <termios.h> /* POSIX */
#else
# ifdef HAVE_TERMIO_H
# include <termio.h> /* SysV */
# else
# ifdef HAVE_SGTTY_H
# include <sgtty.h> /* BSD */
# endif
# endif
#endif
#include <termios.h>
#ifdef HAVE_STROPTS_H
# include <stropts.h>
@ -135,6 +176,14 @@ extern char *h_errlist[];
# include <crypt.h>
#endif
#ifdef HAVE_HPSECURITY_H
# include <hpsecurity.h>
#endif
#ifdef HAVE_PROT_H
# include <prot.h>
#endif
#ifdef HAVE_GETOPT_H
# include <getopt.h>
#endif
@ -165,6 +214,18 @@ extern char *h_errlist[];
#include <usersec.h>
#endif
#ifdef HAVE_PTY_H
#include <pty.h>
#endif
#ifdef HAVE_LIBUTIL_H
#include <libutil.h>
#endif
#ifdef HAVE_UTIL_H
#include <util.h>
#endif
#ifndef NGROUPS_MAX
# define NGROUPS_MAX 8
@ -182,6 +243,14 @@ extern char *h_errlist[];
# define setgroups(x, y) 0
#endif
#ifndef HAVE_IN_ADDR_T
typedef unsigned long in_addr_t;
#endif
#ifndef HAVE_SOCKLEN_T
typedef int socklen_t;
#endif
/*
* IUCLC, OLCUC and XCASE were removed from IEEE Std 1003.1-200x
* as legacy definitions.
@ -217,3 +286,20 @@ extern char *h_errlist[];
#ifndef ONLRET
#define ONLRET 0
#endif
#ifndef PARAMS
# if PROTOTYPES
# define PARAMS(protos) protos
# else /* no PROTOTYPES */
# define PARAMS(protos) ()
# endif /* no PROTOTYPES */
#endif
/* setup a conditional debugging line */
#ifndef CONDDEBUG
#define CONDDEBUG(line) if (fDebug) {debugFileName=__FILE__; debugLineNo=__LINE__; Debug line;}
#endif
#if HAVE_DMALLOC
#include <dmalloc.h>
#endif

1410
config.guess vendored Executable file
View File

File diff suppressed because it is too large Load Diff

325
config.h.in
View File

@ -1,267 +1,344 @@
/* config.h.in. Generated automatically from configure.in by autoheader. */
/*
* Socket used to communicate
*/
#undef DEFPORT
/* config.h.in. Generated from configure.in by autoheader. */
/*
* Base socket used for secondary channel
*/
#undef DEFBASEPORT
/*
* Hostname of console server
*/
#undef MASTERHOST
/*
* Config file path
*/
/* Config file path */
#undef CONFIGFILE
/*
* Password file path
*/
#undef PASSWDFILE
/* ./configure invocation */
#undef CONFIGINVOCATION
/*
* Logfile path
*/
#undef LOGFILEPATH
/*
* Number of consoles per child process
*/
#undef MAXMEMB
/*
* Number of child processes
*/
#undef MAXGRP
/*
* TCP connection timeout
*/
/* TCP connection timeout */
#undef CONNECTTIMEOUT
/*
* pidfile to write to
*/
#undef PIDFILE
/* Base socket used for secondary channel */
#undef DEFBASEPORT
/* Define if you have the <crypt.h> header file. */
/* Socket used to communicate */
#undef DEFPORT
/* Define to 1 if you have the `bigcrypt' function. */
#undef HAVE_BIGCRYPT
/* Define to 1 if you have the <bsm/audit.h> header file. */
#undef HAVE_BSM_AUDIT_H
/* Define to 1 if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H
/* Define if you have the `flock' function. */
#undef HAVE_FLOCK
/* have dmalloc support */
#undef HAVE_DMALLOC
/* Define if you have the `getdtablesize' function. */
/* Define to 1 if you have the `getaudit' function. */
#undef HAVE_GETAUDIT
/* Define to 1 if you have the `getaudit_addr' function. */
#undef HAVE_GETAUDIT_ADDR
/* Define to 1 if you have the `getdtablesize' function. */
#undef HAVE_GETDTABLESIZE
/* Define if you have the `getopt' function. */
/* Define to 1 if you have the `getlogin' function. */
#undef HAVE_GETLOGIN
/* Define to 1 if you have the `getopt' function. */
#undef HAVE_GETOPT
/* Define if you have the <getopt.h> header file. */
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
/* Define if you have the `getpassphrase' function. */
#undef HAVE_GETPASSPHRASE
/* Define to 1 if you have the `getprpwnam' function. */
#undef HAVE_GETPRPWNAM
/* Define if you have the `getrlimit' function. */
/* Define to 1 if you have the `getrlimit' function. */
#undef HAVE_GETRLIMIT
/* Define if you have the `getsid' function. */
/* Define to 1 if you have the `getsid' function. */
#undef HAVE_GETSID
/* Define if you have the `getspnam' function. */
/* Define to 1 if you have the `getspnam' function. */
#undef HAVE_GETSPNAM
/* Define if you have the `getuserattr' function. */
/* Define to 1 if you have the `getuserattr' function. */
#undef HAVE_GETUSERATTR
/* Define if you have the `getutent' function. */
/* Define to 1 if you have the `getutent' function. */
#undef HAVE_GETUTENT
/* Define if you have the `grantpt' function. */
/* Define to 1 if you have the `grantpt' function. */
#undef HAVE_GRANTPT
/* Define if you have the <inttypes.h> header file. */
/* Define to 1 if you have the <hpsecurity.h> header file. */
#undef HAVE_HPSECURITY_H
/* Define to 1 if you have the `inet_aton' function. */
#undef HAVE_INET_ATON
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define if you have the `crypt' library (-lcrypt). */
#undef HAVE_LIBCRYPT
/* Defined if in_addr_t exists */
#undef HAVE_IN_ADDR_T
/* Define if you have the `nsl' library (-lnsl). */
#undef HAVE_LIBNSL
/* Define to 1 if you have the `iscomsec' function. */
#undef HAVE_ISCOMSEC
/* Define if you have the `socket' library (-lsocket). */
#undef HAVE_LIBSOCKET
/* Define to 1 if you have the `bsm' library (-lbsm). */
#undef HAVE_LIBBSM
/* Define if you have the `memcmp' function. */
/* Define to 1 if you have the `sec' library (-lsec). */
#undef HAVE_LIBSEC
/* Define to 1 if you have the `util' library (-lutil). */
#undef HAVE_LIBUTIL
/* Define to 1 if you have the <libutil.h> header file. */
#undef HAVE_LIBUTIL_H
/* Define to 1 if you have the `xnet' library (-lxnet). */
#undef HAVE_LIBXNET
/* Define to 1 if you have the `memcmp' function. */
#undef HAVE_MEMCMP
/* Define if you have the `memcpy' function. */
/* Define to 1 if you have the `memcpy' function. */
#undef HAVE_MEMCPY
/* Define if you have the <memory.h> header file. */
/* Define to 1 if you have the `memmove' function. */
#undef HAVE_MEMMOVE
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define if you have the `memset' function. */
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* Define if you have the `ptsname' function. */
/* Define to 1 if you have the `openpty' function. */
#undef HAVE_OPENPTY
/* have openssl support */
#undef HAVE_OPENSSL
/* have PAM support */
#undef HAVE_PAM
/* Define to 1 if you have the <prot.h> header file. */
#undef HAVE_PROT_H
/* Define to 1 if you have the `ptsname' function. */
#undef HAVE_PTSNAME
/* Define if you have the `putenv' function. */
/* Define to 1 if you have the <pty.h> header file. */
#undef HAVE_PTY_H
/* Define to 1 if you have the `putenv' function. */
#undef HAVE_PUTENV
/* Define if you have the `setgroups' function. */
/* Defined if sa_len member exists in struct sockaddr */
#undef HAVE_SA_LEN
/* Define to 1 if you have the `setgroups' function. */
#undef HAVE_SETGROUPS
/* Define if you have the `setlinebuf' function. */
/* Define to 1 if you have the `setlinebuf' function. */
#undef HAVE_SETLINEBUF
/* Define if you have the `setpgrp' function. */
/* Define to 1 if you have the `setpgrp' function. */
#undef HAVE_SETPGRP
/* Define if you have the `setsid' function. */
/* Define to 1 if you have the `setsid' function. */
#undef HAVE_SETSID
/* Define if you have the `setsockopt' function. */
/* Define to 1 if you have the `setsockopt' function. */
#undef HAVE_SETSOCKOPT
/* Define if you have the `setttyent' function. */
/* Define to 1 if you have the `setttyent' function. */
#undef HAVE_SETTTYENT
/* Define if you have the `setvbuf' function. */
/* Define to 1 if you have the `setvbuf' function. */
#undef HAVE_SETVBUF
/* Define if you have the <sgtty.h> header file. */
#undef HAVE_SGTTY_H
/* Define if you have the <shadow.h> header file. */
/* Define to 1 if you have the <shadow.h> header file. */
#undef HAVE_SHADOW_H
/* Define if you have the `sigaction' function. */
/* Define to 1 if you have the `sigaction' function. */
#undef HAVE_SIGACTION
/* Define if you have the <stdlib.h> header file. */
/* Defined if socklen_t exists */
#undef HAVE_SOCKLEN_T
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define if you have the `strerror' function. */
/* Define if strcasecmp is available */
#undef HAVE_STRCASECMP
/* Define to 1 if you have the `strerror' function. */
#undef HAVE_STRERROR
/* Define if you have the <strings.h> header file. */
/* Define if stricmp is available */
#undef HAVE_STRICMP
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define if you have the <string.h> header file. */
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define if you have the <stropts.h> header file. */
/* Define to 1 if you have the <stropts.h> header file. */
#undef HAVE_STROPTS_H
/* Define if you have the `sysconf' function. */
/* Define to 1 if you have the `sysconf' function. */
#undef HAVE_SYSCONF
/* Define if you have the <sysexits.h> header file. */
/* Define to 1 if you have the <sysexits.h> header file. */
#undef HAVE_SYSEXITS_H
/* Define if you have the <sys/audit.h> header file. */
/* Define to 1 if you have the <sys/audit.h> header file. */
#undef HAVE_SYS_AUDIT_H
/* Define if you have the <sys/ioctl_compat.h> header file. */
/* Define to 1 if you have the <sys/ioctl_compat.h> header file. */
#undef HAVE_SYS_IOCTL_COMPAT_H
/* Define if you have the <sys/ioctl.h> header file. */
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define if you have the <sys/proc.h> header file. */
/* Define to 1 if you have the <sys/proc.h> header file. */
#undef HAVE_SYS_PROC_H
/* Define if you have the <sys/resource.h> header file. */
/* Define to 1 if you have the <sys/resource.h> header file. */
#undef HAVE_SYS_RESOURCE_H
/* Define if you have the <sys/select.h> header file. */
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
/* Define if you have the <sys/time.h> header file. */
/* Define to 1 if you have the <sys/sockio.h> header file. */
#undef HAVE_SYS_SOCKIO_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define if you have the <sys/ttold.h> header file. */
/* Define to 1 if you have the <sys/ttold.h> header file. */
#undef HAVE_SYS_TTOLD_H
/* Define if you have the <sys/uio.h> header file. */
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <sys/uio.h> header file. */
#undef HAVE_SYS_UIO_H
/* Define if you have the <sys/vlimit.h> header file. */
/* Define to 1 if you have the <sys/vlimit.h> header file. */
#undef HAVE_SYS_VLIMIT_H
/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
#undef HAVE_SYS_WAIT_H
/* Define if you have the `tcgetattr' function. */
/* Define to 1 if you have the `tcgetattr' function. */
#undef HAVE_TCGETATTR
/* Define if you have the `tcgetpgrp' function. */
/* Define to 1 if you have the `tcgetpgrp' function. */
#undef HAVE_TCGETPGRP
/* Define if you have the `tcsendbreak' function. */
/* Define to 1 if you have the `tcsendbreak' function. */
#undef HAVE_TCSENDBREAK
/* Define if you have the `tcsetattr' function. */
/* Define to 1 if you have the `tcsetattr' function. */
#undef HAVE_TCSETATTR
/* Define if you have the `tcsetpgrp' function. */
/* Define to 1 if you have the `tcsetpgrp' function. */
#undef HAVE_TCSETPGRP
/* Define if you have the <termios.h> header file. */
#undef HAVE_TERMIOS_H
/* Define if you have the <termio.h> header file. */
#undef HAVE_TERMIO_H
/* Define if you have the <ttyent.h> header file. */
/* Define to 1 if you have the <ttyent.h> header file. */
#undef HAVE_TTYENT_H
/* Define if you have the <types.h> header file. */
/* Define to 1 if you have the <types.h> header file. */
#undef HAVE_TYPES_H
/* Define if you have the <unistd.h> header file. */
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define if you have the `unlockpt' function. */
/* Define to 1 if you have the `unlockpt' function. */
#undef HAVE_UNLOCKPT
/* Define if you have the <usersec.h> header file. */
/* Define to 1 if you have the <usersec.h> header file. */
#undef HAVE_USERSEC_H
/* Define to 1 if you have the <util.h> header file. */
#undef HAVE_UTIL_H
/* Logfile path */
#undef LOGFILEPATH
/* Hostname of console server */
#undef MASTERHOST
/* Number of consoles per child process */
#undef MAXMEMB
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Password file path */
#undef PASSWDFILE
/* pidfile to write to */
#undef PIDFILE
/* Define to 1 if the C compiler supports function prototypes. */
#undef PROTOTYPES
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
/* Define if the `setpgrp' function takes no argument. */
/* Define to 1 if the `setpgrp' function takes no argument. */
#undef SETPGRP_VOID
/* Define if you have the ANSI C header files. */
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if you can safely include both <sys/time.h> and <time.h>. */
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define if on AIX 3.
/* Defined if we trust reverse DNS */
#undef TRUST_REVERSE_DNS
/* use tcp_wrappers libwrap */
#undef USE_LIBWRAP
/* Define to 1 if on AIX 3.
System headers sometimes define this.
We just want to avoid a redefinition error message. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Define like PROTOTYPES; this can be used by system headers. */
#undef __PROTOTYPES
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Define to `int' if <sys/types.h> does not define. */
#undef mode_t
/* Define to `int' if <sys/types.h> does not define. */
#undef pid_t
/* Define if <signal.h> does not define sig_atomic_t */
#undef sig_atomic_t
/* Define if <sys/socket.h> does not define socklen_t */
#undef socklen_t

1508
config.sub vendored Executable file
View File

File diff suppressed because it is too large Load Diff

6906
configure vendored
View File

File diff suppressed because it is too large Load Diff

539
configure.in
View File

@ -1,7 +1,28 @@
dnl ### autoheader templates ########################################
AH_TEMPLATE([CONFIGINVOCATION], [./configure invocation])
AH_TEMPLATE([DEFPORT], [Socket used to communicate])
AH_TEMPLATE([DEFBASEPORT], [Base socket used for secondary channel])
AH_TEMPLATE([MASTERHOST], [Hostname of console server])
AH_TEMPLATE([CONFIGFILE], [Config file path])
AH_TEMPLATE([PASSWDFILE], [Password file path])
AH_TEMPLATE([LOGFILEPATH], [Logfile path])
AH_TEMPLATE([MAXMEMB], [Number of consoles per child process])
AH_TEMPLATE([CONNECTTIMEOUT], [TCP connection timeout])
AH_TEMPLATE([PIDFILE], [pidfile to write to])
AH_TEMPLATE([USE_LIBWRAP], [use tcp_wrappers libwrap])
dnl AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp])
AH_TEMPLATE([HAVE_PAM], [have PAM support])
AH_TEMPLATE([HAVE_OPENSSL], [have openssl support])
AH_TEMPLATE([HAVE_DMALLOC], [have dmalloc support])
AH_TEMPLATE([HAVE_SA_LEN],[Defined if sa_len member exists in struct sockaddr])
AH_TEMPLATE([TRUST_REVERSE_DNS],[Defined if we trust reverse DNS])
dnl ### Normal initialization. ######################################
AC_INIT(conserver/main.c)
AC_INIT
AC_CONFIG_SRCDIR([conserver/main.c])
AC_CONFIG_HEADER(config.h)
AC_DEFINE_UNQUOTED(CONFIGINVOCATION, "$0 $@")
dnl ### Set some option defaults. ###################################
if test -z "$CFLAGS"; then
@ -12,216 +33,486 @@ AC_SUBST(MKDIR)
dnl ### Custom settings. ############################################
dnl AC_MSG_CHECKING(whether to allow 64bit compilation)
dnl AC_ARG_WITH(64bit,
dnl AC_HELP_STRING([--with-64bit],[Allow 64bit compilation]),
dnl [case "$withval" in
dnl yes)
dnl with_64bit=yes
dnl ;;
dnl *)
dnl with_64bit=no
dnl ;;
dnl esac], [with_64bit=no])
dnl AC_MSG_RESULT($with_64bit)
AC_MSG_CHECKING(for port number specification)
AC_ARG_WITH(port,
AC_HELP_STRING([--with-port=PORT],[Specify port number [[conserver]]]),
[if test "$withval" != yes -a "$withval" != no; then
AC_DEFINE_UNQUOTED(DEFPORT, "$withval")
AC_MSG_RESULT(port '$withval')
else
AC_HELP_STRING([--with-port=PORT],[Specify port number @<:@conserver@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
AC_MSG_RESULT(port 'conserver')
fi],
;;
*)
AC_DEFINE_UNQUOTED(DEFPORT, "$withval")
AC_MSG_RESULT(port '$withval')
;;
esac],
[AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
AC_MSG_RESULT(port 'conserver')])
AC_MSG_CHECKING(for secondary channel base port)
AC_ARG_WITH(base,
AC_HELP_STRING([--with-base=PORT], [Base port for secondary channel [[0]]]),
[if test "$withval" != yes -a "$withval" != no; then
AC_DEFINE_UNQUOTED(DEFBASEPORT, "$withval")
AC_MSG_RESULT(port '$withval')
else
AC_HELP_STRING([--with-base=PORT], [Base port for secondary channel @<:@0@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
AC_MSG_RESULT(port '0')
fi],
;;
*)
AC_DEFINE_UNQUOTED(DEFBASEPORT, "$withval")
AC_MSG_RESULT(port '$withval')
;;
esac],
[AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
AC_MSG_RESULT(port '0')])
AC_MSG_CHECKING(for master conserver hostname)
AC_ARG_WITH(master,
AC_HELP_STRING([--with-master=MASTER],[Specify master server hostname [[console]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(MASTERHOST, "$withval")
AC_MSG_RESULT('$withval')
else
AC_HELP_STRING([--with-master=MASTER],[Specify master server hostname @<:@console@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(MASTERHOST, "console")
AC_MSG_RESULT('console')
fi],
;;
*)
AC_DEFINE_UNQUOTED(MASTERHOST, "$withval")
AC_MSG_RESULT('$withval')
;;
esac],
[AC_DEFINE_UNQUOTED(MASTERHOST, "console")
AC_MSG_RESULT('console')])
AC_MSG_CHECKING(for configuration filename)
AC_ARG_WITH(cffile,
AC_HELP_STRING([--with-cffile=CFFILE],[Specify config filename [[conserver.cf]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(CONFIGFILE, "$withval")
AC_HELP_STRING([--with-cffile=CFFILE],[Specify config filename @<:@SYSCONFDIR/conserver.cf@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
AC_MSG_RESULT('$sysconfdir/conserver.cf')
;;
[[\\/]]* | ?:[[\\/]]* )
AC_DEFINE_UNQUOTED(CONFIGFILE, ["$withval"])
AC_MSG_RESULT('$withval')
else
AC_DEFINE_UNQUOTED(CONFIGFILE, "conserver.cf")
AC_MSG_RESULT('conserver.cf')
fi],
[AC_DEFINE_UNQUOTED(CONFIGFILE, "conserver.cf")
AC_MSG_RESULT('conserver.cf')])
;;
*)
AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/$withval"])
AC_MSG_RESULT('$sysconfdir/$withval')
;;
esac],
[AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
AC_MSG_RESULT('$sysconfdir/conserver.cf')])
AC_MSG_CHECKING(for password filename)
AC_ARG_WITH(pwdfile,
AC_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename [[conserver.passwd]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(PASSWDFILE, "$withval")
AC_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename @<:@SYSCONFDIR/conserver.passwd@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
AC_MSG_RESULT('$sysconfdir/conserver.passwd')
;;
[[\\/]]* | ?:[[\\/]]* )
AC_DEFINE_UNQUOTED(PASSWDFILE, ["$withval"])
AC_MSG_RESULT('$withval')
else
AC_DEFINE_UNQUOTED(PASSWDFILE, "conserver.passwd")
AC_MSG_RESULT('conserver.passwd')
fi],
[AC_DEFINE_UNQUOTED(PASSWDFILE, "conserver.passwd")
AC_MSG_RESULT('conserver.passwd')])
;;
*)
AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/$withval"])
AC_MSG_RESULT('$sysconfdir/$withval')
;;
esac],
[AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
AC_MSG_RESULT('$sysconfdir/conserver.passwd')])
AC_MSG_CHECKING(for log filename)
AC_ARG_WITH(logfile,
AC_HELP_STRING([--with-logfile=LOGFILE],[Specify log filename [[/var/log/conserver]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(LOGFILEPATH, "$withval")
AC_MSG_RESULT('$withval')
else
AC_HELP_STRING([--with-logfile=LOGFILE],[Specify log filename @<:@/var/log/conserver@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
AC_MSG_RESULT('/var/log/conserver')
fi],
;;
*)
AC_DEFINE_UNQUOTED(LOGFILEPATH, "$withval")
AC_MSG_RESULT('$withval')
;;
esac],
[AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
AC_MSG_RESULT('/var/log/conserver')])
AC_SUBST(PIDFILE)
AC_MSG_CHECKING(for PID filename)
AC_ARG_WITH(pidfile,
AC_HELP_STRING([--with-pidfile=PIDFILE],[Specify PID filepath [[/var/run/conserver.pid]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(PIDFILE, "$withval")
AC_MSG_RESULT('$withval')
else
AC_DEFINE_UNQUOTED(PIDFILE, "/var/run/conserver.pid")
AC_MSG_RESULT('/var/run/conserver.pid')
fi],
[AC_DEFINE_UNQUOTED(PIDFILE, "/var/run/conserver.pid")
AC_MSG_RESULT('/var/run/conserver.pid')])
AC_HELP_STRING([--with-pidfile=PIDFILE],[Specify PID filepath @<:@/var/run/conserver.pid@:>@]),
[case "$withval" in
yes|no)
PIDFILE="/var/run/conserver.pid"
;;
*)
PIDFILE="$withval"
;;
esac],
[PIDFILE="/var/run/conserver.pid"])
AC_DEFINE_UNQUOTED(PIDFILE, "$PIDFILE")
AC_MSG_RESULT('$PIDFILE')
AC_MSG_CHECKING(for MAXMEMB setting)
AC_ARG_WITH(maxmemb,
AC_HELP_STRING([--with-maxmemb=MAXMEMB],[Specify maximum consoles per process [[16]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(MAXMEMB, $withval)
AC_MSG_RESULT($withval)
else
AC_HELP_STRING([--with-maxmemb=MAXMEMB],[Specify maximum consoles per process @<:@16@:>@]),
[case "$withval" in
yes|no)
AC_DEFINE_UNQUOTED(MAXMEMB, 16)
AC_MSG_RESULT(16)
fi],
;;
*)
if expr "$withval" : '[[0-9]]*$' >/dev/null 2>&1 &&
test "$withval" -gt 0 -a "$withval" -lt 256; then
AC_DEFINE_UNQUOTED(MAXMEMB, $withval)
AC_MSG_RESULT($withval)
else
AC_DEFINE_UNQUOTED(MAXMEMB, 16)
AC_MSG_RESULT([value out of bounds (0<x<256) - setting to 16])
fi
;;
esac],
[AC_DEFINE_UNQUOTED(MAXMEMB, 16)
AC_MSG_RESULT(16)])
AC_MSG_CHECKING(for MAXGRP setting)
AC_ARG_WITH(maxgrp,
AC_HELP_STRING([--with-maxgrp=MAXGRP],[Specify maximum number of processes [[32]]]),
[if test "$withval" != yes; then
AC_DEFINE_UNQUOTED(MAXGRP, $withval)
AC_MSG_RESULT($withval)
else
AC_DEFINE_UNQUOTED(MAXGRP, 32)
AC_MSG_RESULT(32)
fi],
[AC_DEFINE_UNQUOTED(MAXGRP, 32)
AC_MSG_RESULT(32)])
AC_MSG_CHECKING(for connect() timeout)
AC_ARG_WITH(timeout,
AC_HELP_STRING([--with-timeout=TIMEOUT],[Specify connect() timeout in seconds [[10]]]),
[if test "$withval" -gt 0 -o "$withval" -lt 300; then
AC_HELP_STRING([--with-timeout=TIMEOUT],[Specify connect() timeout in seconds @<:@10@:>@]),
[if expr "$withval" : '[[0-9]]*$' >/dev/null 2>&1 &&
test "$withval" -gt 0 -a "$withval" -lt 300; then
AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, $withval)
AC_MSG_RESULT($withval)
else
AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
AC_MSG_RESULT(10)
AC_MSG_RESULT([value out of bounds (0<x<300) - setting to 10])
fi],
[AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
AC_MSG_RESULT(10)])
AC_MSG_CHECKING(whether to trust reverse DNS)
AC_ARG_WITH(trustrevdns,
AC_HELP_STRING([--with-trustrevdns],[Trust reverse DNS information]),
[case "$withval" in
yes)
AC_DEFINE(TRUST_REVERSE_DNS)
AC_MSG_RESULT(yes)
;;
*)
AC_MSG_RESULT(no)
;;
esac],[AC_MSG_RESULT(no)])
dnl ### Check for compiler et al. ###################################
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
dnl ### Compiler characteristics. ##################################
AC_AIX
AC_C_CONST
AC_C_PROTOTYPES
dnl AC_CHECK_SIZEOF(long)
dnl if test "$ac_cv_sizeof_long" -gt 4; then
dnl if test "$with_64bit" != "yes"; then
dnl AC_MSG_ERROR([cannot build on >32bit systems (to override use --with-64bit)])
dnl else
dnl AC_MSG_WARN([building a 64bit version of conserver - good luck!])
dnl fi
dnl fi
dnl ### Checks for header files. ###################################
AC_HEADER_STDC
AC_CHECK_HEADERS(sys/ioctl.h)
dnl ### POSIX terminal I/O
AC_CHECK_HEADERS(termios.h)
if test "$ac_cv_header_termios_h" != "yes"; then
dnl ### SysV terminal I/O
AC_CHECK_HEADERS(termio.h)
if test "$ac_cv_header_termio_h" != "yes"; then
dnl ### BSD terminal I/O
AC_CHECK_HEADERS(sgtty.h)
if test "$ac_cv_header_sgtty_h" != "yes"; then
AC_MSG_ERROR([no usable terminal interface detected])
fi
fi
AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" != "yes"; then
AC_MSG_ERROR([POSIX termios interface required])
fi
AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/proc.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h)
AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/proc.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h sys/sockio.h)
AC_HEADER_TIME
AC_HEADER_SYS_WAIT
AC_TYPE_MODE_T
AC_TYPE_SIGNAL
AC_TYPE_PID_T
AC_CACHE_CHECK([if sig_atomic_t is defined], ac_cv_type_sig_atomic_t,
AC_TRY_LINK([
#include <signal.h>
], [
sig_atomic_t sigatom;
sigatom = 1;
],
ac_cv_type_sig_atomic_t=yes,
ac_cv_type_sig_atomic_t=no
)
)
if test "$ac_cv_type_sig_atomic_t" != "yes"; then
AC_DEFINE(sig_atomic_t, volatile int, [Define if <signal.h> does not define sig_atomic_t])
fi
AC_CHECK_TYPE([sig_atomic_t],,
AC_DEFINE(sig_atomic_t, volatile int,
[Define if <signal.h> does not define sig_atomic_t]),
[#include <signal.h>])
AC_CACHE_CHECK([if socklen_t is defined], ac_cv_type_socklen_t,
AC_TRY_LINK([
#include <sys/types.h>
#include <sys/socket.h>
], [
socklen_t len = 0;
printf("len == %d\n", len);
],
ac_cv_type_socklen_t=yes,
ac_cv_type_socklen_t=no
)
)
if test "$ac_cv_type_socklen_t" != "yes"; then
AC_DEFINE(socklen_t, int, [Define if <sys/socket.h> does not define socklen_t])
fi
AC_CHECK_TYPE([in_addr_t],[AC_DEFINE(HAVE_IN_ADDR_T,1,
[Defined if in_addr_t exists])],,[$ac_includes_default
#include <netinet/in.h>])
AC_CHECK_TYPE([socklen_t],[AC_DEFINE(HAVE_SOCKLEN_T,1,
[Defined if socklen_t exists])],,[$ac_includes_default
#include <sys/socket.h>])
AC_MSG_CHECKING(for sa_len in struct sockaddr)
AC_TRY_COMPILE([#include <sys/types.h>
#include <sys/socket.h>],
[struct sockaddr s; s.sa_len=0;],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_SA_LEN)],
[AC_MSG_RESULT(no)])
dnl ### Host specific checks. ######################################
AC_CANONICAL_HOST
case "$host" in
*-*-hpux*)
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE_EXTENDED=1"
AC_CHECK_LIB(xnet,t_error,,AC_MSG_ERROR([-lxnet needed on HP-UX]))
AC_CHECK_LIB(sec,getspnam)
AC_CHECK_HEADERS(hpsecurity.h prot.h)
AC_CHECK_FUNCS(bigcrypt iscomsec getprpwnam)
;;
esac
dnl ### Check for libraries. #######################################
AC_CHECK_LIB(socket,socket)
AC_CHECK_LIB(nsl,gethostbyname)
AC_CHECK_LIB(crypt,crypt)
AC_SEARCH_LIBS(socket,socket)
AC_SEARCH_LIBS(gethostbyname,nsl)
AC_SEARCH_LIBS(crypt,crypt)
AC_SUBST(CONSLIBS)
AC_SUBST(CONSCPPFLAGS)
AC_SUBST(CONSLDFLAGS)
AC_ARG_WITH(libwrap,
AC_HELP_STRING([--with-libwrap@<:@=PATH@:>@],
[Compile in libwrap (tcp_wrappers) support]),
[if test "$withval" != "no"; then
if test "$withval" != "yes"; then
WRAPCPPFLAGS="-I$withval/include"
WRAPLDFLAGS="-L$withval/lib"
else
WRAPCPPFLAGS=""
WRAPLDFLAGS=""
fi
oCPPFLAGS="$CPPFLAGS"
oLDFLAGS="$LDFLAGS"
oLIBS="$LIBS"
CPPFLAGS="$CPPFLAGS $WRAPCPPFLAGS"
LDFLAGS="$LDFLAGS $WRAPLDFLAGS"
AC_CHECK_HEADER(tcpd.h,
[LIBS="$LIBS -lwrap"
AC_MSG_CHECKING(for TCP wrappers library -lwrap)
AC_TRY_LINK([#include <tcpd.h>
int allow_severity = 0;
int deny_severity = 0;
],[hosts_access((void *)0)],
[AC_MSG_RESULT(yes)
AC_DEFINE(USE_LIBWRAP)
CONSLIBS="$CONSLIBS -lwrap"
CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
[AC_MSG_RESULT(no)
LIBS="$LIBS -lnsl"
AC_MSG_CHECKING(for TCP wrappers library -lwrap with -lnsl)
AC_TRY_LINK([#include <tcpd.h>
int allow_severity = 0;
int deny_severity = 0;
],[hosts_access((void *)0)],
[AC_MSG_RESULT(yes)
AC_DEFINE(USE_LIBWRAP)
CONSLIBS="$CONSLIBS -lwrap -lnsl"
CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
[AC_MSG_RESULT(no)])])],)
LIBS="$oLIBS"
CPPFLAGS="$oCPPFLAGS"
LDFLAGS="$oLDFLAGS"
fi]
)
AC_ARG_WITH(openssl,
AC_HELP_STRING([--with-openssl@<:@=PATH@:>@],
[Compile in OpenSSL support]),
[if test "$withval" != "no"; then
if test "$withval" != "yes"; then
OPENSSLCPPFLAGS="-I$withval/include"
OPENSSLLDFLAGS="-L$withval/lib"
else
OPENSSLCPPFLAGS=""
OPENSSLLDFLAGS=""
fi
oCPPFLAGS="$CPPFLAGS"
oLDFLAGS="$LDFLAGS"
oLIBS="$LIBS"
have_openssl=no
CPPFLAGS="$CPPFLAGS $OPENSSLCPPFLAGS"
LDFLAGS="$LDFLAGS $OPENSSLLDFLAGS"
AC_CHECK_HEADER([openssl/ssl.h],
[LIBS="$LIBS -lssl -lcrypto"
AC_MSG_CHECKING(for openssl libraries -lssl and -lcrypto)
AC_TRY_LINK([#include <openssl/ssl.h>
],[SSL_library_init()],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_OPENSSL)
have_openssl=yes],
[AC_MSG_RESULT(no)])],)
if test $have_openssl = no; then
LIBS="$oLIBS"
CPPFLAGS="$oCPPFLAGS"
LDFLAGS="$oLDFLAGS"
fi
fi]
)
AC_ARG_WITH(dmalloc,
AC_HELP_STRING([--with-dmalloc@<:@=PATH@:>@],
[Compile in dmalloc support]),
[if test "$withval" != "no"; then
if test "$withval" != "yes"; then
DMALLOCCPPFLAGS="-I$withval/include"
DMALLOCLDFLAGS="-L$withval/lib"
else
DMALLOCCPPFLAGS=""
DMALLOCLDFLAGS=""
fi
oCPPFLAGS="$CPPFLAGS"
oLDFLAGS="$LDFLAGS"
oLIBS="$LIBS"
have_dmalloc=no
CPPFLAGS="$CPPFLAGS $DMALLOCCPPFLAGS"
LDFLAGS="$LDFLAGS $DMALLOCLDFLAGS"
AC_CHECK_HEADER([dmalloc.h],
[LIBS="$LIBS -ldmalloc"
AC_MSG_CHECKING(for dmalloc libraries -ldmalloc)
AC_TRY_LINK([#include <dmalloc.h>
],[dmalloc_debug(0)],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_DMALLOC)
have_dmalloc=yes],
[AC_MSG_RESULT(no)])],)
if test $have_dmalloc = no; then
LIBS="$oLIBS"
CPPFLAGS="$oCPPFLAGS"
LDFLAGS="$oLDFLAGS"
fi
fi]
)
dnl ### Check for needed functions. ################################
AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt flock sigaction setsockopt getdtablesize putenv memset memcpy memcmp sysconf getpassphrase)
dnl dnl The following basically stollen from the less-358 distribution, but
dnl dnl modified for my own purposes
dnl AC_MSG_CHECKING(for POSIX regex)
dnl AC_ARG_WITH(regex,
dnl AC_HELP_STRING([--with-regex],
dnl [Use regular expressions in conserver.passwd]),
dnl [if test "$withval" = yes; then
dnl AC_TRY_RUN([
dnl #include <sys/types.h>
dnl #include <regex.h>
dnl main() { regex_t r; regmatch_t rm; char *text = "xabcy";
dnl if (regcomp(&r, "abc", 0)) exit(1);
dnl if (regexec(&r, text, 1, &rm, 0)) exit(1);
dnl if (rm.rm_so != 1) exit(1); /* check for correct offset */
dnl exit(0); }
dnl ],have_posix_regex=yes,have_posix_regex=no,have_posix_regex=unknown)
dnl if test $have_posix_regex = yes; then
dnl AC_MSG_RESULT(yes)
dnl AC_DEFINE(HAVE_POSIX_REGCOMP)
dnl elif test $have_posix_regex = unknown; then
dnl AC_TRY_LINK([
dnl #include <sys/types.h>
dnl #include <regex.h>],
dnl [regex_t *r; regfree(r);],
dnl AC_MSG_RESULT(yes)
dnl AC_DEFINE(HAVE_POSIX_REGCOMP))
dnl else
dnl AC_MSG_RESULT(no)
dnl fi
dnl else
dnl AC_MSG_RESULT(no)
dnl fi],[AC_MSG_RESULT(no)])
AC_MSG_CHECKING(for PAM support)
AC_ARG_WITH(pam,
AC_HELP_STRING([--with-pam],
[Enable PAM support]),
[if test "$withval" = yes; then
oLIBS="$LIBS"
AC_CHECK_HEADER(security/pam_appl.h,
[LIBS="$LIBS -lpam"
AC_MSG_CHECKING(for PAM library -lpam)
AC_TRY_LINK_FUNC([pam_start],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_PAM)
CONSLIBS="$CONSLIBS -lpam"],
[LIBS="$LIBS -ldl"
AC_MSG_RESULT(no)
AC_MSG_CHECKING(for PAM library -lpam with -ldl)
AC_TRY_LINK_FUNC([pam_end],
[AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_PAM)
CONSLIBS="$CONSLIBS -lpam -ldl"],
[AC_MSG_RESULT(no)])])],)
LIBS="$oLIBS"
else
AC_MSG_RESULT(no)
fi],[AC_MSG_RESULT(no)])
dnl Checks for pty allocation...
dnl According to the xemacs distribution:
dnl getpt() is the preferred pty allocation method on glibc systems.
dnl _getpty() is the preferred pty allocation method on SGI systems.
dnl grantpt(), unlockpt(), ptsname() are defined by Unix98.
dnl openpty() is the preferred pty allocation method on BSD and Tru64 systems.
dnl openpty() might be declared in:
dnl - pty.h (Tru64 or Linux)
dnl - libutil.h (FreeBSD)
dnl - util.h (NetBSD)
dnl Conserver doesn't support getpt() or _getpt() yet.
AC_CHECK_HEADERS(pty.h libutil.h util.h)
AC_CHECK_LIB(util, openpty)
AC_CHECK_FUNCS(openpty)
AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt sigaction setsockopt getdtablesize putenv memset memcpy memcmp memmove sysconf getlogin inet_aton)
AC_FUNC_SETPGRP
AC_CHECK_FUNC(strcasecmp,
[AC_DEFINE(HAVE_STRCASECMP, 1, [Define if strcasecmp is available])],
[AC_CHECK_FUNC(stricmp,
[AC_DEFINE(HAVE_STRICMP, 1, [Define if stricmp is available])],
[AC_MSG_ERROR([strcasecmp or stricmp must be available])])])
dnl Checks for libbsm functions
AC_CHECK_HEADERS(bsm/audit.h)
AC_CHECK_LIB(bsm, getaudit)
AC_CHECK_FUNCS(getaudit getaudit_addr)
dnl ### Create output files. #######################################
AC_SUBST(LIBOBJS)
AC_OUTPUT(Makefile conserver/Makefile conserver.cf/Makefile console/Makefile autologin/Makefile)
AC_CONFIG_FILES([Makefile conserver/Makefile conserver.cf/Makefile console/Makefile autologin/Makefile])
AC_CONFIG_FILES([conserver/conserver.rc], [chmod +x conserver/conserver.rc])
AC_OUTPUT

14
conserver.cf/INSTALL
View File

@ -1,19 +1,11 @@
The two files you need to set up are the conserver.cf and conserver.passwd
files. See the sample conserver.cf and conserver.passwd files
for examples. You can start with those and then modify extensively.
The man page for conserver.cf should explain that file with enough detail
to get you going.
As for the conserver.passwd file, here are some instructions. The file
contains three fields seperated by colons: <username>:<passwd>:<hosts>.
The <passwd> field should either be an encrypted password or the special
string '*passwd*', which will cause the console server to do a getpwnam()
call. The <hosts> field can be a comma seperated list of console names
(from conserver.cf) or the special string 'any'. Access for the user
is only granted to the hosts listed here (or all if 'any' is used).
The man page for conserver.cf and conserver.passwd should explain the
files with enough detail to get you going.
That's about it. Good luck.
#
# $Id: INSTALL,v 1.2 1999-08-24 13:45:00-07 bryan Exp $
# $Id: INSTALL,v 1.3 2003-07-04 11:21:21-07 bryan Exp $
#

4
conserver.cf/Makefile.in
View File

@ -3,6 +3,7 @@ srcdir = @srcdir@
prefix = @prefix@
mandir = @mandir@
sysconfdir = @sysconfdir@
exampledir = $(prefix)/share/examples/conserver
### Installation programs and flags
INSTALL = @INSTALL@
@ -24,5 +25,8 @@ install:
$(MKDIR) $(DESTDIR)$(mandir)/man5
$(INSTALL) conserver.cf.man $(DESTDIR)$(mandir)/man5/conserver.cf.5
$(INSTALL) conserver.passwd.man $(DESTDIR)$(mandir)/man5/conserver.passwd.5
$(MKDIR) $(DESTDIR)$(exampledir)
$(INSTALL) -m 0644 conserver.cf $(DESTDIR)$(exampledir)
$(INSTALL) -m 0644 conserver.passwd $(DESTDIR)$(exampledir)
.PHONY: clean distclean install

60
conserver.cf/conserver.cf
View File

@ -1,26 +1,54 @@
#
# $Id: conserver.cf,v 1.4 2001-06-28 10:24:01-07 bryan Exp $
# $Id: conserver.cf,v 1.5 2003-07-04 11:05:04-07 bryan Exp $
#
# The character '&' in logfile names are substituted with the console
# name. Any logfile name that doesn't begin with a '/' has LOGDIR
# prepended to it. So, most consoles will just have a '&' as the logfile
# name which causes /var/consoles/<consolename> to be used.
# name.
#
LOGDIR=/var/consoles
default full {
rw *;
}
default * {
logfile /var/consoles/&;
timestamp "";
include full;
}
#
# list of consoles we serve
# name : tty[@host] : baud[parity] : logfile : [mark-interval(m|h|d|l)][+]
# name : !host : port : logfile : [mark-interval(m|h|d|l)][+]
# name : |command : : logfile : [mark-interval(m|h|d|l)][+]
#
tweety:!ts1:2002:&:
bambam:!ts1:2003:&:
shell:|::/dev/null:
telnet:|telnet host::/dev/null:
ttya:/dev/ttya:9600p:&:
%%
console tweety {
master localhost;
type host;
host ts1;
port 2002;
}
console bambam {
master localhost;
type host;
host ts1;
port 2003;
}
console shell {
master localhost;
logfile /dev/null;
type exec;
exec "";
}
console telnet {
master localhost;
logfile /dev/null;
type exec;
exec telnet host;
}
console ttya {
master localhost;
type device;
device /dev/ttya;
baud 9600;
parity none;
}
#
# list of clients we allow
# {trusted|allowed|rejected} : machines
#
allowed: 127.0.0.1 gnac.com
access * {
allowed 127.0.0.1 gnac.com;
}

844
conserver.cf/conserver.cf.man
View File

@ -1,174 +1,686 @@
.\" $Id: conserver.cf.man,v 1.15 2001-07-26 10:23:16-07 bryan Exp $
.\" @(#)constab.5 01/06/91 OSU CIS; Thomas A. Fine
.TH CONSERVER.CF 5 "Local"
.\" $Id: conserver.cf.man,v 1.41 2003-09-21 15:05:48-07 bryan Exp $
.TH CONSERVER.CF 5 "2003-09-21" "conserver-8.0.0" "conserver"
.SH NAME
conserver.cf \- console configuration file for conserver(8)
.SH SYNOPSIS
.br
.BI \s-1LOGDIR\s0= logdirectory
.br
.BI \s-1TIMESTAMP\s0= timestamp-spec
.br
\fIname\fP:\fIdevice\fP[@\fIconserver\fP]:\fIbaud\fP:\fIlogfile\fP:\fItimestamp-spec\fP
.br
\fIname\fP:!\fItermserver\fP[@\fIconserver\fP]:\fIport\fP:\fIlogfile\fP:\fItimestamp-spec\fP
.br
\fIname\fP:|\fIcommand\fP[@\fIconserver\fP]::\fIlogfile\fP:\fItimestamp-spec\fP
.br
\fB%%\fP
.br
\fIaccess\fP: \fIhosts\fP
conserver.cf \- console configuration file for
.BR conserver (8)
.SH DESCRIPTION
.B Conserver.cf
is the configuration file for
.BR conserver (8).
It is read once upon startup;
modifications to the file take effect only upon restarting \fBconserver\fP.
All lines starting with the pound sign `#' are considered comment lines.
Blank lines are ignored.
The format of the conserver.cf file is made up of named blocks of
keyword/value pairs, comments, and optional whitespace for formatting
flexibility.
The block types as well as the keywords are pre-defined and
explained in the
.B \s-1BLOCKS\s0
section.
A comment is an unquoted pound-sign
to a newline.
See the
.B \s-1PARSER\s0
section for full details on whitespace and quoting.
.PP
The first section of the file has lines that are separated into
five colon-separated fields. Leading and trailing white space in each
field is ignored.
.TP
.I name
the unique name by which this connection is referred to
when using the \fBconsole\fP program.
This is typically the name of the host whose console is being monitored.
.TP
.I device
the full path name of the device for this line.
The \fIbaud\fP rate is the speed and parity for this console.
Speed may be given as an integer,
parity only requires the first letter of any of: even, odd, mark, space.
For no parity, use the character `p'.
.TP
.BI ! termserver
the hostname of the terminal server to connect to.
A socket connection will be made to port \fIport\fP (an integer).
.TP
.BI | command
the command to invoke on the console server.
.PP
\fIdevice\fP, !\fItermserver\fP, and |\fIcommand\fP may be followed by
a remote console server name in the form ``\fB@\fP\fIconserver\fP'',
in which case the conserver daemon will send connections for \fIname\fP
to the conserver running on the host named \fIconserver\fP.
When the ``\fB@\fP\fIconserver\fP'' notation is used,
\fBconserver\fP recognizes consoles it should manage locally
by comparing the IP address of \fIconserver\fP
against the IP address of the name returned by gethostname().
Thus, it will recognize host aliases, but not names that map to
different IP addresses that may exist on the same host,
so care must be used in specifying the hostname.
Since \fBconserver\fP does recognize its own hostname,
the same cf file may be used by all servers in a network
if every console line includes a ``\fB@\fP\fIconserver\fP'' specification.
.TP
.I logfile
the full path name of file where all output from
this host is logged. Any occurrence of `&' will be replaced with
\fIname\fP. Any path that doesn't begin with a `/' will
have \fIlogdirectory\fP (as specified in the nearest preceding
\fB\s-1LOGDIR=\s0\fP
line) prepended to it.
.TP
.I timestamp-spec
specifies the time between
timestamps applied to the console log file and
whether to log read/write connection actions.
The format of the specification is
[\fImark-interval\fP[\fBm\fP|\fBh\fP|\fBd\fP|\fBl\fP]][\fBa\fP].
The timestamps look like `[-- MARK -- Mon Jan 25 14:46:56 PST 1999]'.
The `\fBm\fP', `\fBh\fP', and `\fBd\fP' tags specify
`minutes' (the default), `hours', and `days'. The `\fBl\fP' tag
specifies `lines' and will cause timestamps of the form
`[Mon Jan 25 14:46:56 PST 1999]' to
be placed every \fImark-interval\fP lines (a newline character signifies
a new line). So, `5h' specifies every five hours and `2l' specifies every
two lines.
An `\fBa\fP' can be specified to add logs of
`attached', `detached', and `bumped' actions,
including the user's name and the host from which the
\fBconsole\fP connection was made,
to the logfile.
Let me first show you a sample block with a couple of keyword/value
pairs to make the description a bit simpler to understand.
.IP
A default \fItimestamp-spec\fP can be specified by using the
\fB\s-1TIMESTAMP=\s0\fP syntax.
All consoles below the \fB\s-1TIMESTAMP=\s0\fP line will use that
\fItimestamp-spec\fP unless overridden on a per-line basis,
and until superseded by another \fB\s-1TIMESTAMP=\s0\fP line.
To turn off marks for a specific
console, use a \fImark-interval\fP of zero.
.PP
This section is terminated with a `\fB%%\fP' token on a line by itself.
.PP
The next section of the file contains a list of hosts and addresses
which are allowed to connect to the console server.
.B Conserver
looks for the first match in the config file
for a client's IP address (or network),
or hostname (or domain) if it is able to do a reverse lookup on the IP address,
to determine the level of access to be granted.
Three levels of access may be specified: ``\fBtrust\fP'', ``\fBallow\fP'',
and ``\fBrefuse\fP''.
The access level is followed by a colon and a space-separated list of
addresses or host names.
Any number of any combination of these levels may be specified,
bearing in mind that conserver uses the first match for each incoming
client connection, so order is important.
.PP
Any complete suffix of a host name may be used to define access for all hosts
in that subdomain.
For example, `\fBcc.purdue.edu\fP' will allow `mentor.cc.purdue.edu'
and `mace.cc.purdue.edu', but not `pucc.purdue.edu' or `hack.purdue.edu'.
For IP addresses, optional netmask lengths may be specified
in CIDR `/' notation.
For example, `\fB192.168.1.0\fP' will allow the class C space of 192.168.1.0,
but `\fB192.168.1.0/25\fP' will allow
only the lower half of that same address space (192.168.1.0 thru 192.168.1.127).
.SH EXAMPLE
# name:path:baud:/usr/adm/logfile:mark
.ft CR
.nf
LOGDIR=/tmp
#
# This logs to /tmp/treelog...
tree:/dev/ttyj0:9600e:&log:
#
# This logs to /tmp/fishlog...
fish:/dev/ttyj1:4800e:fishlog:
#
# Now we're defaulting to /var/tmp for logfiles...
LOGDIR=/var/tmp
#
# So, this is /var/tmp/birdlog
bird:/dev/ttyj2:4800m:&log:
#
# And this is /var/tmp/solarlog...
solar:|telnet solar::solarlog:
#
# Now things are all in /var/consoles/<console name>
LOGDIR=/var/consoles
shell:|::&:
#
# These open connections to ports 2003 and 2004 of ts1...
tribe:!ts1:2003:&:
reptile:!ts1:2004:&:
#
# This opens /dev/ttyh0 if running on extra.cc.purdue.edu;
# otherwise, clients are redirected to that host.
mentor:/dev/ttyh0@extra.cc.purdue.edu:2400e:&:
%%
#
# access restrictions
# (note that the "badhost.cc.purdue.edu" entry must appear
# before the "cc.purdue.edu" entry if connections from
# "badhost" are to be rejected, since only the first match
# is used)
#
trusted: console.cc.purdue.edu 128.210.7.90
refuse: badhost.cc.purdue.edu
allow: cc.purdue.edu stat.cc.purdue.edu
console simple { master localhost; type exec; rw *; }
.fi
.ft
.PP
This is actually a fully functional conserver.cf file (if certain
conditions are met...and if you can list those conditions, you can
probably can skip to the
.B \s-1BLOCKS\s0
section).
.PP
Our example is made of up of a console-block named ``simple'' with three
keyword/value pairs.
What this does is define a console named ``simple'',
makes the master of that console the host ``localhost'', makes the type
an exec-style console, and gives every user read/write permission.
This is the generic format of the file:
.IP
.ft CR
.nf
block-type block-name { keyword value; ... }
.fi
.ft
.PP
To show the addition of comments and whitespace, here is the example
reformatted (but functionally equivalent):
.IP
.ft CR
.nf
# define a console named "simple"
console simple {
# setting all required values...
master localhost;
type exec; # exec-style console
rw *; # allow any username
}
.fi
.ft
.SH PARSER
.PP
The parser has six characters that it considers special.
These are: ``{'', ``}'', ``;'', ``#'', ``\e'', and ``"''.
The first three (hereby called tokens) define the format of the
configuration blocks and are used as word
seperators, the next is the comment character, and the last two are
quoting characters.
.PP
Word seperation occurs when the parser encounters an unquoted token
and, in certain cases, whitespace.
Whitespace is only used as a word seperator when the parser is
looking for a block-type or keyword.
When it's looking for a block-name or value, whitespace is like any
other character, which allows you to embed whitespace in a block-name
or value without having to quote it.
Here is an example:
.IP
.ft CR
.nf
default my defs { rw *; include other defs ; }
.fi
.ft
.PP
The block-type is ``default'', the block-name is ``my defs'', and the value
for the keyword ``include'' is ``other defs''.
Whitespace around tokens are ignored so you get ``other defs''
instead of ``other defs '' as the value.
.PP
The only way to use one of the special characters as part of a block-name
or value is to quote it.
.PP
Quoting is a simple matter of prefixing a character with a backslash or
surrounding a group of characters with double-quotes.
If a character is prefixed by a backslash, the next character is a
literal (so ``\e\e'' produces a ``\e'', ``\e"'' produces ``"'', ``\e{''
produces a ``{'', etc.).
For double-quoted strings, all characters are literal except for ``\e"'',
which embeds a double-quote.
.PP
Adding a variety of quotes to our example without changing the meaning
of things, we have:
.IP
.ft CR
.nf
"defa"ult my\e defs { rw *; in\eclude "other defs" ; }
.fi
.ft
.SH BLOCKS
.TP 8
.B access
.RI [ " hostname " | " ipaddr " ]
.br
Define an access block for the host named
.I hostname
or using the address
.IR ipaddr .
If the value of ``*'' is used, the access block will be applied to
all conserver hosts.
Access lists are used in a first match
fashion (top down), so order is important.
.RS
.TP 15
.B admin
.RI [ " username" ,...
| "" ]
.br
Define a list of users making up the admin list for the console server.
If
.I username
matches a previously defined group name, all members of the previous
group are added to the admin list.
If the null string (``""'') is used, any
users previously defined for the console servers's admin list are removed.
.TP
.B allowed
.IR hostname ", ..."
.br
The list of hostnames are added to the ``allowed'' list, which grants
connections from the hosts but requires username authentication.
.TP
.B include
.I accessgroup
.br
The access lists defined using the name
.I accessgroup
are applied to the current access block.
The included access block must be previously defined.
.TP
.B rejected
.IR hostname ", ..."
.br
The list of hostnames are added to the ``rejected'' list, which rejects
connections from the hosts.
.TP
.B trusted
.IR hostname ", ..."
.br
The list of hostnames are added to the ``trusted'' list, which grants
connections from the hosts without username authentication.
.RE
.TP 8
.B break
.I n
.br
Define a break sequence where 0 <
.I n
< 10.
Break sequences are accessed via the
.RI ``^El n ''
client escape sequence.
.RS
.TP 15
.B delay
.I n
.br
Set the time delay for the
.B \ed
sequence to
.I n
milliseconds.
The default time delay is 250ms.
.TP
.B string
.I breakseq
.br
Assign the string
.IR breakseq
to the specified slot
.IR n .
A break sequence is a simple character string with the exception of `\e'
and `^':
.RS
.sp
.PD 0
.TP 6
.B \ea
alert
.TP
.B \eb
backspace
.TP
.B \ed
0.33 second delay
.TP
.B \ef
form-feed
.TP
.B \en
newline
.TP
.B \er
carriage-return
.TP
.B \et
tab
.TP
.B \ev
vertical-tab
.TP
.B \ez
serial break
.TP
.B \e\e
backslash
.TP
.B \e^
circumflex
.TP
.BI \e ooo
octal representation of a character (where
.I ooo
is one to three octal digits)
.TP
.BI \e c
character
.I c
.TP
.B ^?
delete
.TP
.BI ^ c
control character
.RI ( c
is ``and''ed with 0x1f)
.PD
.RE
.RE
.TP 8
.B config
.RI [ " hostname " | " ipaddr " ]
.br
Define a configuration block for the host named
.I hostname
or using the address
.IR ipaddr .
If the value of ``*'' is used, the configuration block will be applied to
all conserver hosts.
.RS
.TP 15
.B defaultaccess
.RB [ " rejected " | " trusted " | " allowed " ]
.br
Set the default access permission for all hosts not matched by
an access list (see the
.B \-a
command-line flag).
.TP
.B daemonmode
.RB [ " yes " | " true " | " on " | " no " | " false " | " off " ]
.br
Set whether or not to become a daemon when run (see the
.B \-d
command-line flag).
.TP
.B logfile
.I filename
.br
Set the logfile to write to when in daemon mode (see the
.B \-L
command-line flag).
.TP
.B passwdfile
.I filename
.br
Set the password file location used for authentication (see the
.B \-P
command-line flag).
.TP
.B primaryport
.RI [ " number " | " name " ]
.br
Set the port used by the master conserver process (see the
.B \-p
command-line flag).
.TP
.B redirect
.RB [ " yes " | " true " | " on " | " no " | " false " | " off " ]
.br
Turn redirection on or off (see the
.B \-R
command-line flag).
.TP
.B reinitcheck
.I number
.br
Set the number of seconds used between reinitialization checks (see the
.B \-O
command-line flag).
.TP
.B secondaryport
.RI [ " number " | " name " ]
.br
Set the base port number used by child processes (see the
.B \-b
command-line flag).
.TP
.B sslcredentials
.I filename
.br
Set the
.SM SSL
credentials file location (see the
.B \-c
command-line flag).
.TP
.B sslrequired
.RB [ " yes " | " true " | " on " | " no " | " false " | " off " ]
.br
Set whether or not encryption is required when talking to clients (see the
.B \-E
command-line flag).
.RE
.TP 8
.B console
.I name
.br
Define a console identified as
.IR name .
The keywords are the same as the
.B default
block with the following addition.
.RS
.TP 15
.B aliases
.RI [ " name" ", ..."
| "" ]
.br
Define a list of console aliases.
If the null string (``""'') is used, any
aliases previously defined for the console are removed.
.RE
.TP 8
.B default
.I name
.br
Define a block of defaults identified as
.IR name .
If
.I name
is ``*'', the automatically applied default block is defined (basically
all consoles have an implicit ``include "*";'' at the begining
of their definition).
.RS
.TP 15
.B baud
.RB [ " 300 " | " 600 " | " 1800 " | " 2400 " | " 4800"
.RB | " 9600 " | " 19200 " | " 38400 " | " 57600 " | " 115200 " ]
.br
Assign the baud rate to the console.
Only consoles of type ``device'' will use this value.
.TP
.B break
.I n
.br
Assign the break sequence
.I n
as the default for the console, which is used by
the ``^Ecl0'' client escape sequence.
.TP
.B device
.I filename
.br
Assign the serial device
.I filename
as the access to the console.
Only consoles of type ``device'' will use this value.
.TP
.B exec
.RI [ " command "
| "" ]
.br
Assign the string
.I command
as the command to access the console.
Conserver will run the command by
invoking ``/bin/sh -ce "\fIcommand\fP"''.
If the null string (``""'') is used or no
.B exec
keyword is specified, conserver will use the command ``/bin/sh -i''.
Only consoles of type ``device'' will use this value.
.TP
.B host
.I hostname
.br
Assign
.I hostname
as the host to connect to for accessing the console.
You must also set the
.B port
option as well.
Only consoles of type ``host'' will use this value.
.TP
.B include
.I default
.br
The default block defined using the name
.I default
is applied to the current console or default block.
The included default block must be previously defined.
.TP
.B logfile
.RI [ " filename "
| "" ]
.br
Assign the logfile specified by
.I filename
to the console. Any occurance of ``&'' in
.I filename
will be replaced with the name of the console.
If the null string (``""'') is used, the logfile name is unset and
no logging will occur.
.TP
.B master
.RI [ " hostname " | " ipaddr " ]
.br
Define which conserver host manages the console.
The host may be specified by
.I hostname
or using the address
.IR ipaddr .
.TP
.B options
.RI [ " option" ,...
| "" ]
.br
You can negate the option by prefixing it with a
.RB `` ! ''
character.
So, to turn off the
.B hupcl
flag, you would use
.BR !hupcl .
The following are valid
.IR option s:
.RS
.sp
.PD 0
.TP 12
.B ixon
Enable
.SM XON/XOFF
flow control on output.
Only consoles of type ``device'' or ``exec'' will use this value.
Default is
.BR ixon .
.TP
.B ixany
Enable any character to restart output.
Only consoles of type ``device'' or ``exec'' will use this value.
Default is
.BR !ixany .
.TP
.B ixoff
Enable
.SM XON/XOFF
flow control on input.
Only consoles of type ``device'' or ``exec'' will use this value.
Default is
.B ixoff
for consoles of type ``device'' and
.B !ixoff
for consoles of type ``exec''.
.TP
.B crtscts
Enable
.SM RTS/CTS
(hardware) flow control.
Only consoles of type ``device'' will use this value.
Default is
.BR !crtscts .
.TP
.B cstopb
Set two stop bits, rather than one.
Only consoles of type ``device'' will use this value.
Default is
.BR !cstopb .
.TP
.B hupcl
Lower modem control lines after last process closes the device (hang up).
Only consoles of type ``device'' will use this value.
Default is
.BR !hupcl .
.TP
.B ondemand
Initialize the console when a client requests a connection to the console.
When no clients are connected, bring the console down.
The conserver option
.B \-i
will set this flag for all consoles.
Default is
.BR !ondemand .
.TP
.B striphigh
Strip the high bit off all data coming from this console and all clients
connected to this console before processing occurs.
The conserver option
.B \-7
will set this flag for all consoles.
Default is
.BR !stiphigh .
.TP
.B reinitoncc
Automatically reinitialize (``bring up'') a downed console when a client
connects.
Without this option, a client will be attached to the downed console
and will need to manually reinitialize the console with an escape sequence.
The conserver option
.B \-o
will set this flag for all consoles.
Default is
.BR !reinitoncc .
.TP
.B autoreinit
Allow this console to be automatically reinitialized if it unexpectedly
goes down.
If the console doesn't come back up, it is retried every minute.
A console of type ``exec'' that exits with a zero exit status is
automatically reinitialized regardless of this setting.
The conserver option
.B \-F
will
.B unset
this flag for all consoles.
Default is
.BR autoreinit .
.TP
.B unloved
Enable the sending of this console's output (prefixed with it's
name) to the daemon's stdout (or the logfile if in daemon mode) when no
clients are connected to the console.
The conserver option
.B \-u
will set this flag for all consoles.
Default is
.BR !unloved .
.PD
.RE
.TP
.B parity
.RB [ " even " | " mark " | " none " | " odd " | " space " ]
.br
Set the parity option for the console.
Only consoles of type ``device'' will use this value.
.TP
.B port
.RI [ " number " | " name " ]
.br
Set the port used to access the console.
The port may be specified as a
.I number
or a
.IR name ,
in which case it will use
.BR getservbyname (3)
to look up a port number.
You must also set the
.B host
option as well.
Only consoles of type ``host'' will use this value.
.TP
.B ro
.RI [ " username" ,...
| "" ]
.br
Define a list of users making up the read-only access list
for the console.
If
.I username
matches a previously defined group name, all members of the previous
group are added to the read-only access list.
If the null string (``""'') is used, any
users previously defined for the console's read-only list are removed.
.TP
.B rw
.RI [ " username" ,...
| "" ]
.br
Define a list of users making up the read-write access list
for the console.
If
.I username
matches a previously defined group name, all members of the previous
group are added to the read-write access list.
If the null string (``""'') is used, any
users previously defined for the console's read-write list are removed.
.TP
.B timestamp
[
.RB [ \fInumber\fP [ m | h | d | l ]][ a ][ b ]
| "" ]
.br
Specifies the time between timestamps applied to the console
log file and whether to log read/write connection actions.
The timestamps look like ``[-- MARK -- Mon Jan 25 14:46:56 1999]''.
The
.RB ` m ',
.RB ` h ',
and
.RB ` d '
tags specify ``minutes'' (the default), ``hours'', and ``days''.
The
.RB ` l '
tag specifies ``lines'' and will cause timestamps of the
form ``[Mon Jan 25 14:46:56 PST 1999]'' to
be placed every
.I number
lines (a newline character signifies a new line).
So, ``5h'' specifies every five hours and ``2l'' specifies every
two lines.
An
.RB ` a '
can be specified to add logs of ``attached'', ``detached'',
and ``bumped'' actions, including the user's name and the host from which the
client connection was made.
A
.RB ` b '
can be specified to add logging of break sequences sent to the console.
.TP
.B type
.RB [ " device " | " exec " | " host " ]
.br
Set the type of console. The type
.RB `` device ''
should be used for local serial ports (also set the
.B device
option), the type
.RB `` exec ''
should be used for command invocations (perhaps also set the
.B exec
option), and the type
.RB `` host ''
should be used for terminal servers and other socket-based
interaction (also set the
.B host
and
.B port
options).
.RE
.TP 8
.B group
.I name
.br
Define a user group identified as
.I name
.RS
.TP 15
.B users
.RI [ " username" ,...
| "" ]
.br
Define a list of users making up the group
.IR name .
If
.I username
matches a previously defined group name, all members of the previous
group are added to the current group.
If the null string (``""'') is used, any
users previously defined for this group are removed.
.RE
.SH AUTHORS
Bryan Stansell, conserver.com
.SH "SEE ALSO"
.BR console (1),
.BR conserver.passwd (5),

6
conserver.cf/conserver.passwd
View File

@ -1,3 +1,3 @@
bryan:td1AgneGE3RsU:any
djs:*passwd*:any
todd:*passwd*:server1
bryan:td1AgneGE3RsU
djs:*passwd*
todd:*passwd*

104
conserver.cf/conserver.passwd.man
View File

@ -1,59 +1,83 @@
.\" $Id: conserver.passwd.man,v 1.2 2001-07-22 11:48:29-07 bryan Exp $
.TH CONSERVER.PASSWD 5 "Local"
.\" $Id: conserver.passwd.man,v 1.9 2003-07-04 13:20:52-07 bryan Exp $
.TH CONSERVER.PASSWD 5 "2003-07-04" "conserver-8.0.0" "conserver"
.SH NAME
conserver.passwd \- user access information for conserver(8)
conserver.passwd \- user access information for
.BR conserver (8)
.SH SYNOPSIS
.br
\fIusername\fB:\fIpassword\fB:\fIconsoles\fR
.IB username : password
.SH DESCRIPTION
The \fBconserver.passwd\fP file
is the user authentication and authorization file for
The
.B conserver.passwd
file is the user authentication and authorization file for
.BR conserver (8).
Upon each incoming client connection,
\fBconserver\fP opens and reads the \fBconserver.passwd\fP file,
so edits to the file take effect immediately.
It reads only until the first \fIusername\fP match.
.B conserver
opens and reads the
.B conserver.passwd
file, so edits to the file take effect immediately.
It reads only until the first
.I username
match.
.PP
Each line consists of three colon-separated fields,
as follows:
Blank lines and comment lines (those beginning with a ``#'' and
optional leading whitespace) are ignored.
Non-ignored lines beginning with whitespace are considered
continuations of the previous line.
This allows you to span one logical line over
many physical lines and insert comments wherever appropriate.
.PP
Each logical line consists of two colon-separated fields.
Leading and trailing white space in each field is ignored.
.TP
.I username
the login name of the authorized user,
or the string ``\fB*any*\fP'' to match any user.
This is compared against the name sent by the \fBconsole\fP client,
based either on the user's identity or on the \fB\-l\fP option.
Since \fBconserver\fP only uses the first \fIusername\fP match,
an ``\fB*any*\fP'' entry will apply to any user
or the string
.RB `` *any* ''
to match any user.
This is compared against the name sent by the
.B console
client, based either on the user's identity or on the
.B \-l option.
Since
.B conserver
only uses the first
.I username
match, a
.RB `` *any* ''
entry will apply to any user
without an entry earlier in the file.
.TP
.I password
the encrypted password,
or the string ``\fB*passwd*\fP''
to indicate that \fBconserver\fP should look up the user's password
in the system \fBpasswd\fP (or \fBshadow\fP) database.
or the string
.RB `` *passwd* ''
to indicate that
.B conserver
should look up the user's password
in the system
.BR passwd " (or " shadow ") database."
If PAM support has been enabled
.RB ( --with-pam ),
PAM lookups will be done instead of
.BR passwd " (or " shadow ") lookups."
If this field is empty, password checking is bypassed for this user.
.TP
.I consoles
a comma- and/or space-separated list of consoles
to which the user is permitted to connect,
or the string ``\fBany\fP'' to allow access to any console.
These names must match the console names in the \fBconserver.cf\fP file.
.SH EXAMPLE
.TP 30
\fBmary:r71mXjfALB5Ak:any\fP
Mary may connect to any console if her password matches;
.TP 24
.B mary:r71mXjfALB5Ak
Mary uses the password specified above;
it does not matter whether she has a login on the conserver host.
.TP
\fBfred:*passwd*:foo.example.com,bar.example.com\fP
Fred may connect only to the listed consoles,
and only with his regular login password on the conserver host.
.B fred:*passwd*
Fred may connect only with his regular login password on the conserver host.
.TP
\fBbozo:*:\fP
Bozo is not allowed access to any consoles.
.B bozo:*
Bozo is only allowed to access a console if his password isn't used (since
it's invalid) which means he needs to come from a
.B trusted
host.
.TP
\fB*any*:*passwd*:any\fP
Anyone not listed above may access any console
if they have a regular login and know the password.
.B *any*:*passwd*
Anyone not listed above uses their regular login and password.
.SH "SEE ALSO"
.BR console (1),
.BR conserver.cf (5),
@ -62,4 +86,8 @@ if they have a regular login and know the password.
.PP
There is currently no way provided by the conserver package
to generate the encrypted password strings
besides copying them from the system \fBpasswd\fP database.
besides copying them from the system
.B passwd
database or running
.BR crypt (3)
via C or perl or some other language that supports it.

61
conserver.cf/test.cf
View File

@ -1,26 +1,45 @@
# dummy conserver config file
#
# $Id: dummy.cf,v 4.3 92/07/27 12:23:59 ksb Exp $
#
# 1. change the `/dev/ttya' to any tty device you can put a serial device on
# that you could talk to with kermit/cu. Put in the baud rate and parity.
#
# 2. change the `cc.purdue.edu' to your local domain.
#
# 3. !! do not leave this up, as it can give local users a root shell (login)
# !! for extended testing change the `|' to `|su - tst' where tst is a
# !! vanilla test acount, or comment out the `login' console.
# $Id: test.cf,v 1.2 2003-07-04 11:04:05-07 bryan Exp $
#
default full {
rw *;
}
default * {
logfile /tmp/&;
timestamp "";
include full;
}
break 5 {
string "\rtest\r";
}
# list of consoles we serve
# name : tty[@host] : baud[parity] : device : group
DOMAINHACK=
LOGDIR=/tmp
shell:|:9600p:&:
#ts6-10:!ts6:10010:&:
#ts6-11:!ts6:10011:&:
#ts6-12:!ts6:10012:&:
#ts6-13:!ts6:10013:&:
%%
console shell {
master localhost;
timestamp 5;
type exec;
exec "";
}
console bash {
master localhost;
timestamp 2;
type exec;
exec /usr/local/bin/bash;
}
console web {
master localhost;
type host;
host www.conserver.com;
port 80;
}
console b {
master localhost;
type device;
device /dev/ttyb;
baud 9600;
parity none;
}
# list of clients we allow
# type machines
trusted: 127.0.0.1
access * {
trusted 127.0.0.1;
}

398
conserver.html
View File

@ -1,228 +1,270 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<HEAD>
<META name="generator" content=
"HTML Tidy for Solaris (vers 1st May 2002), see www.w3.org">
<META name="keywords" content=
"conserver,serial,console,serial console,unix,tty,ttya,ttyb, rs-232,rs232,bryan stansell,stansell,console server,terminal server,headless">
<META name="author" content=
"Bryan Stansell &lt;bryan@conserver.com&gt;">
<LINK rel="SHORTCUT ICON" href="conserver.ico">
<META NAME="keywords" CONTENT="conserver,serial,console,serial
console,unix,tty,ttya,ttyb, rs-232,rs232,bryan
stansell,stansell,console server,terminal server,headless">
<TITLE>Conserver</TITLE>
<META NAME="author" CONTENT="Bryan Stansell &lt;bryan@conserver.com&gt;">
<TITLE>Conserver</TITLE>
<STYLE type="text/css">
<STYLE type="text/css">
body {
background-color: #EEEEEE;
color: black;
}
</STYLE>
</STYLE>
</HEAD>
</HEAD>
<BODY>
<TABLE summary="Logo" bgcolor="black" width="100%" align=
"center">
<TR>
<TD align="center"><IMG src="conserver.jpg" alt=
"Conserver"><BR>
</TD>
</TR>
</TABLE>
<BODY>
<TABLE SUMMARY="Logo" BGCOLOR="black" WIDTH="100%" ALIGN="CENTER"><TR><TD ALIGN="CENTER">
<BR><IMG SRC="conserver.gif" ALT="Conserver"><BR><BR></TD></TR></TABLE><BR>
<TABLE summary="Conserver Page" width="80%" align="center">
<TR>
<TD colspan="2" align="center">Please pick your closest
mirror: &nbsp;&nbsp;<A href=
"http://planetmirror.com/pub/conserver/">Australia</A>
&nbsp;&nbsp;<A href="http://www.conserver.com/">US
(Primary)</A><BR>
<BR>
</TD>
</TR>
<TABLE SUMMARY="Conserver Page" WIDTH="80%" ALIGN="CENTER">
<TR><TD>
<TR>
<TD>
<!-- empty cell here, then search box on right spans two rows,
then we have the text that appears on the left, so things
appear in the right order so they look right in lynx
-->
</TD>
<H3>What is conserver?</H3>
<TD rowspan="2" align="right">
<FORM method="post" action=
"http://www.conserver.com/cgi-bin/htsearch">
<INPUT type="HIDDEN" name="method" value="and"> <INPUT
type="HIDDEN" name="format" value="builtin-long">
<INPUT type="HIDDEN" name="sort" value="score"> <INPUT
type="HIDDEN" name="config" value="htdig"> <INPUT type=
"HIDDEN" name="restrict" value=""> <INPUT type="HIDDEN"
name="exclude" value=""> <INPUT type="TEXT" size="20"
name="words" value=""> <INPUT type="SUBMIT" value=
"Search">
</FORM>
</TD>
</TR>
</TD>
<TR>
<TD>
<H3>What is conserver?</H3>
</TD>
</TR>
<TD ALIGN="RIGHT">
<FORM METHOD="POST" ACTION="http://www.conserver.com/cgi-bin/htsearch">
<INPUT TYPE="HIDDEN" NAME="method" VALUE="and">
<INPUT TYPE="HIDDEN" NAME="format" VALUE="builtin-long">
<INPUT TYPE="HIDDEN" NAME="sort" VALUE="score">
<INPUT TYPE="HIDDEN" NAME="config" VALUE="htdig">
<INPUT TYPE="HIDDEN" NAME="restrict" VALUE="">
<INPUT TYPE="HIDDEN" NAME="exclude" VALUE="">
<INPUT TYPE="TEXT" SIZE="20" name="words" VALUE="">
<INPUT TYPE="SUBMIT" VALUE="Search">
</FORM>
</TD></TR>
<TR><TD COLSPAN=2>
<TR>
<TD colspan="2">
<P>From an email I once sent...</P>
<P>
<P>Conserver is an application that allows multiple users
to watch a serial console at the same time. It can log
the data, allows users to take write-access of a console
(one at a time), and has a variety of bells and whistles
to accentuate that basic functionality. The idea is that
conserver will log all your serial traffic so you can go
back and review why something crashed, look at changes
(if done on the console), or tie the console logs into a
monitoring system (just watch the logfiles it creates).
With multi-user capabilities you can work on equipment
with others, mentor, train, etc. It also does all that
client-server stuff so that, assuming you have a network
connection, you can interact with any of the equipment
from home or wherever.</P>
From an email I once sent...
<H3>The FAQ</H3>
Here's the conserver <A href="FAQ">FAQ</A>. Got any
additions? Let me know.
</P>
<P>
<H3>Mailing Lists</H3>
Conserver is an application that allows multiple users to watch a
serial console at the same time. It can log the data, allows users to
take write-access of a console (one at a time), and has a variety of
bells and whistles to accentuate that basic functionality. The idea is
that conserver will log all your serial traffic so you can go back and
review why something crashed, look at changes (if done on the console),
or tie the console logs into a monitoring system (just watch the
logfiles it creates). With multi-user capabilities you can work on
equipment with others, mentor, train, etc. It also does all that
client-server stuff so that, assuming you have a network connection,
you can interact with any of the equipment from home or wherever.
<P>There are currently two mailing lists available. <A
href=
"mailto:announce@conserver.com">announce@conserver.com</A>
is an announcement-only mailing list for informing of new
versions, major developments, etc. <A href=
"mailto:users@conserver.com">users@conserver.com</A> is
for general Q&amp;A, discussions, ideas, etc. for
conserver users. You can sign up by sending a message to
<A href=
"mailto:announce-request@conserver.com">announce-request@conserver.com</A>
or <A href=
"mailto:users-request@conserver.com">users-request@conserver.com</A>
with a subject of "subscribe" or head over to the online
<A href="https://www.conserver.com/mailman/listinfo">web
pages</A>.</P>
</P>
<H3>Origin</H3>
<H3>A FAQ!</H3>
<P>The console server software found here is a heavily
modified version originally written by <A href=
"http://hea-www.harvard.edu/~fine/">Tom Fine</A> (<A
href=
"mailto:fine@head-cfa.harvard.edu">fine@head-cfa.harvard.edu</A>)
at <A href="http://www.ohio-state.edu/">Ohio State</A>
and then Kevin S Braunsdorf (<A href=
"mailto:ksb+conserver@sa.fedex.com">ksb+conserver@sa.fedex.com</A>)
at <A href="http://www.purdue.edu/">Purdue
University</A>. Patches from Robert Olson (<A href=
"mailto:olson@mcs.anl.gov">olson@mcs.anl.gov</A>) at <A
href="http://www.anl.gov/">Argonne National
Laboratory</A> were then applied to get network console
support.</P>
Here's the start of a conserver <A
HREF="http://www.conserver.com/FAQ">FAQ</A>. Got any additions? Let
me know.
<P>Arnold de Leon (<A href=
"mailto:arnold@corp.webtv.net">arnold@corp.webtv.net</A>)
then fixed various bugs and added enhancements while at
<A href="http://www.synopsys.com/">Synopsys</A>. I then
took the result, continued fixing things, and added
features we found useful.</P>
<H3>Mailing Lists</H3>
<P>
<P><A href="http://www.gnac.com/">GNAC</A> (Global
Networking and Computing - currently <A href=
"http://www.certaintysolutions.com/">Certainty
Solutions</A>) has been supporting my coding efforts (in
too many ways to list) since 1996.</P>
There are currently two mailing lists available. <A
HREF="mailto:announce@conserver.com">announce@conserver.com</A> is an
announcement-only mailing list for informing of new versions, major
developments, etc. <A
HREF="mailto:users@conserver.com">users@conserver.com</A> is for
general Q&amp;A, discussions, ideas, etc for conserver users. You can
sign up my sending a message to <A
HREF="mailto:announce-request@conserver.com">announce-request@conserver.com</A>
or <A
HREF="mailto:users-request@conserver.com">users-request@conserver.com</A>
with a subject of "subscribe" or head over to the online <A
HREF="https://www.conserver.com/mailman/listinfo">web pages</A>.
<H3>The conserver.com Distribution</H3>
</P>
<P>The result is a combination of many people's work.
This version is being released in hopes that it will help
others. There is no warranty or support implied by the
distribution of the software.</P>
<H3>Origin</H3>
<P>
<P>So, what the heck is up with all the different
conserver versions? Well, the original authors are
continuing to distribute their own threads of the
software so you have three main threads (as far as I
know). First, there's Tom Fine's thread at <A href=
"http://hea-www.harvard.edu/~fine/Tech/console-server.html">
http://hea-www.harvard.edu/~fine/Tech/console-server.html</A>.
He isn't actively developing it, however, according to
the website. Next, there's Kevin Braunsdorf's version at
<A href=
"ftp://ftp.physics.purdue.edu/pub/pundits/">ftp://ftp.physics.purdue.edu/pub/pundits/</A>.
Kevin is semi-actively working on his thread. Doesn't
look like any new versions have been out since August
2000 (version 8.5), but maybe this info will be out of
date by the time you read this. Lastly, the conserver.com
version is based on Kevin's "5.21-Beta" distribution, but
since <B>HEAVILY</B> modified and enhanced (more details
in the "Origin" section above).</P>
The console server software found here is a heavily modified version
originally written by <A HREF="http://hea-www.harvard.edu/~fine/">Tom
Fine</A> (<A
HREF="mailto:fine@head-cfa.harvard.edu">fine@head-cfa.harvard.edu</A>)
at Ohio State and then Kevin S Braunsdorf (<A
HREF="mailto:ksb+conserver@sa.fedex.com">ksb+conserver@sa.fedex.com</A>).
Patches from Robert Olson (<A
HREF="mailto:olson@mcs.anl.gov">olson@mcs.anl.gov</A>) were then
applied to get network console support.
<P>If I were looking for a conserver package I would
either use Kevin's latest distribution or the
conserver.com distribution. Which one? Well, obviously
I'm biased and believe the conserver.com distribution
should be your choice, but Kevin's does have UPS (serial
port line toggling bits) that the conserver.com version
doesn't have. What does the conserver.com distribution
have? Well, in reality, too many things to list. You'll
have to look at the <A href="CHANGES">CHANGES</A> file
and see the enhancements, bug fixes, and general
development since the original. Don't let the version
numbers fool you - you'll have to compare and contrast
for yourself.</P>
</P>
<P>
<H3>Downloading</H3>
Arnold de Leon (<A
HREF="mailto:arnold@corp.webtv.net">arnold@corp.webtv.net</A>) then
fixed various bugs and added enhancements while at <A
HREF="http://www.synopsys.com/">Synopsys</A>. I then took the result,
continued fixing things, and added features we found useful.
<P>The current version, released on Sep 22, 2003, is <A
href="8.0.0.tar.gz">8.0.0.tar.gz</A>. You can get it via
<A href=
"ftp://ftp.conserver.com/conserver/8.0.0.tar.gz">FTP</A>
or <A href="8.0.0.tar.gz">HTTP</A>. See the <A href=
"CHANGES">CHANGES</A> file for information on the latest
updates.</P>
</P>
<P>
<P>As of version 6.1.7, the packaging and numbering
scheme has changed. I used to package conserver as
conserver-GNAC-v.vv. Since <A href=
"http://www.gnac.com/">GNAC</A> (now <A href=
"http://www.certaintysolutions.com/">Certainty
Solutions</A>) has changed its name I've decided to drop
the GNAC portion and use a three-digit version number
(conserver-v.v.v). Why change the version numbering? I
need to differentiate this thread of the code from the
original authors' and I couldn't come up with a good
replacement for the GNAC name - sad, but true.</P>
<A HREF="http://www.certaintysolutions.com/">Certainty Solutions</A>
(formerly Global Networking and Computing - GNAC) has been supporting
my coding efforts (in too many ways to list) since 1996.
<H3>Installation</H3>
</P>
<P>Check the <A href="INSTALL">INSTALL</A> file for
instructions.</P>
<H3>The conserver.com Distribution</H3>
<H3>Systems Tested</H3>
<P>
The result is a combination of many people's work. This version is
being released in hopes that it will help others. There is no warranty
or support implied by the distribution of the software.
</P>
<P>Here's a list of systems that I've been told can
successfully compile conserver. If anyone has more to add
to this list (or something on the list doesn't work any
more), please let me know.</P>
<P>
<UL>
<LI>AIX 4.3.3/5.1/5.2, native cc</LI>
So, what the heck is up with all the different conserver versions?
Well, the original authors are continuing to distribute their own
threads of the software so you have three main threads (as far as I
know). First, there's Tom Fine's thread at <A
HREF="http://hea-www.harvard.edu/~fine/Tech/console-server.html">http://hea-www.harvard.edu/~fine/Tech/console-server.html</A>.
He isn't actively developing it, however, according to the website.
Next, there's Kevin Braunsdorf's version at <A
HREF="ftp://ftp.physics.purdue.edu/pub/pundits/">ftp://ftp.physics.purdue.edu/pub/pundits/</A>.
Kevin is semi-actively working on his thread. Doesn't look like any
new versions have been out since August 2000 (version 8.5), but maybe
this info will be out of date by the time you read this. Lastly, the
conserver.com version is based on Kevin's "5.21-Beta" distribution, but
since <B>HEAVILY</B> modified and enhanced (more details in the
"Origin" section above).
<LI>BSDI BSD/OS 3.X, gcc</LI>
</P>
<LI>Cygwin (w2k),gcc 2.95.3</LI>
<P>
<LI>DEC Tru64 4.0, gcc</LI>
If I were looking for a conserver package I would either use Kevin's
latest distribution or the conserver.com distribution. Which one?
Well, obviously I'm biased and believe the conserver.com distribution
should be your choice, but Kevin's does have UPS (serial port line
toggling bits) that the conserver.com version doesn't have. What does
the conserver.com distribution have? Well, in reality, too many things
to list. You'll have to look at the <A
HREF="http://www.conserver.com/CHANGES">CHANGES</A> file and see the
enhancements, bug fixes, and general development since the original.
Don't let the version numbers fool you - you'll have to compare and
contrast for yourself.
<LI>DEC Tru64 4.0/5.1, native cc</LI>
</P>
<LI>FreeBSD 4.2/4.8/5.1 (x86), gcc</LI>
<H3>Downloading</H3>
<LI>HP-UX 10.20, gcc</LI>
<P>
The current version, released on RELEASE_DATE, is <A
HREF="http://www.conserver.com/7.1.0.tar.gz">
7.1.0.tar.gz</A>. You can get it via <A
HREF="ftp://ftp.conserver.com/conserver/7.1.0.tar.gz">FTP</A>
or <A HREF="http://www.conserver.com/7.1.0.tar.gz">HTTP</A>.
See the <A HREF="http://www.conserver.com/CHANGES">CHANGES</A> file for
information on the latest updates.
</P>
<LI>HP-UX 11.10 parisc and ia64, native cc</LI>
<P>
As of version 6.1.7, the packaging and numbering scheme has changed. I
used to package conserver as conserver-GNAC-v.vv. Since GNAC (now <A
HREF="http://www.certaintysolutions.com/">Certainty Solutions</A>) has
changed it's name I've decided to drop the GNAC portion and use a 3
digit version number (conserver-v.v.v). Why change the version
numbering? I need to differentiate this thread of the code from the
original authors and I couldn't come up with a good replacement for the
GNAC name - sad, but true.
</P>
<LI>Irix 6.15, native cc</LI>
<H3>Installation</H3>
<LI>Linux 2.2.18 (x86), gcc</LI>
<P>
Check the
<A HREF="http://www.conserver.com/INSTALL">INSTALL</A>
file for instructions.
</P>
<LI>Linux 2.4.2 (x86), gcc</LI>
<H3>Systems Tested</H3>
<LI>Linux ia64, native gcc</LI>
<P>
Here's a list of systems that I've been told can successfully compile conserver. If anyone has more to add to this list, please let me know.
</P>
<UL>
<LI>Solaris 2.5.1 thru 8 (sparc/x86), gcc
<LI>BSDI 3.X, gcc
<LI>MacOS X
<LI>Linux 2.2.18 (x86), gcc
<LI>Linux 2.4.2 (x86), gcc
<LI>FreeBSD 4.2 (x86), gcc
<LI>cygwin (w2k),gcc 2.95.3
<LI>DEC Tru64 4.0, gcc
<LI>DEC Tru64 4.0/5.1, DEC cc
<LI>HP-UX 10.20, gcc
</UL>
<LI>Linux RedHat 6.2 and 7.2 (x86), native gcc</LI>
<H3>Other Good Information</H3>
<LI>MacOS X, native gcc</LI>
<P>
Zonker Harris has fabulous documents regarding the hookup of
consoles to terminal servers and other such devices. His <A
HREF="http://www.conserver.com/consoles/"> Greater Scroll
of Console Knowledge</A> is a great place to start.
</P>
<LI>Solaris 2.5.1 thru 9 (sparc/x86), gcc</LI>
<HR NOSHADE><ADDRESS>Bryan Stansell
(<A HREF = "mailto:bryan@conserver.com">bryan@conserver.com</A>)<BR></ADDRESS>
</TD></TR></TABLE>
</BODY>
<LI>Solaris 7/8, native cc</LI>
</UL>
<H3>Other Good Information</H3>
<P>Zonker Harris has fabulous documents regarding the
hookup of consoles to terminal servers and other such
devices. His <A href="consoles/">Greater Scroll of
Console Knowledge</A> is a great place to start.</P>
<HR noshade>
<ADDRESS>
Bryan Stansell (<A href=
"mailto:bryan@conserver.com">bryan@conserver.com</A>)<BR>
</ADDRESS>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

20
conserver/Makefile.in
View File

@ -6,6 +6,7 @@ exec_prefix = @exec_prefix@
sbindir = @sbindir@
sysconfdir = @sysconfdir@
mandir = @mandir@
exampledir = $(prefix)/share/examples/conserver
### Installation programs and flags
INSTALL = @INSTALL@
@ -15,11 +16,11 @@ MKDIR = @MKDIR@
### Compiler and link options
CC = @CC@
CFLAGS = @CFLAGS@ # -DPUCC -DSUN5
CFLAGS = @CFLAGS@
DEFS = @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)\"
CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@ @CONSCPPFLAGS@
LDFLAGS = @LDFLAGS@ @CONSLDFLAGS@
LIBS = @LIBS@ @CONSLIBS@
@SET_MAKE@
@ -31,7 +32,7 @@ CONSERVER_HDRS = ../config.h $(top_srcdir)/compat.h $(srcdir)/access.h \
$(srcdir)/client.h $(srcdir)/consent.h $(srcdir)/group.h \
$(srcdir)/main.h $(srcdir)/master.h $(srcdir)/readcfg.h \
$(srcdir)/util.h
ALL = conserver
ALL = conserver convert
all: $(ALL)
@ -39,6 +40,9 @@ all: $(ALL)
conserver: $(CONSERVER_OBJS)
$(CC) $(CFLAGS) $(LDFLAGS) -o conserver $(CONSERVER_OBJS) $(LIBS)
convert: convert.o util.o
$(CC) $(CFLAGS) $(LDFLAGS) -o convert convert.o util.o $(LIBS)
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
@ -46,14 +50,14 @@ clean:
rm -f *~ *.o $(ALL) core
distclean: clean
rm -f Makefile
rm -f Makefile conserver.rc
install: conserver
$(MKDIR) $(DESTDIR)$(sbindir)
$(INSTALL_PROGRAM) conserver $(DESTDIR)$(sbindir)
$(MKDIR) $(DESTDIR)$(mandir)/man8
$(INSTALL) conserver.man $(DESTDIR)$(mandir)/man8/conserver.8
$(MKDIR) $(DESTDIR)$(sysconfdir)
[ -f $(DESTDIR)$(sysconfdir)/conserver.rc ] || $(INSTALL) conserver.rc $(DESTDIR)$(sysconfdir)
$(MKDIR) $(DESTDIR)$(exampledir)
$(INSTALL) conserver.rc $(DESTDIR)$(exampledir)
.PHONY: clean distclean install

284
conserver/access.c
View File

@ -1,7 +1,7 @@
/*
* $Id: access.c,v 5.35 2001-07-23 00:45:49-07 bryan Exp $
* $Id: access.c,v 5.66 2003-08-15 14:24:39-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -34,26 +34,9 @@
* 4. This notice may not be removed or altered.
*/
#include <config.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <stdio.h>
#include <ctype.h>
#include <signal.h>
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <util.h>
#include <access.h>
#include <consent.h>
#include <client.h>
@ -62,7 +45,6 @@
#include <main.h>
/* Compare an Internet address (IPv4 expected), with an address pattern
* passed as a character string representing an address in the Internet
* standard `.' notation, optionally followed by a slash and an integer
@ -76,26 +58,41 @@
* Returns 0 if the addresses match, else returns 1.
*/
int
#if PROTOTYPES
AddrCmp(struct in_addr *addr, char *pattern)
#else
AddrCmp(addr, pattern)
struct in_addr *addr;
char *pattern;
#endif
{
unsigned long int hostaddr, pattern_addr, netmask;
char buf[200], *p, *slash_posn;
in_addr_t hostaddr, pattern_addr, netmask;
char *p, *slash_posn;
static STRING *buf = (STRING *)0;
#if HAVE_INET_ATON
struct in_addr inetaddr;
#endif
if (buf == (STRING *)0)
buf = AllocString();
slash_posn = strchr(pattern, '/');
if (slash_posn != NULL) {
if (strlen(pattern) >= sizeof(buf))
return 1; /* too long to handle */
strncpy(buf, pattern, sizeof(buf));
buf[slash_posn - pattern] = '\0'; /* isolate the address */
p = buf;
BuildString((char *)0, buf);
BuildString(pattern, buf);
buf->string[slash_posn - pattern] = '\0'; /* isolate the address */
p = buf->string;
} else
p = pattern;
#if HAVE_INET_ATON
if (inet_aton(p, &inetaddr) == 0)
return 1;
pattern_addr = inetaddr.s_addr;
#else
pattern_addr = inet_addr(p);
if (pattern_addr == -1)
if (pattern_addr == (in_addr_t) (-1))
return 1; /* malformed address */
#endif
if (slash_posn) {
/* convert explicit netmask */
@ -104,7 +101,7 @@ AddrCmp(addr, pattern)
netmask = 0x80000000 | (netmask >> 1);
} else {
/* netmask implied by address class */
unsigned long int ia = ntohl(pattern_addr);
in_addr_t ia = ntohl(pattern_addr);
if (IN_CLASSA(ia))
netmask = IN_CLASSA_NET;
else if (IN_CLASSB(ia))
@ -117,134 +114,171 @@ AddrCmp(addr, pattern)
netmask = htonl(netmask);
if (~netmask & pattern_addr)
netmask = 0xffffffff; /* compare entire addresses */
hostaddr = *(unsigned long int *)addr;
hostaddr = addr->s_addr;
Debug("Access check: host=%lx(%lx/%lx)", hostaddr & netmask,
hostaddr, netmask);
Debug("Access check: acl=%lx(%lx/%lx)", pattern_addr & netmask,
pattern_addr, netmask);
CONDDEBUG((1, "AddrCmp(): host=%lx(%lx/%lx) acl=%lx(%lx/%lx)",
hostaddr & netmask, hostaddr, netmask,
pattern_addr & netmask, pattern_addr, netmask));
return (hostaddr & netmask) != (pattern_addr & netmask);
}
/* return the access type for a given host entry (ksb)
*/
char
AccType(addr, hname)
#if PROTOTYPES
AccType(struct in_addr *addr, char **peername)
#else
AccType(addr, peername)
struct in_addr *addr;
char *hname;
char **peername;
#endif
{
int i;
ACCESS *pACtmp;
socklen_t so;
struct hostent *he = (struct hostent *)0;
int a;
#if TRUST_REVERSE_DNS
char *pcName;
int wlen;
char *hname;
int len;
#endif
if (fDebug) {
if (hname)
Debug("Access check: hostname=%s, ip=%s", hname,
inet_ntoa(*addr));
else
Debug("Access check: hostname=<unresolvable>, ip=%s",
inet_ntoa(*addr));
}
for (i = 0; i < iAccess; ++i) {
Debug("Access check: who=%s, trust=%c", pACList[i].pcwho,
pACList[i].ctrust);
if (pACList[i].isCIDR != 0) {
if (0 == AddrCmp(addr, pACList[i].pcwho)) {
return pACList[i].ctrust;
}
CONDDEBUG((1, "AccType(): ip=%s", inet_ntoa(*addr)));
so = sizeof(*addr);
for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
CONDDEBUG((1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
pACtmp->ctrust));
if (pACtmp->isCIDR != 0) {
if (AddrCmp(addr, pACtmp->pcwho) == 0)
return pACtmp->ctrust;
continue;
}
if (hname && hname[0] != '\000') {
pcName = hname;
len = strlen(pcName);
while (len >= pACList[i].ilen) {
Debug("Access check: name=%s", pcName);
if (0 == strcmp(pcName, pACList[i].pcwho)) {
return pACList[i].ctrust;
if ((he = gethostbyname(pACtmp->pcwho)) == (struct hostent *)0) {
Error("AccType(): gethostbyname(%s): %s", pACtmp->pcwho,
hstrerror(h_errno));
continue;
}
if (4 != he->h_length || AF_INET != he->h_addrtype) {
Error
("AccType(): gethostbyname(%s): wrong address size (4 != %d) or address family (%d != %d)",
pACtmp->pcwho, he->h_length, AF_INET, he->h_addrtype);
continue;
}
for (a = 0; he->h_addr_list[a] != (char *)0; a++) {
CONDDEBUG((1, "AccType(): addr=%s",
inet_ntoa(*(struct in_addr *)
(he->h_addr_list[a]))));
if (
#if HAVE_MEMCMP
memcmp(&(addr->s_addr), he->h_addr_list[a],
he->h_length)
#else
bcmp(&(addr->s_addr), he->h_addr_list[a], he->h_length)
#endif
== 0)
return pACtmp->ctrust;
}
}
#if TRUST_REVERSE_DNS
/* if we trust reverse dns, we get the names associated with
* the address we're checking and then check each of those
* against the access list entries.
* we chop bits off client names so that we can put domain
* names in access lists or even top-level domains.
* allowed conserver.com, net;
* this allows anything from conserver.com and anything in
* the .net top-level. without TRUST_REVERSE_DNS, those names
* better map to ip addresses for them to take effect.
*/
if ((he =
gethostbyaddr((char *)addr, so,
AF_INET)) == (struct hostent *)0) {
Error("AccType(): gethostbyaddr(%s): %s", inet_ntoa(*addr),
hstrerror(h_errno));
return config->defaultaccess;
}
for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
if (pACtmp->isCIDR != 0)
continue;
wlen = strlen(pACtmp->pcwho);
for (hname = he->h_name, a = 0; hname != (char *)0;
hname = he->h_aliases[a++]) {
for (pcName = hname, len = strlen(pcName); len >= wlen;
len = strlen(++pcName)) {
CONDDEBUG((1, "AccType(): name=%s", pcName));
if (strcasecmp(pcName, pACtmp->pcwho) == 0) {
*peername = hname;
return pACtmp->ctrust;
}
pcName = strchr(pcName, '.');
if ((char *)0 == pcName) {
if (pcName == (char *)0)
break;
}
++pcName;
len = strlen(pcName);
}
}
}
return chDefAcc;
#endif
return config->defaultaccess;
}
/* we know iAccess == 0, we want to setup a nice default access list (ksb)
*/
void
SetDefAccess(hpLocal)
struct hostent *hpLocal;
#if PROTOTYPES
SetDefAccess(struct in_addr *pAddr, char *pHost)
#else
SetDefAccess(pAddr, pHost)
struct in_addr *pAddr;
char *pHost;
#endif
{
char *pcWho, *pcDomain;
int iLen;
char *pcDomain;
char *addr;
struct in_addr *aptr;
ACCESS *a;
aptr = (struct in_addr *)(hpLocal->h_addr);
addr = inet_ntoa(*aptr);
pACList = (ACCESS *) calloc(3, sizeof(ACCESS));
if ((ACCESS *) 0 == pACList) {
OutOfMem();
while (pAddr->s_addr != (in_addr_t) 0) {
addr = inet_ntoa(*pAddr);
if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
OutOfMem();
if ((a->pcwho = strdup(addr)) == (char *)0)
OutOfMem();
a->ctrust = 'a';
a->pACnext = pACList;
pACList = a;
CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
pACList->pcwho));
pAddr++;
}
if ((char *)0 == (pcWho = malloc(strlen(addr) + 1))) {
OutOfMem();
}
strcpy(pcWho, addr);
pACList[iAccess].ctrust = 'a';
pACList[iAccess].ilen = strlen(pcWho);
pACList[iAccess].pcwho = pcWho;
Debug("Access list prime: trust=%c, who=%s", pACList[iAccess].ctrust,
pACList[iAccess].pcwho);
iAccess++;
if ((char *)0 == (pcDomain = strchr(hpLocal->h_name, '.'))) {
if ((char *)0 == (pcDomain = strchr(pHost, '.')))
return;
}
++pcDomain;
iLen = strlen(pcDomain);
pcWho = malloc(iLen + 1);
pACList[iAccess].ctrust = 'a';
pACList[iAccess].ilen = iLen;
pACList[iAccess].pcwho = strcpy(pcWho, pcDomain);
Debug("Access list prime: trust=%c, who=%s", pACList[iAccess].ctrust,
pACList[iAccess].pcwho);
if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
OutOfMem();
if ((a->pcwho = strdup(pcDomain)) == (char *)0)
OutOfMem();
a->ctrust = 'a';
a->pACnext = pACList;
pACList = a;
iAccess++;
CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
pACList->pcwho));
}
/* thread ther list of uniq console server machines, aliases for (ksb)
* machines will screw us up
*/
REMOTE *
FindUniq(pRCAll)
REMOTE *pRCAll;
void
#if PROTOTYPES
DestroyAccessList(ACCESS *pACList)
#else
DestroyAccessList(pACList)
ACCESS *pACList;
#endif
{
REMOTE *pRC;
/* INV: tail of the list we are building always contains only
* uniq hosts, or the empty list.
*/
if ((REMOTE *) 0 == pRCAll) {
return (REMOTE *) 0;
}
pRCAll->pRCuniq = FindUniq(pRCAll->pRCnext);
/* if it is in the returned list of uniq hosts, return that list
* else add us by returning our node
*/
for (pRC = pRCAll->pRCuniq; (REMOTE *) 0 != pRC; pRC = pRC->pRCuniq) {
if (0 == strcmp(pRC->rhost, pRCAll->rhost)) {
return pRCAll->pRCuniq;
}
}
return pRCAll;
if (pACList == (ACCESS *)0)
return;
if (pACList->pcwho != (char *)0)
free(pACList->pcwho);
free(pACList);
}

19
conserver/access.h
View File

@ -1,7 +1,7 @@
/*
* $Id: access.h,v 5.13 2001-07-17 14:14:11-07 bryan Exp $
* $Id: access.h,v 5.26 2003-08-10 11:11:20-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -39,18 +39,11 @@
typedef struct access {
char ctrust; /* how much do we trust the host */
int ilen; /* length (strlen) of pcwho */
char *pcwho; /* what is the hosts name/ip number */
int isCIDR; /* is this a CIDR addr (or hostname?) */
struct access *pACnext; /* next access list */
} ACCESS;
typedef struct remote { /* console at another host */
struct remote *pRCnext; /* next remote console we know about */
struct remote *pRCuniq; /* list of uniq remote servers */
char rserver[32]; /* remote server name */
char rhost[256]; /* remote host to call to get it */
} REMOTE;
extern REMOTE *FindUniq();
extern char AccType();
extern void SetDefAccess();
extern char AccType PARAMS((struct in_addr *, char **));
extern void SetDefAccess PARAMS((struct in_addr *, char *));
extern void DestroyAccessList PARAMS((ACCESS *));

476
conserver/client.c
View File

@ -1,7 +1,7 @@
/*
* $Id: client.c,v 5.32 2001-07-23 00:54:11-07 bryan Exp $
* $Id: client.c,v 5.69 2003-08-15 14:24:39-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -34,94 +34,54 @@
* 4. This notice may not be removed or altered.
*/
#include <config.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <ctype.h>
#include <signal.h>
#include <pwd.h>
#include <compat.h>
#include <port.h>
#include <util.h>
#include <util.h>
#include <consent.h>
#include <access.h>
#include <client.h>
#include <group.h>
#if defined(USE_LIBWRAP)
#include <syslog.h>
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_WARNING;
#endif
/* find the next guy who wants to write on the console (ksb)
*/
CONSCLIENT *
#if PROTOTYPES
FindWrite(CONSCLIENT *pCL)
#else
FindWrite(pCL)
CONSCLIENT *pCL;
#endif
{
/* return the first guy to have the `want write' bit set
* (tell him of the promotion, too) we could look for the
* most recent or some such... I guess it doesn't matter that
* much.
*/
for ( /*passed in */ ; (CONSCLIENT *) 0 != pCL; pCL = pCL->pCLnext) {
if (!pCL->fwantwr)
for ( /*passed in */ ; (CONSCLIENT *)0 != pCL; pCL = pCL->pCLnext) {
if (!pCL->fwantwr || pCL->fro)
continue;
if (!pCL->pCEto->fup || pCL->pCEto->fronly)
if (!(pCL->pCEto->fup && pCL->pCEto->ioState == ISNORMAL) ||
pCL->pCEto->fronly)
break;
pCL->fwantwr = 0;
pCL->fwr = 1;
if (pCL->pCEto->nolog) {
fileWrite(pCL->fd, "\r\n[attached (nologging)]\r\n", -1);
FileWrite(pCL->fd, "\r\n[attached (nologging)]\r\n", -1);
} else {
fileWrite(pCL->fd, "\r\n[attached]\r\n", -1);
FileWrite(pCL->fd, "\r\n[attached]\r\n", -1);
}
tagLogfile(pCL->pCEto, "%s attached", pCL->acid);
TagLogfileAct(pCL->pCEto, "%s attached", pCL->acid->string);
return pCL;
}
return (CONSCLIENT *) 0;
}
/* show a character as a string so the user cannot mistake it for (ksb)
* another
*
* must pass us at least 16 characters to put fill with text
*/
char *
FmtCtl(ci, pcIn)
int ci;
char *pcIn;
{
char *pcOut = pcIn;
unsigned char c;
c = ci & 0xff;
if (c > 127) {
c -= 128;
*pcOut++ = 'M';
*pcOut++ = '-';
}
if (c < ' ' || c == '\177') {
*pcOut++ = '^';
*pcOut++ = c ^ 0100;
*pcOut = '\000';
} else if (c == ' ') {
(void)strcpy(pcOut, "<space>");
} else if (c == '^') {
(void)strcpy(pcOut, "<circumflex>");
} else if (c == '\\') {
(void)strcpy(pcOut, "<backslash>");
} else {
*pcOut++ = c;
*pcOut = '\000';
}
return pcIn;
return (CONSCLIENT *)0;
}
/* replay last iBack lines of the log file upon connect to console (ksb)
@ -131,61 +91,260 @@ FmtCtl(ci, pcIn)
* so we don't drop chars...
*/
void
#if PROTOTYPES
Replay(CONSFILE *fdLog, CONSFILE *fdOut, int iBack)
#else
Replay(fdLog, fdOut, iBack)
CONSFILE *fdLog;
CONSFILE *fdOut;
int iBack;
#endif
{
int tot, nCr;
char *pc;
off_t where;
char bf[MAXREPLAY + 2];
struct stat stLog;
if ((CONSFILE *) 0 == fdLog) {
fileWrite(fdOut, "[no log file on this console]\r\n", -1);
off_t file_pos;
off_t buf_pos;
char *buf;
char *bp = (char *)0;
char *s;
int r;
int ch;
struct stat stLog;
struct lines {
int is_mark;
STRING *line;
STRING *mark_end;
} *lines;
int n_lines;
int ln;
int i;
int j;
int u;
int is_mark;
char dummy[4];
#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
unsigned long dmallocMarkReplay = 0;
#endif
if ((CONSFILE *)0 == fdLog) {
FileWrite(fdOut, "[no log file on this console]\r\n", -1);
return;
}
/* find the size of the file
*/
if (0 != fileStat(fdLog, &stLog)) {
return;
}
if (MAXREPLAY > stLog.st_size) {
where = 0L;
} else {
where = stLog.st_size - MAXREPLAY;
}
#if defined(SEEK_SET)
/* PTX and maybe other Posix systems
*/
if (fileSeek(fdLog, where, SEEK_SET) < 0) {
return;
}
#else
if (fileSeek(fdLog, where, L_SET) < 0) {
if (0 != FileStat(fdLog, &stLog)) {
return;
}
#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
dmallocMarkReplay = dmalloc_mark();
#endif
if ((tot = fileRead(fdLog, bf, MAXREPLAY)) <= 0) {
return;
}
bf[tot] = '@';
file_pos = stLog.st_size - 1;
buf_pos = file_pos + 1;
pc = &bf[tot];
nCr = 0;
while (--pc != bf) {
if ('\n' == *pc && iBack == nCr++) {
++pc; /* get rid of a blank line */
/* get space for the line information and initialize it
*
* we allocate room for one more line than requested to be able to
* do the mark ranges
*/
if ((char *)0 == (buf = malloc(BUFSIZ))) {
OutOfMem();
}
n_lines = iBack + 1;
lines = (struct lines *)calloc(n_lines, sizeof(*lines));
if ((struct lines *)0 == lines) {
OutOfMem();
}
for (i = 0; i < n_lines; i++) {
lines[i].mark_end = AllocString();
lines[i].line = AllocString();
}
ln = -1;
/* loop as long as there is data in the file or we have not found
* the requested number of lines
*/
while (file_pos >= 0) {
if (file_pos < buf_pos) {
/* read one buffer worth of data a buffer boundary
*
* the first read will probably not get a full buffer but
* the rest (as we work our way back in the file) should be
*/
buf_pos = (file_pos / BUFSIZ) * BUFSIZ;
#if defined(SEEK_SET)
/* PTX and maybe other Posix systems
*/
if (FileSeek(fdLog, buf_pos, SEEK_SET) < 0) {
goto common_exit;
}
#else
if (FileSeek(fdLog, buf_pos, L_SET) < 0) {
goto common_exit;
}
#endif
if ((r = FileRead(fdLog, buf, BUFSIZ)) < 0) {
goto common_exit;
}
bp = buf + r;
}
/* process the next character
*/
--file_pos;
if ((ch = *--bp) == '\n') {
if (ln >= 0) {
/* reverse the text to put it in forward order
*/
u = lines[ln].line->used - 1;
for (i = 0; i < u / 2; i++) {
int temp;
temp = lines[ln].line->string[i];
lines[ln].line->string[i]
= lines[ln].line->string[u - i - 1];
lines[ln].line->string[u - i - 1] = temp;
}
/* see if this line is a MARK
*/
if (lines[ln].line->used > 0 &&
lines[ln].line->string[0] == '[') {
i = sscanf(lines[ln].line->string + 1,
"-- MARK -- %3c %3c %d %d:%d:%d %d]\r\n",
dummy, dummy, &j, &j, &j, &j, &j);
is_mark = (i == 7);
} else {
is_mark = 0;
}
/* process this line
*/
if (is_mark && ln > 0 && lines[ln - 1].is_mark) {
/* this is a mark and the previous line is also
* a mark, so make (or continue) that range
*/
if (0 == lines[ln - 1].mark_end->allocated) {
/* this is a new range - shuffle pointers
*
* remember that we are moving backward
*/
*(lines[ln - 1].mark_end) = *(lines[ln - 1].line);
InitString(lines[ln - 1].line);
}
/* if unallocated, cheat and shuffle pointers */
if (0 == lines[ln - 1].line->allocated) {
*(lines[ln - 1].line) = *(lines[ln].line);
InitString(lines[ln].line);
} else {
BuildString((char *)0, lines[ln - 1].line);
BuildString(lines[ln].line->string,
lines[ln - 1].line);
BuildString((char *)0, lines[ln].line);
}
ln--;
}
lines[ln].is_mark = is_mark;
}
/* advance to the next line and break if we have enough
*/
ln++;
if (ln >= n_lines - 1) {
break;
}
}
/* if we have a character but no lines yet, the last text in the
* file does not end with a newline, so start the first line anyway
*/
if (ln < 0) {
ln = 0;
}
BuildStringChar(ch, lines[ln].line);
/* if we've processed "a lot" of data for a line, then bail
* why? there must be some very long non-newline terminated
* strings and if we just keep going back, we could spew lots
* of data and chew up lots of memory
*/
if (lines[ln].line->used > MAXREPLAYLINELEN) {
break;
}
}
free(buf);
buf = (char *)0;
(void)fileWrite(fdOut, pc, tot - (pc - bf));
/* if we got back to beginning of file but saw some data, include it
*/
if (ln >= 0 && lines[ln].line->used > 0) {
/* reverse the text to put it in forward order
*/
u = lines[ln].line->used - 1;
for (i = 0; i < u / 2; i++) {
int temp;
temp = lines[ln].line->string[i];
lines[ln].line->string[i]
= lines[ln].line->string[u - i - 1];
lines[ln].line->string[u - i - 1] = temp;
}
ln++;
}
/* copy the lines into the buffer and put them in order
*/
for (i = ln - 1; i >= 0; i--) {
if (lines[i].is_mark && 0 != lines[i].mark_end->used) {
int mark_len;
/* output the start of the range, stopping at the ']'
*/
s = strrchr(lines[i].line->string, ']');
if ((char *)0 != s) {
*s = '\000';
}
FileWrite(fdOut, lines[i].line->string, -1);
FileWrite(fdOut, " .. ", -1);
/* build the end string by removing the leading "[-- MARK -- "
* and replacing "]\r\n" on the end with " -- MARK --]\r\n"
*/
mark_len = sizeof("[-- MARK -- ") - 1;
s = strrchr(lines[i].mark_end->string + mark_len, ']');
if ((char *)0 != s) {
*s = '\000';
}
FileWrite(fdOut, lines[i].mark_end->string + mark_len, -1);
FileWrite(fdOut, " -- MARK --]\r\n", -1);
u = lines[i].mark_end->used;
s = lines[i].mark_end->string;
} else
FileWrite(fdOut, lines[i].line->string, -1);
}
common_exit:
if ((struct lines *)0 != lines) {
for (i = 0; i < n_lines; i++) {
DestroyString(lines[i].mark_end);
DestroyString(lines[i].line);
}
free(lines);
lines = (struct lines *)0;
}
if ((char *)0 != buf) {
free(buf);
buf = (char *)0;
}
#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
CONDDEBUG((1, "Replay(): dmalloc / MarkReplay"));
dmalloc_log_changed(dmallocMarkReplay, 1, 0, 1);
#endif
}
@ -198,21 +357,26 @@ Replay(fdLog, fdOut, iBack)
#define WHEN_ALWAYS 0x40
#define HALFLINE 40
typedef struct HLnode {
int iwhen;
char actext[HALFLINE];
char *actext;
} HELP;
static HELP aHLTable[] = {
{WHEN_ALWAYS, ". disconnect"},
{WHEN_ALWAYS, "a attach read/write"},
{WHEN_ALWAYS, "b send broadcast message"},
{WHEN_ATTACH, "c toggle flow control"},
{WHEN_ATTACH, "d down a console"},
{WHEN_ALWAYS, "e change escape sequence"},
{WHEN_ALWAYS, "f force attach read/write"},
{WHEN_ALWAYS, "g group info"},
{WHEN_ALWAYS, "i information dump"},
{WHEN_ATTACH, "L toggle logging on/off"},
{WHEN_ATTACH, "l1 send break (halt host!)"},
{WHEN_ATTACH, "l? break sequence list"},
{WHEN_ATTACH, "l0 send break per config file"},
{WHEN_ATTACH, "l1-9 send specific break sequence"},
{WHEN_ALWAYS, "o (re)open the tty and log file"},
{WHEN_ALWAYS, "p replay the last 60 lines"},
{WHEN_ALWAYS, "r replay the last 20 lines"},
@ -224,7 +388,7 @@ static HELP aHLTable[] = {
{WHEN_ALWAYS, "z suspend the connection"},
{WHEN_ALWAYS, "<cr> ignore/abort command"},
{WHEN_ALWAYS, "? print this message"},
{WHEN_ALWAYS, "^R short replay"},
{WHEN_ALWAYS, "^R replay the last line"},
{WHEN_ATTACH, "\\ooo send character by octal code"},
{WHEN_EXPERT, "^I toggle tab expansion"},
{WHEN_EXPERT, "; change to another console"},
@ -238,46 +402,122 @@ static HELP aHLTable[] = {
/* list the commands we know for the user (ksb)
*/
void
#if PROTOTYPES
HelpUser(CONSCLIENT *pCL)
#else
HelpUser(pCL)
CONSCLIENT *pCL;
#endif
{
int i, j, iCmp;
static char
acH1[] = "help]\r\n", acH2[] = "help spy mode]\r\n", acEoln[] =
"\r\n";
char acLine[HALFLINE * 2 + 3];
static STRING *acLine = (STRING *)0;
if (acLine == (STRING *)0)
acLine = AllocString();
iCmp = WHEN_ALWAYS | WHEN_SPY;
if (pCL->fwr) {
(void)fileWrite(pCL->fd, acH1, sizeof(acH1) - 1);
FileWrite(pCL->fd, acH1, sizeof(acH1) - 1);
iCmp |= WHEN_ATTACH;
} else {
(void)fileWrite(pCL->fd, acH2, sizeof(acH2) - 1);
FileWrite(pCL->fd, acH2, sizeof(acH2) - 1);
}
if ('\033' == pCL->ic[0] && 'O' == pCL->ic[1]) {
iCmp |= WHEN_VT100;
}
acLine[0] = '\000';
BuildString((char *)0, acLine);
for (i = 0; i < sizeof(aHLTable) / sizeof(HELP); ++i) {
if (0 == (aHLTable[i].iwhen & iCmp)) {
continue;
}
if ('\000' == acLine[0]) {
acLine[0] = ' ';
(void)strcpy(acLine + 1, aHLTable[i].actext);
continue;
if (acLine->used != 0) { /* second part of line */
if (strlen(aHLTable[i].actext) < HALFLINE) {
for (j = acLine->used; j <= HALFLINE; ++j) {
BuildStringChar(' ', acLine);
}
BuildString(aHLTable[i].actext, acLine);
BuildString(acEoln, acLine);
FileWrite(pCL->fd, acLine->string, -1);
BuildString((char *)0, acLine);
continue;
} else {
BuildString(acEoln, acLine);
FileWrite(pCL->fd, acLine->string, -1);
BuildString((char *)0, acLine);
}
}
for (j = strlen(acLine); j < HALFLINE + 1; ++j) {
acLine[j] = ' ';
if (acLine->used == 0) { /* at new line */
BuildStringChar(' ', acLine);
BuildString(aHLTable[i].actext, acLine);
if (acLine->used > HALFLINE) {
BuildString(acEoln, acLine);
FileWrite(pCL->fd, acLine->string, -1);
BuildString((char *)0, acLine);
}
}
(void)strcpy(acLine + j, aHLTable[i].actext);
(void)strcat(acLine + j, acEoln);
(void)fileWrite(pCL->fd, acLine, -1);
acLine[0] = '\000';
}
if ('\000' != acLine[0]) {
(void)strcat(acLine, acEoln);
(void)fileWrite(pCL->fd, acLine, -1);
if (acLine->used != 0) {
BuildString(acEoln, acLine);
FileWrite(pCL->fd, acLine->string, -1);
}
}
int
#if PROTOTYPES
ClientAccessOk(CONSCLIENT *pCL)
#else
ClientAccessOk(pCL)
CONSCLIENT *pCL;
#endif
{
char *peername = (char *)0;
socklen_t so;
int cfd;
struct sockaddr_in in_port;
int retval = 1;
int getpeer = -1;
cfd = FileFDNum(pCL->fd);
pCL->caccess = 'r';
#if defined(USE_LIBWRAP)
{
struct request_info request;
request_init(&request, RQ_DAEMON, progname, RQ_FILE, cfd, 0);
fromhost(&request);
if (!hosts_access(&request)) {
FileWrite(pCL->fd, "access from your host refused\r\n", -1);
retval = 0;
goto setpeer;
}
}
#endif
so = sizeof(in_port);
if (-1 ==
(getpeer = getpeername(cfd, (struct sockaddr *)&in_port, &so))) {
FileWrite(pCL->fd, "getpeername failed\r\n", -1);
retval = 0;
goto setpeer;
}
pCL->caccess = AccType(&in_port.sin_addr, &peername);
if (pCL->caccess == 'r') {
FileWrite(pCL->fd, "access from your host refused\r\n", -1);
retval = 0;
}
setpeer:
if (pCL->peername != (STRING *)0) {
BuildString((char *)0, pCL->peername);
if (peername != (char *)0)
BuildString(peername, pCL->peername);
else if (getpeer != -1)
BuildString(inet_ntoa(in_port.sin_addr), pCL->peername);
else
BuildString("<unknown>", pCL->peername);
}
return retval;
}

54
conserver/client.h
View File

@ -1,7 +1,7 @@
/*
* $Id: client.h,v 5.20 2001-07-25 15:32:28-07 bryan Exp $
* $Id: client.h,v 5.31 2003-08-24 13:00:50-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -35,27 +35,30 @@
*/
/* states for a server fsm
*/
#define S_NORMAL 0 /* just pass character */
#define S_ESC1 1 /* first escape character received */
#define S_CMD 2 /* second interrupt character received */
#define S_CATTN 3 /* change 1 escape character to next input char */
#define S_CESC 4 /* change 2 escape character to next input char */
#define S_HALT1 5 /* we have a halt sequence in progress */
#define S_SUSP 6 /* we are suspened, first char wakes us up */
#define S_IDENT 7 /* probational connection (who is this) */
#define S_HOST 8 /* still needs a host name to connect */
#define S_PASSWD 9 /* still needs a passwd to connect */
#define S_QUOTE 10 /* send any character we can spell */
#define S_BCAST 11 /* send a broadcast message to all connections */
typedef enum clientState {
S_NORMAL, /* just pass character */
S_ESC1, /* first escape character received */
S_CMD, /* second interrupt character received */
S_CATTN, /* change 1 escape char to next input char */
S_CESC, /* change 2 escape char to next input char */
S_HALT1, /* we have a halt sequence in progress */
S_SUSP, /* we are suspened, first char wakes us up */
S_IDENT, /* probational connection (who is this) */
S_PASSWD, /* still needs a passwd to connect */
S_QUOTE, /* send any character we can spell */
S_BCAST /* send a broadcast message to all clients */
} CLIENTSTATE;
typedef struct client { /* Connection Information: */
CONSFILE *fd; /* file descriptor */
short fcon; /* currently connect or not */
short fwr; /* (client) write enable flag */
short fwantwr; /* (client) wants to write */
short fro; /* read-only permission */
short fecho; /* echo commands (not set by machines) */
char acid[128]; /* login and location of client */
char peername[128]; /* location of client */
STRING *acid; /* login and location of client */
STRING *peername; /* location of client */
STRING *username; /* login of client */
time_t tym; /* time of connect */
time_t typetym; /* time of last keystroke */
char actym[32]; /* pre-formatted time */
@ -65,19 +68,22 @@ typedef struct client { /* Connection Information: */
struct client
**ppCLbscan, /* back link for scan ptr */
*pCLscan, /* next client fd to scan after select */
/* scan lists link ALL clients together */
**ppCLbnext, /* back link for next ptr */
*pCLnext; /* next person on this list */
/* next lists link clients on a console */
char ic[2]; /* two character escape sequence */
char iState; /* state for fsm in server */
CLIENTSTATE iState; /* state for fsm in server */
char caccess; /* did we trust the remote machine */
char accmd[MAXSERVLEN + 1]; /* the command the user issued */
int icursor; /* the length of the command issused */
char msg[1024]; /* the broadcast message */
IOSTATE ioState; /* state of the socket */
time_t stateTimer; /* timer for various ioState states */
STRING *accmd; /* the command the user issued */
STRING *msg; /* the broadcast message */
struct sockaddr_in
cnct_port; /* where from */
} CONSCLIENT;
extern char *FmtCtl();
extern void Replay();
extern void HelpUser();
extern CONSCLIENT *FindWrite();
extern void Replay PARAMS((CONSFILE *, CONSFILE *, int));
extern void HelpUser PARAMS((CONSCLIENT *));
extern CONSCLIENT *FindWrite PARAMS((CONSCLIENT *));
extern int ClientAccessOk PARAMS((CONSCLIENT *));

1060
conserver/consent.c
View File

File diff suppressed because it is too large Load Diff

141
conserver/consent.h
View File

@ -1,7 +1,7 @@
/*
* $Id: consent.h,v 5.22 2001-07-23 00:28:00-07 bryan Exp $
* $Id: consent.h,v 5.46 2003-08-18 20:01:16-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -46,62 +46,111 @@ typedef struct baud { /* a baud rate table */
} BAUD;
typedef struct parity { /* a parity bits table */
char ckey;
char *key;
int iset;
int iclr;
} PARITY;
#define MAXSERVLEN 32 /* max length of server name */
#define MAXDEVLEN 512 /* max length of /dev/ttyax */
#define MAXLOGLEN 1024 /* max length of /usr/adm/consoles/foo */
#define MAXTTYLINE (133*2) /* max length of a single buf'd line */
#define ALARMTIME 60 /* time between chimes */
typedef enum consType {
UNKNOWN = 0,
DEVICE,
EXEC,
HOST
} CONSTYPE;
typedef struct names {
char *name;
struct names *next;
} NAMES;
typedef struct consentUsers {
NAMES *user;
struct consentUsers *next;
} CONSENTUSERS;
/* we calloc() these things, so we're trying to make everything be
* "empty" when it's got a zero value
*/
typedef struct consent { /* console information */
char server[MAXSERVLEN]; /* server name */
char dfile[MAXDEVLEN]; /* device file */
char lfile[MAXLOGLEN]; /* log file */
BAUD *pbaud; /* the baud on this console port */
PARITY *pparity; /* the parity on this line */
/*** config file settings ***/
char *server; /* server name */
CONSTYPE type; /* console type */
NAMES *aliases; /* aliases for server name */
/* type == DEVICE */
char *device; /* device file */
BAUD *baud; /* the baud on this console port */
PARITY *parity; /* the parity on this line */
FLAG hupcl; /* use HUPCL */
FLAG cstopb; /* use two stop bits */
FLAG ixon; /* XON/XOFF flow control on output */
FLAG ixany; /* any character to restart output */
FLAG ixoff; /* XON/XOFF flow control on input */
#if defined(CRTSCTS)
FLAG crtscts; /* use hardware flow control */
#endif
/* type == HOST */
char *host; /* hostname */
unsigned short port; /* port number */
/* type == EXEC */
char *exec; /* exec command */
/* */
char *master; /* master hostname */
/* */
unsigned short breakNum; /* break type [1-9] */
/* */
char *logfile; /* logfile */
/* timestamp stuff */
int mark; /* Mark (chime) interval */
long nextMark; /* Next mark (chime) time */
FLAG activitylog; /* log attach/detach/bump */
FLAG breaklog; /* log breaks sent */
/* options */
FLAG ondemand; /* bring up on-demand */
FLAG reinitoncc; /* open if down on client connect */
FLAG striphigh; /* strip high-bit of console data */
FLAG autoreinit; /* auto-reinitialize if failed */
FLAG unloved; /* copy "unloved" data to stdout */
/* Used if network console */
int isNetworkConsole;
char networkConsoleHost[MAXSERVLEN];
int networkConsolePort;
int telnetState;
/* used if virtual console */
char acslave[MAXDEVLEN]; /* pseudo-device slave side */
int fvirtual; /* is a pty device we use as a console */
char *pccmd; /* virtual console command */
int ipid; /* pid of virtual command */
/* only used in child */
int nolog; /* don't log output */
/*** runtime settings ***/
CONSFILE *fdlog; /* the local log file */
int fdtty; /* the port to talk to machine on */
int activitylog; /* log attach/detach/bump */
short int fup; /* we setup this line? */
short int fronly; /* we can only read this console */
short int iend; /* like icursor in CONSCLIENT */
short int inamelen; /* strlen(server) */
CONSFILE *cofile; /* the port to talk to machine on */
char *execSlave; /* pseudo-device slave side */
int execSlaveFD; /* fd of slave side */
pid_t ipid; /* pid of virtual command */
STRING *wbuf; /* write() buffer */
int wbufIAC; /* next IAC location in wbuf */
IOSTATE ioState; /* state of the socket */
time_t stateTimer; /* timer for ioState states */
/*** state information ***/
char acline[132 * 2 + 2]; /* max chars we will call a line */
int iend; /* length of data stored in acline */
int telnetState; /* state for telnet negotiations */
unsigned short autoReUp; /* is it coming back up automatically? */
FLAG downHard; /* did it go down unexpectedly? */
unsigned short nolog; /* don't log output */
unsigned short fup; /* we setup this line? */
unsigned short fronly; /* we can only read this console */
/*** list management ***/
struct client *pCLon; /* clients on this console */
struct client *pCLwr; /* client that is writting on console */
char acline[132 * 2 + 2]; /* max chars we will call a line */
CONSENTUSERS *rw; /* rw users */
CONSENTUSERS *ro; /* ro users */
struct consent *pCEnext; /* next console entry */
} CONSENT;
extern PARITY *FindParity();
extern BAUD *FindBaud();
extern void ConsInit();
extern void ConsDown();
typedef struct remote { /* console at another host */
struct remote *pRCnext; /* next remote console we know about */
struct remote *pRCuniq; /* list of uniq remote servers */
char *rserver; /* remote server name */
char *rhost; /* remote host to call to get it */
NAMES *aliases; /* aliases for remote server name */
} REMOTE;
struct hostcache {
char hostname[MAXSERVLEN];
struct hostcache *next;
};
extern int CheckHostCache();
extern void AddHostCache();
extern void ClearHostCache();
extern PARITY *FindParity PARAMS((char *));
extern BAUD *FindBaud PARAMS((char *));
extern void ConsInit PARAMS((CONSENT *));
extern void ConsDown PARAMS((CONSENT *, FLAG, FLAG));
extern REMOTE *FindUniq PARAMS((REMOTE *));
extern void DestroyRemoteConsole PARAMS((REMOTE *));

348
conserver/conserver.man
View File

@ -1,23 +1,39 @@
.\" @(#)conserver.8 01/06/91 OSU CIS; Thomas A. Fine
.\" $Id: conserver.man,v 1.15 2001-07-26 10:23:52-07 bryan Exp $
.TH CONSERVER 8 "Local"
.\" $Id: conserver.man,v 1.38 2003-09-22 08:33:41-07 bryan Exp $
.TH CONSERVER 8 "2003-09-22" "conserver-8.0.0" "conserver"
.SH NAME
conserver \- console server daemon
.SH SYNOPSIS
\fBconserver\fP [\fB\-7dDhinuvV\fP] [\fB\-a\fP \fItype\fP]
[\fB\-M\fP \fIaddr\fP] [\fB\-p\fP \fIport\fP] [\fB\-b\fP \fIport\fP]
[\fB\-C\fP \fIconfig\fP] [\fB\-P\fP \fIpasswd\fP]
[\fB\-L\fP \fIlogfile\fP]
.B conserver
.RB [ \-7dDEFhinoRSuvV ]
.RB [ \-a
.IR type ]
.RB [ \-m
.IR max ]
.RB [ \-M
.IR addr ]
.RB [ \-p
.IR port ]
.RB [ \-b
.IR port ]
.RB [ \-c
.IR cred ]
.RB [ \-C
.IR config ]
.RB [ \-P
.IR passwd ]
.RB [ \-L
.IR logfile ]
.RB [ \-O
.IR min ]
.SH DESCRIPTION
.B Conserver
is the daemon that manages
remote access to system consoles by multiple users via the
.BR console (1)
client program
and logs all console output.
It can connect to consoles via local serial ports
or terminal servers that allow network access,
or to any external program.
client program and logs all console output.
It can connect to consoles via local serial ports, terminal
servers that allow network access, or to any external program.
.PP
When started,
.B conserver
@ -27,85 +43,139 @@ file for details of each console it should manage,
including serial port or network parameters and logging options.
(Also, in environments where multiple servers share a cf file,
any server is able to refer clients to the particular server
managing a requested console,
so that the client need not have knowledge of the
distribution of consoles among servers.)
managing a requested console, so that the client need not have
knowledge of the distribution of consoles among servers.)
.B Conserver
forks a child for each group of consoles it must manage
and assigns each process a port number to listen on.
(The maximum number of consoles managed by each child process,
as well as the maximum number of children created, is set at compile time.)
The maximum number of consoles managed by each child process is set using
.B \-m
option.
The
.BR console (1)
client program communicates with the master console server process to find
the port (and host, in a multi-server configuration)
on which the appropriate child is listening.
The master conserver process forks a new process to handle each
incoming client connection.
.B Conserver
restricts connections from clients based on the host access section of its
.BR conserver.cf (5)
and authenticates users against its
file, restricts users based on the console access lists of the
.BR conserver.cf (5)
file, and authenticates
users against its
.BR conserver.passwd (5)
file.
.B Conserver
can also restrict clients using the tcp-wrappers package (enabled
using
.BR --with-libwrap ).
This authentication is done before consulting
the
.BR conserver.cf (5)
access list.
.PP
.B Conserver
completely controls any connection to a controlled host.
All escape sequences given by the user to \fBconsole\fP
completely controls any connection to a console.
All escape sequences given by the user to
.B console
are passed to the server without interpretation.
The server recognizes and processes all escape sequences,
except the suspend sequence, which is
recognized by the server and
sent as a TCP out-of-band command from the server to the client.
The suspend sequence is recognized by the server and sent back to the
client as a TCP out-of-band command, which the client processes.
.PP
The \fBconserver\fP parent process will automatically respawn any child
process that dies. The following signals are propagated by the parent
process to its children.
.TP
The
.B conserver
parent process will automatically respawn any child process that dies.
The following signals are propagated by the parent process to its children.
.TP 10
SIGTERM
close all connections and exit.
Close all connections and exit.
.TP
SIGHUP
close and reopen all console logfiles
and, if in daemon mode (\fB\-d\fP option),
the error logfile (see the \fB\-L\fP option).
(No reread of the configuration file is done.)
Reread the configuration file.
New consoles are managed by forking off new childen, deleted
consoles (and their clients) are dropped,
and changes to consoles are done "in place", resetting the console
port (bringing it down and up) only when necessary.
The console name is used to determine when consoles
have been added/removed/changed.
All actions performed by SIGUSR2 are also performed.
.TP
SIGUSR1
try to connect to any consoles marked as
down. This can come in handy if you had a terminal server (or more)
Try to connect to any consoles marked as down.
This can come in handy if you had a terminal server (or more)
that wasn't accepting connections at startup and you want
\fBconserver\fP to try to reconnect to all those downed ports.
.B conserver
to try to reconnect to all those downed ports.
.TP
SIGUSR2
Close and reopen all console logfiles
and, if in daemon mode
.RB ( \-d
option), the error logfile (see the
.BR \-L
option).
All actions performed by SIGUSR1 are also performed.
.PP
Slave hosts which have no current
.BR console (1)
Consoles which have no current client
connection might produce important error messages.
With the \fB\-u\fP option, these unloved errors are labeled with a machine name
With the
.B \-u
option, these ``unloved'' errors are labeled with a machine name
and output on stdout (or, in daemon mode, to the logfile).
This allows a live operator or an automated log scanner
to find otherwise unseen errors by watching in a single location.
.PP
\fBConserver\fP must be run as root if it is to bind to a port under 1024
or if it must read a shadow passwd file for authentication (see
.B Conserver
must be run as root if it is to bind to a port under 1024 or if it
must read protected password files (like shadow passwords)
for authentication (see
.BR conserver.passwd (5)).
Otherwise, it may be run by any user, with \fB\-p\fP used to specify
a port above 1024.
Otherwise, it may be run by any user, with
.B \-p
used to specify a port above 1024.
.PP
If encryption has been built into the code
.RB ( --with-openssl ),
encrypted client connections (without certificate exchanges) happen
by default.
To add certificate exchanges, use the
.B \-c
option with the client and server.
For authentication of the certificates to work,
the signing certificate must be properly trusted, which usually means
the public portion is in
.IB OPENSSL_ROOT /ssl/certs
(on both the client and server sides).
See the sample self-signing certficate making script
.B contrib/maketestcerts
for further clues.
To allow
non-encrypted client connections (in addition to encrypted client
connections), use the
.B \-E
option.
.SH OPTIONS
.PP
Options may be given as separate arguments (e.g., \fB\-n -d\fP)
or clustered (e.g., \fB\-nd\fP).
Options may be given as separate arguments (e.g.,
.B \-n
.BR \-d )
or clustered (e.g.,
.BR \-nd ).
Options and their arguments may be separated by optional white space.
Option arguments containing spaces or other characters special to the shell
must be quoted.
.TP
.TP 12
.B \-7
Strip the high bit off of all data received,
whether from the \fBconsole\fP client or from the console device,
before any processing occurs.
whether from the
.B console
client or from the console device, before any processing occurs.
.TP
.BI \-a type
Set the default access type for incoming connections from
\fBconsole\fP clients:
.B console
clients:
.RB ` r '
for refused (the default),
.RB ` a '
@ -118,25 +188,60 @@ the access section of
.TP
.BI \-b port
Set the base port for children to listen on.
Each child starts looking for free ports at \fIport\fP
Each child starts looking for free ports at
.I port
and working upward, trying a maximum number of ports
equal to twice the maximum number of groups.
If no free ports are available in that range,
\fBconserver\fP exits.
By default, \fBconserver\fP lets the operating system choose
a free port.
.B conserver
exits.
By default,
.B conserver
lets the operating system choose a free port.
.TP
.BI \-c cred
Load an SSL certificate and key from the PEM encoded file
.IR cred .
.TP
.BI \-C config
Read configuration information from the file \fIconfig\fP.
The default \fIconfig\fP may be changed at compile time using the
\fB--with-cffile\fP option.
Read configuration information from the file
.IR config .
The default
.I config
may be changed at compile time using the
.B --with-cffile
option.
.TP
.B \-d
Become a daemon. Disconnects from the controlling terminal and sends
all output to the logfile (see \fB\-L\fP).
Become a daemon.
Disconnects from the controlling terminal and sends
all output to the logfile (see
.BR \-L ).
.TP
.B \-D
Enable debugging output, sent to stderr.
Multiple
.B \-D
options increases debug output.
.TP
.B \-E
If encryption has been built into the code
.RB ( --with-openssl ),
encrypted client connections are a requirement.
This option allows non-encrypted clients (as well as encrypted clients) to
connect to consoles.
.TP
.B \-F
Do not automatically reinitialize failed (unexpectedly closed) consoles.
If the console is a program (`|' syntax) and it closes with a zero
exit status, the console is reinitialized regardless of this option.
Without this option, a console is immediately reopened,
and if that fails, retried every minute until successful.
This option has no effect on the
.B \-o
and
.B \-O
options.
.TP
.B \-h
Output a brief help message.
@ -145,50 +250,138 @@ Output a brief help message.
Initiate console connections on demand (and close them when not used).
.TP
.BI \-L logfile
Log errors and informational messages to \fIlogfile\fP
after startup in daemon mode (\fB\-d\fP).
Log errors and informational messages to
.I logfile
after startup in daemon mode
.RB ( \-d ).
This option does not apply when not running in daemon mode.
The default \fIlogfile\fP may be changed at compile time using the
\fB--with-logfile\fP option.
The default
.I logfile
may be changed at compile time using the
.B --with-logfile
option.
.TP
.BI \-m max
Set the maximum consoles managed per process.
The default
.I max
may be changed at compile time using the
.B --with-maxmemb
option.
.TP
.BI \-M addr
Set the address to listen on. This allows conserver to bind to a
Set the address to listen on.
This allows conserver to bind to a
particular IP address (like `127.0.0.1') instead of all interfaces.
The default is to bind to all addresses.
.TP
.B \-n
Obsolete (now a no-op); see \fB\-u\fP.
Obsolete (now a no-op); see
.BR \-u .
.TP
.B \-o
Normally, a client connecting to a ``downed'' console does just that.
Using this option, the server will automatically attempt to open
(``bring up'') the console when the client connects.
.TP
.BI \-O min
Enable periodic attempts (every
.I min
minutes) to open (``bring up'') all downed
consoles (similar to sending a SIGUSR1).
.TP
.BI \-p port
Set the TCP port for the master process to listen on.
This may be either a port number or a service name.
The default \fIport\fP, ``conserver'' (typically 782),
may be changed at compile time using the \fB--with-port\fP option.
The default
.IR port ,
``conserver'' (typically 782),
may be changed at compile time using the
.B --with-port
option.
.TP
.BI \-P passwd
Read the table of authorized user data from the file \fIpasswd\fP.
The default \fIpasswd\fP may be changed at compile time using the
\fB--with-pwdfile\fP option.
Read the table of authorized user data from the file
.IR passwd .
The default
.I passwd
may be changed at compile time using the
.B --with-pwdfile
option.
.TP
.B \-R
Disable automatic client redirection to other conserver hosts.
This
means informational commands like
.B \-w
and
.B \-i
will only show the status of the local conserver host and attempts to
connect to remote consoles will result in an informative message to the user.
.TP
.B \-S
Do not run the server, just perform a syntax check of configuration file and
exit with a non-zero value if there is an error.
.TP
.B \-u
Send unloved console output to \fBconserver\fP's stdout
(which, in daemon mode, is redirected to the logfile).
Send unloved console output to
.BR conserver 's
stdout (which, in daemon mode, is redirected to the logfile).
This applies to all consoles to which no user is attached,
independent of whether logging of individual consoles is enabled
via \fBconserver.cf\fP entries.
independent of whether logging of individual consoles is enabled via
.B conserver.cf
entries.
.TP
.B \-v
Echo the configuration as it is being read (be verbose).
.TP
.B \-V
Output the version number and settings of the \fBconserver\fP
Output the version number and settings of the
.B conserver
program and then exit.
.SH PROTOCOL
.PP
The protocol used to interact with the
.B conserver
daemon has two basic styles.
The first style is the initial line-based mode, which occurs before
connecting to a console.
The second style is the character-based, escape-sequence mode, while
connected to a console.
.PP
The initial line-based mode begins the same for both the master process
and it's children.
Upon a successful (non-rejected) client connection, an ``ok'' is sent.
The client then issues a command and the server responds to it with a
result string (``ok'' being the sign of success for most commands).
The commands available are ``help'', ``ssl'' (if
SSL was built into the code), ``login'', and ``exit''.
Using the ``login'' command, the client authenticates and gains access to
the extended command set.
This is where the master process and it's children differ.
The master process gives the client access to global commands, and the
child provides commands for interacting with the consoles it manages.
The ``help'' command, in both cases, will provide a complete
list of commands and a short description of what they do.
.PP
The second, character-based, style of interaction occurs when the client
issues the ``call'' command with a child process.
This command connects the client to a console and, at that point, relays
all traffic between the client and the console.
There is no more command-based interaction between the client and the server,
any interaction with the server is done with the default escape sequence.
.PP
This is, by no means, a complete description of the entire client/server
interaction.
It is, however, a brief explanation in order to give a idea of
what the program does.
.SH FILES
.PP
The following default file locations may be overridden
at compile time or by the command-line options described above.
Run \fBconserver \-V\fP (with no other options) to see
the defaults set at compile time.
Run
.B conserver \-V
(with no other options) to see the defaults set at compile time.
.PP
.PD 0
.TP 25
@ -211,6 +404,9 @@ log of errors and informational messages
Additionally, output from individual consoles may be logged
to separate files specified in
.BR conserver.cf (5).
.SH BUGS
I'm sure there are bugs, I just don't know where they are.
Please let me know if you find any.
.SH AUTHORS
Thomas A. Fine, Ohio State Computer Science
.br

24
conserver/conserver.rc
View File

@ -1,24 +0,0 @@
#!/bin/sh
#
# Startup for conserver
#
PATH=/usr/bin:/usr/local/bin
case "$1" in
'start')
echo "Starting console server daemon"
conserver -d
;;
'stop')
master=`ps -ef | grep conserver | awk '$3 == "1"{print $2}'`
[ "$master" ] && kill -TERM $master
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0

40
conserver/conserver.rc.in Normal file
View File

@ -0,0 +1,40 @@
#!/bin/sh
#
# Startup for conserver
#
PATH=/usr/bin:/bin:/usr/local/bin
PIDFILE="@PIDFILE@"
signalmaster() {
sig=$1
if [ -f "$PIDFILE" ]; then
master=`cat "$PIDFILE"`
else
master=`ps -ef | grep conserver | awk '$3 == "1"{print $2}'`
fi
[ "$master" ] && kill -$sig $master
}
case "$1" in
'start')
echo "Starting console server daemon"
conserver -d
;;
'stop')
echo "Stopping console server daemon"
signalmaster TERM
;;
'restart')
echo "Restarting console server daemon"
signalmaster HUP
;;
*)
echo "Usage: $0 { start | stop | restart }"
;;
esac
exit 0

511
conserver/convert.c Normal file
View File

@ -0,0 +1,511 @@
/*
* $Id: convert.c,v 1.7 2003-08-15 14:24:39-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
* Copyright GNAC, Inc., 1998
*/
/*
* Copyright (c) 1990 The Ohio State University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that: (1) source distributions retain this entire copyright
* notice and comment, and (2) distributions including binaries display
* the following acknowledgement: ``This product includes software
* developed by The Ohio State University and its contributors''
* in the documentation or other materials provided with the distribution
* and in all advertising materials mentioning features or use of this
* software. Neither the name of the University nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
* Network console modifications by Robert Olson, olson@mcs.anl.gov.
*/
#include <compat.h>
#include <util.h>
#include <consent.h>
#include <client.h>
#include <group.h>
#include <access.h>
#include <readcfg.h>
#include <master.h>
#include <main.h>
void
DestroyDataStructures()
{
}
char *
#if PROTOTYPES
ReadLine2(FILE *fp, STRING *save, int *iLine)
#else
ReadLine2(fp, save, iLine)
FILE *fp;
STRING *save;
int *iLine;
#endif
{
static char buf[1024];
char *wholeline = (char *)0;
char *ret = (char *)0;
int i, buflen, peek, commentCheck = 1, comment = 0;
static STRING *bufstr = (STRING *)0;
static STRING *wholestr = (STRING *)0;
if (bufstr == (STRING *)0)
bufstr = AllocString();
if (wholestr == (STRING *)0)
wholestr = AllocString();
peek = 0;
wholeline = (char *)0;
BuildString((char *)0, bufstr);
BuildString((char *)0, wholestr);
while (save->used || ((ret = fgets(buf, sizeof(buf), fp)) != (char *)0)
|| peek) {
/* If we have a previously saved line, use it instead */
if (save->used) {
strcpy(buf, save->string);
BuildString((char *)0, save);
}
if (peek) {
/* End of file? Never mind. */
if (ret == (char *)0)
break;
/* If we don't have a line continuation and we've seen
* some worthy data
*/
if (!isspace((int)buf[0]) && (wholeline != (char *)0)) {
BuildString((char *)0, save);
BuildString(buf, save);
break;
}
peek = 0;
}
if (commentCheck) {
for (i = 0; buf[i] != '\000'; i++)
if (!isspace((int)buf[i]))
break;
if (buf[i] == '#') {
comment = 1;
commentCheck = 0;
} else if (buf[i] != '\000') {
commentCheck = 0;
}
}
/* Check for EOL */
buflen = strlen(buf);
if ((buflen >= 1) && (buf[buflen - 1] == '\n')) {
(*iLine)++; /* Finally have a whole line */
/* if (comment == 0 && commentCheck == 0) { */
/* Finish off the chunk without the \n */
buf[buflen - 1] = '\000';
BuildString(buf, bufstr);
wholeline = BuildString(bufstr->string, wholestr);
/* }*/
peek = 1;
comment = 0;
commentCheck = 1;
BuildString((char *)0, bufstr);
} else {
/* Save off the partial chunk */
BuildString(buf, bufstr);
}
}
/* If we hit the EOF and weren't peeking ahead
* and it's not a comment
*/
/*
if (!peek && (ret == (char *)0) && (comment == 0) &&
(commentCheck == 0)) {
*/
if (!peek && (ret == (char *)0)) {
(*iLine)++;
wholeline = BuildString(bufstr->string, wholestr);
if (wholeline[0] == '\000')
wholeline = (char *)0;
}
CONDDEBUG((1, "ReadLine2(): returning <%s>",
(wholeline != (char *)0) ? wholeline : "<NULL>"));
return wholeline;
}
/* read in the configuration file, fill in all the structs we use (ksb)
* to manage the consoles
*/
void
#if PROTOTYPES
ReadCfg(char *pcFile, FILE *fp)
#else
ReadCfg(pcFile, fp)
char *pcFile;
FILE *fp;
#endif
{
int iLine;
unsigned char *acIn;
static STRING *acInSave = (STRING *)0;
char *acStart;
static STRING *logDirectory = (STRING *)0;
static STRING *defMark = (STRING *)0;
int sawACL = 0;
int printedFull = 0;
if (defMark == (STRING *)0)
defMark = AllocString();
if (logDirectory == (STRING *)0)
logDirectory = AllocString();
if (acInSave == (STRING *)0)
acInSave = AllocString();
BuildString((char *)0, defMark);
BuildString((char *)0, acInSave);
BuildString((char *)0, logDirectory);
iLine = 0;
while ((acIn =
(unsigned char *)ReadLine2(fp, acInSave,
&iLine)) != (unsigned char *)0) {
char *pcLine, *pcMode, *pcLog, *pcRem, *pcStart, *pcMark, *pcBreak;
char *pcColon;
acStart = PruneSpace((char *)acIn);
if (acStart[0] == '#') {
printf("%s\n", acStart);
continue;
}
if (printedFull == 0) {
printf("default full {\n\trw *;\n}\n");
printedFull = 1;
}
if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
break;
}
if ((char *)0 != (pcLine = strchr(acStart, '=')) &&
((char *)0 == (pcColon = strchr(acStart, ':')) ||
pcColon > pcLine)) {
*pcLine++ = '\000';
acStart = PruneSpace(acStart);
pcLine = PruneSpace(pcLine);
if (0 == strcmp(acStart, "LOGDIR")) {
BuildString((char *)0, logDirectory);
BuildString(pcLine, logDirectory);
printf("default * {\n");
if (logDirectory->used > 1)
printf("\tlogfile %s/&;\n", logDirectory->string);
else
printf("\tlogfile \"\";\n");
if (defMark->used > 1)
printf("\ttimestamp %s;\n", defMark->string);
else
printf("\ttimestamp \"\";\n");
printf("\tinclude full;\n}\n");
} else if (0 == strcmp(acStart, "TIMESTAMP")) {
BuildString((char *)0, defMark);
BuildString(pcLine, defMark);
printf("default * {\n");
if (logDirectory->used > 1)
printf("\tlogfile %s/&;\n", logDirectory->string);
else
printf("\tlogfile \"\";\n");
if (defMark->used > 1)
printf("\ttimestamp %s;\n", defMark->string);
else
printf("\ttimestamp \"\";\n");
printf("\tinclude full;\n}\n");
} else if (0 == strcmp(acStart, "DOMAINHACK")) {
} else if (0 == strncmp(acStart, "BREAK", 5) &&
acStart[5] >= '1' && acStart[5] <= '9' &&
acStart[6] == '\000') {
CONDDEBUG((1, "ReadCfg(): BREAK%c found with `%s'",
acStart[5], pcLine));
if (pcLine[0] == '\000') {
printf("break %c {\n\tstring \"\";\n}\n", acStart[5]);
} else {
char *q, *p;
p = pcLine;
BuildTmpString((char *)0);
while ((q = strchr(p, '"')) != (char *)0) {
*q = '\000';
BuildTmpString(p);
BuildTmpString("\\\"");
p = q + 1;
*q = '"';
}
q = BuildTmpString(p);
printf("break %c {\n\tstring \"%s\";\n}\n", acStart[5],
q);
}
} else {
Error("%s(%d) unknown variable `%s'", pcFile, iLine,
acStart);
}
continue;
}
if ((char *)0 == (pcLine = strchr(acStart, ':')) ||
(char *)0 == (pcMode = strchr(pcLine + 1, ':')) ||
(char *)0 == (pcLog = strchr(pcMode + 1, ':'))) {
Error("%s(%d) bad config line `%s'", pcFile, iLine, acIn);
continue;
}
*pcLine++ = '\000';
*pcMode++ = '\000';
*pcLog++ = '\000';
acStart = PruneSpace(acStart);
pcLine = PruneSpace(pcLine);
pcMode = PruneSpace(pcMode);
pcLog = PruneSpace(pcLog);
if ((char *)0 != (pcMark = strchr(pcLog, ':'))) {
*pcMark++ = '\000';
pcLog = PruneSpace(pcLog);
pcMark = PruneSpace(pcMark);
/* Skip null intervals */
if (pcMark[0] == '\000')
pcMark = (char *)0;
}
if ((char *)0 == pcMark) {
pcBreak = (char *)0;
} else {
if ((char *)0 != (pcBreak = strchr(pcMark, ':'))) {
*pcBreak++ = '\000';
pcMark = PruneSpace(pcMark);
pcBreak = PruneSpace(pcBreak);
/* Ignore null specs */
if (pcMark[0] == '\000')
pcMark = (char *)0;
if (pcBreak[0] == '\000')
pcBreak = (char *)0;
}
}
if ((char *)0 != (pcRem = strchr(pcLine, '@'))) {
*pcRem++ = '\000';
pcLine = PruneSpace(pcLine);
pcRem = PruneSpace(pcRem);
}
printf("console %s {\n", acStart);
if (pcRem == (char *)0) {
printf("\tmaster localhost;\n");
} else {
printf("\tmaster %s;\n", pcRem);
}
/*
* Here we substitute the console name for any '&' character in the
* logfile name. That way you can just have something like
* "/var/console/&" for each of the conserver.cf entries.
*/
if (pcLog[0] == '&' && pcLog[1] == '\000' &&
logDirectory->used > 1) {
/* special case where logfile name is '&' and the LOGDIR was
* seen above. in this case we just allow inheritance to
* work it's magic.
*/
} else if (pcLog[0] == '\000') {
printf("\tlogfile \"\";\n");
} else {
STRING *lfile;
lfile = AllocString();
BuildString((char *)0, lfile);
pcStart = pcLog;
BuildString(pcStart, lfile);
if (logDirectory->used > 1 && lfile->used > 1 &&
lfile->string[0] != '/') {
char *p;
BuildTmpString((char *)0);
p = BuildTmpString(lfile->string);
BuildString((char *)0, lfile);
BuildString(logDirectory->string, lfile);
BuildStringChar('/', lfile);
BuildString(p, lfile);
BuildTmpString((char *)0);
}
printf("\tlogfile %s;\n", lfile->string);
DestroyString(lfile);
}
if (pcMark) {
printf("\ttimestamp %s;\n", pcMark);
}
if (pcBreak) {
int bt;
bt = atoi(pcBreak);
if (bt > 9 || bt < 0) {
Error("%s(%d) bad break spec `%d'", pcFile, iLine, bt);
} else {
printf("\tbreak %d;\n", bt);
}
}
if (pcLine[0] == '!') {
pcLine = PruneSpace(pcLine + 1);
printf("\ttype host;\n");
printf("\thost %s;\n", pcLine);
printf("\tport %s;\n", pcMode);
} else if ('|' == pcLine[0]) {
pcLine = PruneSpace(pcLine + 1);
printf("\ttype exec;\n");
if (pcLine == (char *)0 || pcLine[0] == '\000')
printf("\texec \"\";\n");
else
printf("\texec %s;\n", pcLine);
} else {
char p, *t;
printf("\ttype device;\n");
printf("\tdevice %s;\n", pcLine);
t = pcMode;
while (isdigit((int)(*t))) {
++t;
}
p = *t;
*t = '\000';
printf("\tbaud %s;\n", pcMode);
switch (p) {
case 'E':
case 'e':
t = "even";
break;
case 'M':
case 'm':
t = "mark";
break;
case 'N':
case 'n':
case 'P':
case 'p':
t = "none";
break;
case 'O':
case 'o':
t = "odd";
break;
case 'S':
case 's':
t = "space";
break;
default:
Error
("%s(%d) unknown parity type `%c' - assuming `none'",
pcFile, iLine, p);
t = "none";
break;
}
printf("\tparity %s;\n", t);
}
printf("}\n");
}
while ((acIn =
(unsigned char *)ReadLine2(fp, acInSave,
&iLine)) != (unsigned char *)0) {
char *pcNext;
char cType;
acStart = PruneSpace((char *)acIn);
if (acStart[0] == '#') {
printf("%s\n", acStart);
continue;
}
if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
break;
}
if ((char *)0 == (pcNext = strchr(acStart, ':'))) {
Error("%s(%d) missing colon?", pcFile, iLine);
continue;
}
do {
*pcNext++ = '\000';
} while (isspace((int)(*pcNext)));
switch (acStart[0]) {
case 'a': /* allowed, allow, allows */
case 'A':
if (!sawACL) {
sawACL = 1;
printf("access * {\n");
}
printf("\tallowed %s;\n", pcNext);
break;
case 'r': /* rejected, refused, refuse */
case 'R':
if (!sawACL) {
sawACL = 1;
printf("access * {\n");
}
printf("\trejected %s;\n", pcNext);
break;
case 't': /* trust, trusted, trusts */
case 'T':
if (!sawACL) {
sawACL = 1;
printf("access * {\n");
}
printf("\ttrusted %s;\n", pcNext);
break;
default:
cType = ' ';
Error("%s(%d) unknown access key `%s'", pcFile, iLine,
acStart);
break;
}
}
if (sawACL) {
printf("}\n");
}
}
int
#if PROTOTYPES
main(int argc, char **argv)
#else
main(argc, argv)
int argc;
char **argv;
#endif
{
char *pcFile;
FILE *fp;
progname = "convert";
fDebug = 0;
if (argc != 2) {
Error("Usage: convert old-conserver.cf");
return 1;
}
pcFile = argv[1];
if ((fp = fopen(pcFile, "r")) == (FILE *)0) {
Error("fopen(%s): %s", pcFile, strerror(errno));
return 1;
}
ReadCfg(pcFile, fp);
return 0;
}

294
conserver/fallback.c
View File

@ -1,7 +1,7 @@
/*
* $Id: fallback.c,v 5.39 2001-07-26 00:58:55-07 bryan Exp $
* $Id: fallback.c,v 5.58 2003-08-15 08:18:26-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -14,144 +14,173 @@
* Mike Rowan (mtr@mace.cc.purdue.edu)
*/
#include <config.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/file.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/errno.h>
#include <netinet/in.h>
#include <syslog.h>
#include <signal.h>
#include <netdb.h>
#include <stdio.h>
#include <ctype.h>
#include <compat.h>
#include <port.h>
#include <util.h>
/* Allocate some space for the results of getpseudotty */
#if (defined(_AIX) || defined(PTX4))
static char acMaster[] = "/dev/ptc/XXXXXXXXX";
static char acSlave[] = "/dev/pts/XXXXXXXXX";
#else
static char acMaster[] = "/dev/ptyXX";
static char acSlave[] = "/dev/ttyXX";
#endif /* _AIX */
#if defined(HAVE_PTSNAME) && defined(HAVE_GRANTPT) && defined(HAVE_UNLOCKPT)
#if defined(linux)
extern char *ptsname();
extern int grantpt();
extern int unlockpt();
#endif
/* get a pty for the user -- emulate the neato sequent call under (gregf)
* DYNIX/ptx v4.0
/*
* get a pty for the user
*
* this has been revamped rather heavily for 8.0.0. i've taken ideas
* from the xemacs and openssh distributions to get code that *should*
* work on systems i have no access to. thanks to those reference
* packages, i think things are ok...hopefully it's true!
*/
static int
getpseudotty(slave, master)
char **master, **slave;
#if PROTOTYPES
GetPseudoTTY(STRING *slave, int *slaveFD)
#else
GetPseudoTTY(slave, slaveFD)
STRING *slave;
int *slaveFD;
#endif
{
int fd;
#if HAVE_OPENPTY
int fd = -1;
int sfd = -1;
int opty = 0;
char *pcName;
#if HAVE_SIGACTION
sigset_t oldmask, newmask;
#else
extern RETSIGTYPE FlagReapVirt();
extern RETSIGTYPE FlagReapVirt PARAMS((int));
#endif
if (0 > (fd = open("/dev/ptmx", O_RDWR, 0))) {
return -1;
}
#if HAVE_SIGACTION
sigemptyset(&newmask);
sigaddset(&newmask, SIGCHLD);
if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
Error("sigprocmask(SIG_BLOCK): %s", strerror(errno));
Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
strerror(errno));
#else
simpleSignal(SIGCHLD, SIG_DFL);
SimpleSignal(SIGCHLD, SIG_DFL);
#endif
grantpt(fd); /* change permission of slave */
opty = openpty(&fd, &sfd, NULL, NULL, NULL);
#if HAVE_SIGACTION
if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
Error("sigprocmask(SIG_SETMASK): %s", strerror(errno));
Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
strerror(errno));
#else
simpleSignal(SIGCHLD, FlagReapVirt);
SimpleSignal(SIGCHLD, FlagReapVirt);
#endif
unlockpt(fd); /* unlock slave */
if ((char *)0 == (pcName = ttyname(fd))) {
(void)strcpy(acMaster, "/dev/ptmx");
} else {
(void)strcpy(acMaster, pcName);
}
*master = acMaster;
if ((char *)0 == (pcName = ptsname(fd))) {
if (opty != 0) {
if (fd >= 0)
close(fd);
if (sfd >= 0)
close(sfd);
return -1;
}
if ((char *)0 == (pcName = ttyname(sfd))) {
close(fd);
close(sfd);
return -1;
}
BuildString((char *)0, slave);
BuildString(pcName, slave);
(void)strcpy(acSlave, pcName);
*slave = acSlave;
*slaveFD = sfd;
return fd;
}
#else
/*
* Below is the string for finding /dev/ptyXX. For each architecture we
* leave some pty's world writable because we don't have source for
* everything that uses pty's. For the most part, we'll be trying to
* make /dev/ptyq* the "free" pty's.
*/
/* all the world's a vax ;-) */
static char charone[] = "prstuvwxyzPQRSTUVWq";
static char chartwo[] =
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
# if defined(_AIX)
/*
* get a pty for the user (emulate the neato sequent call) (mm)
*/
static int
getpseudotty(slave, master)
char **master, **slave;
{
int fd;
#if (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX)
int fd = -1;
int sfd = -1;
char *pcName;
#if HAVE_SIGACTION
sigset_t oldmask, newmask;
#else
extern RETSIGTYPE FlagReapVirt PARAMS((int));
#endif
int c;
/* clone list and idea stolen from xemacs distribution */
static char *clones[] = {
"/dev/ptmx", /* Various systems */
"/dev/ptm/clone", /* HPUX */
"/dev/ptc", /* AIX */
"/dev/ptmx_bsd", /* Tru64 */
(char *)0
};
if (0 > (fd = open("/dev/ptc", O_RDWR | O_NDELAY, 0))) {
/* try to find the pty allocator */
for (c = 0; clones[c] != (char *)0; c++) {
if ((fd = open(clones[c], O_RDWR, 0)) >= 0)
break;
}
if (fd < 0)
return -1;
#if HAVE_SIGACTION
sigemptyset(&newmask);
sigaddset(&newmask, SIGCHLD);
if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
strerror(errno));
#else
SimpleSignal(SIGCHLD, SIG_DFL);
#endif
#if HAVE_GRANTPT
grantpt(fd); /* change permission of slave */
#endif
#if HAVE_SIGACTION
if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
strerror(errno));
#else
SimpleSignal(SIGCHLD, FlagReapVirt);
#endif
#if HAVE_UNLOCKPT
unlockpt(fd); /* unlock slave */
#endif
#if defined(_AIX)
if ((pcName = ttyname(fd)) == (char *)0) {
close(fd);
return -1;
}
if ((char *)0 == (pcName = ttyname(fd))) {
#else
# if HAVE_PTSNAME
if ((pcName = ptsname(fd)) == (char *)0) {
close(fd);
return -1;
}
(void)strcpy(acSlave, pcName);
*slave = acSlave;
(void)strcpy(acMaster, pcName);
acMaster[7] = 'c';
*master = acMaster;
return fd;
}
# else
/*
* get a pty for the user (emulate the neato sequent call) (ksb)
*/
static int
getpseudotty(slave, master)
char **master, **slave;
{
close(fd);
return -1;
# endif
#endif
/* go ahead and open the slave */
if ((sfd = open(pcName, O_RDWR, 0)) < 0) {
Error("GetPseudoTTY(): open(%s): %s", pcName, strerror(errno));
close(fd);
return -1;
}
BuildString((char *)0, slave);
BuildString(pcName, slave);
*slaveFD = sfd;
return fd;
#else
/*
* Below is the string for finding /dev/ptyXX. For each architecture we
* leave some pty's world writable because we don't have source for
* everything that uses pty's. For the most part, we'll be trying to
* make /dev/ptyq* the "free" pty's.
*/
/* all the world's a vax ;-) */
static char charone[] = "prstuvwxyzPQRSTUVWq";
static char chartwo[] =
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
static char acMaster[] = "/dev/ptyXX";
static char acSlave[] = "/dev/ttyXX";
static char *pcOne = charone, *pcTwo = chartwo;
int fd, iLoop, iIndex = sizeof("/dev/pty") - 1;
int fd, sfd, iLoop, iIndex = sizeof("/dev/pty") - 1;
char *pcOld1;
struct stat statBuf;
@ -187,32 +216,53 @@ getpseudotty(slave, master)
acSlave[iIndex] = *pcOne;
acSlave[iIndex + 1] = *pcTwo;
if (-1 == access(acSlave, F_OK)) {
(void)close(fd);
close(fd);
continue;
}
break;
}
*master = acMaster;
*slave = acSlave;
return fd;
}
# endif /* _AIX */
#endif
/*
* get a Joe pty bacause the daemon is not with us, sadly. (ksb)
*/
int
FallBack(pcSlave, pcMaster)
char *pcSlave, *pcMaster;
{
int fd;
char *pcTSlave, *pcTMaster;
if (-1 == (fd = getpseudotty(&pcTSlave, &pcTMaster))) {
/* go ahead and open the slave */
if ((sfd = open(acSlave, O_RDWR, 0)) < 0) {
Error("GetPseudoTTY(): open(%s): %s", acSlave, strerror(errno));
close(fd);
return -1;
}
(void)strcpy(pcSlave, pcTSlave);
(void)strcpy(pcMaster, pcTMaster);
BuildString((char *)0, slave);
BuildString(acSlave, slave);
*slaveFD = sfd;
return fd;
#endif /* (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX) */
#endif /* HAVE_OPENPTY */
}
/*
* get a pty using the GetPseudoTTY code above
*/
int
#if PROTOTYPES
FallBack(char **slave, int *sfd)
#else
FallBack(slave, sfd)
char **slave;
int *sfd;
#endif
{
int fd;
static STRING *pcTSlave = (STRING *)0;
if (pcTSlave == (STRING *)0)
pcTSlave = AllocString();
if ((fd = GetPseudoTTY(pcTSlave, sfd)) == -1) {
return -1;
}
if ((*slave) != (char *)0)
free(*slave);
if (((*slave) = strdup(pcTSlave->string))
== (char *)0)
OutOfMem();
return fd;
}

5226
conserver/group.c
View File

File diff suppressed because it is too large Load Diff

41
conserver/group.h
View File

@ -1,7 +1,7 @@
/*
* $Id: group.h,v 5.17 2001-07-11 12:48:01-07 bryan Exp $
* $Id: group.h,v 5.38 2003-09-19 08:58:18-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -34,19 +34,40 @@
* 4. This notice may not be removed or altered.
*/
#define MAXPSWDLEN 16 /* max length of encrypted password */
/* return values used by CheckPass()
*/
#define AUTH_SUCCESS 0 /* ok */
#define AUTH_NOUSER 1 /* no user */
#define AUTH_INVALID 2 /* invalid password */
typedef struct grpent { /* group info */
unsigned int id; /* uniqueue group id */
unsigned short port; /* port group listens on */
int pid; /* pid of server for group */
pid_t pid; /* pid of server for group */
int imembers; /* number of consoles in this group */
CONSENT *pCElist; /* list of consoles in this group */
CONSENT *pCEctl; /* our control `console' */
CONSCLIENT *pCLall; /* all clients to scan after select */
char passwd[MAXPSWDLEN]; /* encrypted password for this group */
CONSCLIENT *pCLfree; /* head of free list */
struct grpent *pGEnext; /* next group entry */
} GRPENT;
extern void Spawn();
extern int CheckPass();
extern const char *strtime();
extern void tagLogfile();
extern void Spawn PARAMS((GRPENT *));
extern int CheckPass PARAMS((char *, char *));
extern void TagLogfile PARAMS((const CONSENT *, char *, ...));
extern void TagLogfileAct PARAMS((const CONSENT *, char *, ...));
extern void CleanupBreak PARAMS((short));
extern void DestroyGroup PARAMS((GRPENT *));
extern void DestroyConsent PARAMS((GRPENT *, CONSENT *));
extern void SendClientsMsg PARAMS((CONSENT *, char *));
extern void ResetMark PARAMS((void));
extern void DestroyConsentUsers PARAMS((CONSENTUSERS **));
extern CONSENTUSERS *ConsentFindUser PARAMS((CONSENTUSERS *, char *));
extern void DisconnectClient
PARAMS((GRPENT *, CONSCLIENT *, char *, FLAG));
extern int ClientAccess PARAMS((CONSENT *, char *));
extern void DestroyClient PARAMS((CONSCLIENT *));
extern int CheckPasswd PARAMS((CONSCLIENT *, char *));
#if HAVE_OPENSSL
extern int AttemptSSL PARAMS((CONSCLIENT *));
#endif

1570
conserver/main.c
View File

File diff suppressed because it is too large Load Diff

28
conserver/main.h
View File

@ -1,7 +1,7 @@
/*
* $Id: main.h,v 5.27 2001-07-11 12:52:57-07 bryan Exp $
* $Id: main.h,v 5.49 2003-06-15 19:50:28-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -37,16 +37,18 @@
/* program options and stuff
*/
extern char rcsid[];
extern int fAll, fVerbose, fSoftcar, fNoinit, fInteractive, fStrip,
fDaemon;
extern char chDefAcc;
extern unsigned long bindAddr;
extern unsigned int bindPort, bindBasePort;
extern char *pcLogfile;
extern int fAll, fNoinit, fInteractive, fStrip, fDaemon, fReopen,
fNoautoreup, fSyntaxOnly;
extern in_addr_t bindAddr;
extern unsigned short bindPort, bindBasePort;
extern char *pcConfig;
extern char *pcPasswd;
extern int cMaxMemb;
extern struct sockaddr_in in_port;
extern char acMyHost[];
extern struct in_addr acMyAddr;
extern int domainHack;
extern void reopenLogfile();
extern int isMaster;
extern CONFIG *optConf;
extern CONFIG *config;
#if HAVE_OPENSSL
extern SSL_CTX *ctx;
#endif
extern void ReopenLogfile PARAMS((void));
extern void DumpDataStructures PARAMS((void));

1049
conserver/master.c
View File

File diff suppressed because it is too large Load Diff

8
conserver/master.h
View File

@ -1,7 +1,7 @@
/*
* $Id: master.h,v 5.11 2001-07-09 02:16:53-07 bryan Exp $
* $Id: master.h,v 5.16 2003-03-06 10:13:41-08 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -37,5 +37,5 @@
/*
* stuff the master process needs
*/
extern void Master();
extern void SignalKids();
extern void Master PARAMS((void));
extern void SignalKids PARAMS((int));

79
conserver/port.h
View File

@ -1,79 +0,0 @@
/*
* $Id: port.h,v 1.28 2001-07-17 14:14:36-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
* Copyright GNAC, Inc., 1998
*/
#include <config.h>
/*
* Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
* 47907. All rights reserved.
*
* Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
*
* This software is not subject to any license of the American Telephone
* and Telegraph Company or the Regents of the University of California.
*
* Permission is granted to anyone to use this software for any purpose on
* any computer system, and to alter it and redistribute it freely, subject
* to the following restrictions:
*
* 1. Neither the authors nor Purdue University are responsible for any
* consequences of the use of this software.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Credit to the authors and Purdue
* University must appear in documentation and sources.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software.
*
* 4. This notice may not be removed or altered.
*/
/* Wait for a part of a second before slapping console server.
* Good for CISCO terminal servers that get upset when you
* attack with intense socket connections
*/
#if !defined(USLEEP_FOR_SLOW_PORTS)
# define USLEEP_FOR_SLOW_PORTS 100000
#endif
/* the default escape sequence used to give meta commands
*/
#if !defined(DEFATTN)
# define DEFATTN '\005'
#endif
#if !defined(DEFESC)
# define DEFESC 'c'
#endif
/* the max number of characters conserver will replay for you (the r command)
*/
#if !defined(MAXREPLAY)
# define MAXREPLAY (80*25)
#endif
/* communication constants
*/
#define OB_SUSP 'Z' /* suspended by server */
#define OB_DROP '.' /* dropped by server */
/* For legacy compile-time setting of the port...
*/
#if ! defined(DEFPORT)
# if defined(SERVICENAME)
# define DEFPORT SERVICENAME
# else
# if defined(PORTNUMBER)
# define DEFPORT PORTNUMBER
# else
# define DEFPORT "conserver"
# endif
# endif
#endif

4468
conserver/readcfg.c
View File

File diff suppressed because it is too large Load Diff

77
conserver/readcfg.h
View File

@ -1,51 +1,46 @@
/*
* $Id: readcfg.h,v 5.12 2001-07-06 17:11:47-07 bryan Exp $
* $Id: readcfg.h,v 5.31 2003-08-21 15:02:16-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
* Copyright GNAC, Inc., 1998
*/
/*
* Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
* 47907. All rights reserved.
*
* Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
*
* This software is not subject to any license of the American Telephone
* and Telegraph Company or the Regents of the University of California.
*
* Permission is granted to anyone to use this software for any purpose on
* any computer system, and to alter it and redistribute it freely, subject
* to the following restrictions:
*
* 1. Neither the authors nor Purdue University are responsible for any
* consequences of the use of this software.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Credit to the authors and Purdue
* University must appear in documentation and sources.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software.
*
* 4. This notice may not be removed or altered.
*/
typedef struct config {
STRING *name;
char defaultaccess;
FLAG daemonmode;
char *logfile;
char *passwdfile;
char *primaryport;
FLAG redirect;
int reinitcheck;
char *secondaryport;
#if HAVE_OPENSSL
char *sslcredentials;
FLAG sslrequired;
#endif
} CONFIG;
/* we read in which hosts to trust and which ones we proxy for
* from a file, into these structures
*/
typedef struct breaks {
STRING *seq;
int delay;
} BREAKS;
extern GRPENT aGroups[MAXGRP]; /* group info */
extern CONSENT aConsoles[MAXGRP * MAXMEMB]; /* console list */
extern NAMES *userList; /* user list */
extern GRPENT *pGroups; /* group info */
extern REMOTE *pRCList; /* list of remote consoles we know about */
extern ACCESS *pACList; /* `who do you love' (or trust) */
extern REMOTE *pRCUniq; /* list of uniq console servers */
extern ACCESS *pACList; /* `who do you love' (or trust) */
extern CONSENTUSERS *pADList; /* list of admin users */
extern BREAKS breakList[9]; /* list of break sequences */
extern CONFIG *pConfig; /* settings seen by config parser */
extern int
iAccess; /* how many access restrictions we have */
extern int
iLocal; /* how many local consoles we have */
extern void ReadCfg();
extern void ReadCfg PARAMS((char *, FILE *));
extern void ReReadCfg PARAMS((int));
extern void DestroyBreakList PARAMS((void));
extern void DestroyUserList PARAMS((void));
extern void DestroyConfig PARAMS((CONFIG *));
extern NAMES *FindUserList PARAMS((char *));
extern NAMES *AddUserList PARAMS((char *));
extern CONSENT *FindConsoleName PARAMS((CONSENT *, char *));

1651
conserver/util.c
View File

File diff suppressed because it is too large Load Diff

143
conserver/util.h
View File

@ -1,11 +1,26 @@
/*
* $Id: util.h,v 1.8 2001-07-22 12:54:59-07 bryan Exp $
* $Id: util.h,v 1.52 2003-08-23 11:06:35-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*/
#if PROTOTYPES
#include <stdarg.h>
#else
#include <varargs.h>
#endif
#if HAVE_OPENSSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
/* communication constants
*/
#define OB_SUSP 'Z' /* suspended by server */
#define OB_DROP '.' /* dropped by server */
/* Struct to wrap information about a "file"...
* This can be a socket, local file, whatever. We do this so
* we can add encryption to sockets (and generalize I/O).
@ -13,42 +28,112 @@
enum consFileType {
simpleFile,
simpleSocket,
#ifdef TLS_SUPPORT
TLSSocket,
#if HAVE_OPENSSL
SSLSocket,
#endif
nothing
};
typedef enum IOState {
ISDISCONNECTED = 0,
INCONNECT,
ISNORMAL,
#if HAVE_OPENSSL
INSSLACCEPT,
INSSLSHUTDOWN,
#endif
ISFLUSHING
} IOSTATE;
typedef enum flag {
FLAGUNKNOWN = 0,
FLAGTRUE,
FLAGFALSE
} FLAG;
typedef struct dynamicString {
char *string;
int used;
int allocated;
struct dynamicString *next;
struct dynamicString *prev;
} STRING;
typedef struct consFile {
/* Standard socket type stuff */
enum consFileType ftype;
int fd;
#ifdef TLS_SUPPORT
/* TLS/SSL stuff */
SSL_CTX *ctx;
SSL *sslfd;
BIO *sbio;
int ctx_connections;
STRING *wbuf;
#if HAVE_OPENSSL
/* SSL stuff */
SSL *ssl;
FLAG waitForWrite;
FLAG waitForRead;
#endif
/* Add crypto stuff to suit */
} CONSFILE;
extern void Debug();
extern void Error();
extern void Info();
extern int outputPid, fDebug;
extern int isMultiProc, fDebug, fVerbose, fErrorPrinted;
extern char *progname;
extern int thepid;
extern void simpleSignal();
extern int maxfiles();
extern void FmtCtlStr();
extern CONSFILE *fileOpenFD();
extern CONSFILE *fileOpen();
extern int fileClose();
extern int fileRead();
extern int fileWrite();
extern int fileStat();
extern int fileSeek();
extern int fileSend();
extern int fileFDNum();
extern void OutOfMem();
extern char *buildString();
extern pid_t thepid;
#define MAXHOSTNAME 1024
extern char myHostname[];
extern struct in_addr *myAddrs;
extern fd_set rinit;
extern fd_set winit;
extern int maxfd;
extern int debugLineNo;
extern char *debugFileName;
extern const char *StrTime PARAMS((time_t *));
extern void Debug PARAMS((int, char *, ...));
extern void Error PARAMS((char *, ...));
extern void Msg PARAMS((char *, ...));
extern void Verbose PARAMS((char *, ...));
extern void SimpleSignal PARAMS((int, RETSIGTYPE(*)(int)));
extern int GetMaxFiles PARAMS(());
extern char *FmtCtl PARAMS((int, STRING *));
extern void FmtCtlStr PARAMS((char *, int, STRING *));
extern CONSFILE *FileOpenFD PARAMS((int, enum consFileType));
extern CONSFILE *FileOpen PARAMS((const char *, int, int));
extern int FileClose PARAMS((CONSFILE **));
extern int FileRead PARAMS((CONSFILE *, void *, int));
extern int FileWrite PARAMS((CONSFILE *, char *, int));
extern void FileVWrite PARAMS((CONSFILE *, char *, va_list));
extern void FilePrint PARAMS((CONSFILE *, char *, ...));
extern int FileStat PARAMS((CONSFILE *, struct stat *));
extern int FileSeek PARAMS((CONSFILE *, off_t, int));
extern int FileSend PARAMS((CONSFILE *, const void *, size_t, int));
extern int FileFDNum PARAMS((CONSFILE *));
extern int FileUnopen PARAMS((CONSFILE *));
extern void OutOfMem PARAMS(());
extern char *BuildTmpString PARAMS((const char *));
extern char *BuildTmpStringChar PARAMS((const char));
extern char *BuildString PARAMS((const char *, STRING *));
extern char *BuildStringChar PARAMS((const char, STRING *));
extern char *BuildStringPrint PARAMS((STRING *, char *, ...));
extern char *BuildStringN PARAMS((const char *, int, STRING *));
extern char *ShiftString PARAMS((STRING *, int));
extern void InitString PARAMS((STRING *));
extern void DestroyString PARAMS((STRING *));
extern void DestroyStrings PARAMS((void));
extern STRING *AllocString PARAMS((void));
extern char *ReadLine PARAMS((FILE *, STRING *, int *));
extern enum consFileType FileGetType PARAMS((CONSFILE *));
extern void FileSetType PARAMS((CONSFILE *, enum consFileType));
extern void Bye PARAMS((int));
extern void DestroyDataStructures PARAMS((void));
extern int IsMe PARAMS((char *));
extern char *PruneSpace PARAMS((char *));
extern int FileCanRead PARAMS((CONSFILE *, fd_set *, fd_set *));
extern int FileCanWrite PARAMS((CONSFILE *, fd_set *, fd_set *));
extern int FileBufEmpty PARAMS((CONSFILE *));
extern int SetFlags PARAMS((int, int, int));
#if HAVE_OPENSSL
extern SSL *FileGetSSL PARAMS((CONSFILE *));
extern void FileSetSSL PARAMS((CONSFILE *, SSL *));
extern int SSLVerifyCallback PARAMS((int, X509_STORE_CTX *));
extern int FileSSLAccept PARAMS((CONSFILE *));
extern int FileCanSSLAccept PARAMS((CONSFILE *, fd_set *, fd_set *));
#endif

6
conserver/version.h
View File

@ -1,7 +1,7 @@
/*
* $Id: version.h,v 1.26 2001-07-26 11:53:55-07 bryan Exp $
* $Id: version.h,v 1.46 2003-09-22 10:41:28-07 bryan Exp $
*
* Copyright conserver.com, 2000-2001
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
@ -14,4 +14,4 @@
@(#) Copyright 2000 conserver.com.\n\
All rights reserved.\n"
#define THIS_VERSION "conserver.com version 7.1.0"
#define THIS_VERSION "conserver.com version 8.0.0"

2
console/Makefile.in
View File

@ -25,7 +25,7 @@ LIBS = @LIBS@
### Makefile rules - no user-servicable parts below
CONSOLE_OBJS = console.o ../conserver/util.o
CONSOLE_OBJS = console.o getpassword.o ../conserver/util.o
CONSOLE_HDRS = ../config.h $(top_srcdir)/compat.h $(top_srcdir)/conserver/port.h
ALL = console

1659
console/console.c
View File

File diff suppressed because it is too large Load Diff

500
console/console.man
View File

@ -1,21 +1,50 @@
.\" $Id: console.man,v 1.11 2001-07-26 10:25:24-07 bryan Exp $
.TH CONSOLE 1 "Local"
.\" $Id: console.man,v 1.33 2003-09-22 08:21:31-07 bryan Exp $
.TH CONSOLE 1 "2003-09-22" "conserver-8.0.0" "conserver"
.SH NAME
console \- console server client program
.SH SYNOPSIS
\fBconsole\fP [\fB\-aAfFGsS\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
[\fB\-p\fP \fIport\fP] [\fB\-e\fP \fIesc\fP] [\fB\-l\fP \fIuser\fP]
\fIconsole\fP
.B console
.RB [ \-aAEfFsS ]
.RB [ \-7Dv ]
.RB [ \-c
.IR cred ]
.BR [ \-M
.IR mach ]
.BR [ \-p
.IR port ]
.BR [ \-e
.IR esc ]
.BR [ \-l
.IR user ]
.I console
.br
\fBconsole\fP [\fB\-hPrRuVwx\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
[\fB\-p\fP \fIport\fP] [\fB\-b\fP \fImessage\fP]
.B console
.RB [ \-hiIPrRuVwWx ]
.RB [ \-7Dv ]
.RB [ \-M
.IR mach ]
.RB [ \-p
.IR port ]
.RB [ \-d
.RI [ user ][\fB@\fP console ]]
.RB [ \- [ bB ]
.IR message ]
.RB [ \-t
.RI [ user ][\fB@\fP console ]
.IR message ]
.br
\fBconsole\fP [\fB\-qQ\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
[\fB\-p\fP \fIport\fP]
.B console
.RB [ \-qQ ]
.RB [ \-7Dv ]
.RB [ \-M
.IR mach ]
.RB [ \-p
.IR port ]
.SH DESCRIPTION
.B Console
is used to manipulate console terminals remotely or to poll running
\fBconserver\fP(8) daemons for status information.
.BR conserver (8)
daemons for status information.
.PP
In the first form above,
.B console
@ -32,39 +61,39 @@ outputs only the requested information and exits.
.B Console
knows only of a primary
.B conserver
host
(see the \fB\-M\fP option below),
to which it initially connects.
host (see the
.B \-M
option below), to which it initially connects.
In a multi-server environment, the primary server may refer
the client to a different server handling the requested console,
or it will provide a list of all servers if required
(as when
or it will provide a list of all servers if required (as when
.B console
is invoked with the
.RB ` \-r '
.B \-r
option).
.B Console
then opens connections to the appropriate server(s).
It is not necessary for the user of
.B console
to know which server manages which consoles,
as long as
to know which server manages which consoles, as long as
.B console
knows a valid primary server
and all available consoles are listed in the primary server's
configuration file.
.SH OPTIONS
.PP
Options may be given as separate arguments (e.g., \fB\-v -w\fP)
or clustered (e.g., \fB\-vw\fP).
Options may be given as separate arguments (e.g.,
.B \-v
.BR \-w )
or clustered (e.g.,
.BR \-vw ).
Options and their arguments may be separated by optional white space.
Option arguments containing spaces or other characters special to the shell
must be quoted.
.TP
.TP 11
.B \-7
Strip the high bit off of all data received,
whether from user input or from the server,
before any processing occurs.
Strip the high bit off of all data received, whether from user
input or from the server, before any processing occurs.
Disallows escape sequence characters with the high bit set.
.TP
.B \-a
@ -72,72 +101,168 @@ Access a console with a two-way (read-write) connection (this is the default).
The connection is dropped to spy mode if someone else is attached read-write.
.TP
.BI \-b message
Broadcast a \fImessage\fP to all users connected to the console server.
Broadcast a
.I message
to all users connected to each server.
.TP
.BI \-B message
Same as
.B \-b
but just send a
.I message
to users on the primary server.
.TP
.BI \-c cred
Load an SSL certificate and key from the PEM encoded file
.IR cred .
.TP
.B \-d
Disconnect the users specified by
.IR user @ console .
You may specify the target as
.I user
(disconnect the
.IR user,
regardless of what console they are attached to),
.RI @ console
(disconnect all users attached to
.IR console ),
or
.IR user @ console
(disconnect the
.I user
attached to
.IR console ).
.TP
.B \-D
Enable debugging output.
.TP
.BI \-e esc
Set the initial two-character escape sequence to
those represented by \fIesc\fP.
Any of the forms output by \fBcat\fP(1)'s \-\fBv\fP option
are accepted. The default value is ``\fB^Ec\fP''.
Set the initial two-character escape sequence to those represented by
.IR esc .
Any of the forms output by
.BR cat (1)'s
.B \-v
option are accepted.
The default value is
.RB `` ^Ec ''.
.TP
.B \-E
If encryption has been built into the code
.RB ( --with-openssl ),
encrypted client connections are a requirement.
This option allows the client to connect to a console
over a non-encrypted connection.
.TP
.B \-f
Same as \fB\-a\fP except it will force any existing connection into spy mode.
.TP
.B \-G
Request a raw connection to the group control virtual console;
this is only useful for learning the protocol used by the
interactive sequence.
Same as
.B \-a
except it will force any existing connection into spy mode.
.TP
.B \-h
Display a brief help message.
.TP
.B \-i
Display information in a machine-parseable format (see below for the details).
.TP
.B \-I
Same as
.B \-i
but just acts on the primary server.
.TP
.BI \-l user
Set the login name used for authentication to \fIuser\fP.
By default, \fBconsole\fP uses $USER if its uid matches the user's real uid,
Set the login name used for authentication to
.IR user .
By default,
.B console
uses $USER if its uid matches the user's real uid,
or $LOGNAME if its uid matches the user's real uid,
or else the name associated with the user's real uid.
.TP
.BI \-M mach
The \fBconsole\fP client program polls \fImach\fP as the primary server,
rather than the default set at compile time (typically ``\fBconsole\fP'').
The default \fImach\fP may be changed at compile time using the
\fB--with-master\fP option.
The
.B console
client program polls
.I mach
as the primary server,
rather than the default set at compile time (typically
.RB `` console '').
The default
.I mach
may be changed at compile time using the
.B --with-master
option.
.TP
.BI \-p port
Set the port to connect to. This may be either a port number
or a service name. The default \fIport\fP may be changed at compile time
using the \fB--with-port\fP option.
Set the port to connect to.
This may be either a port number
or a service name.
The default
.I port
may be changed at compile time
using the
.B --with-port
option.
.TP
.B \-P
Display the pid of the master daemon process on each server.
.TP
.B \-q
The \fBconsole\fP client requests that the server daemon quit (shut down).
A password is sent in the protocol stream; if none is required for
the local host to shut down the server, just press <return>.
The
.B console
client connects to each server to request that the
server daemon quit (shut down).
The root password of the host(s) running conserver is required
unless the local host is listed as ``trusted'' in the
conserver.cf file; in that case, just press <return>.
.TP
.B \-Q
Same as \fB\-q\fP but just acts on the primary server.
Same as
.B \-q
but just acts on the primary server.
.TP
.B \-r
Display daemon versions. The \fBconsole\fP client connects to each
Display daemon versions.
The
.B console
client connects to each
server to request its version information.
.TP
.B \-R
Same as \fB\-r\fP but just acts on the primary server.
Same as
.B \-r
but just acts on the primary server.
.TP
.B \-s
Request a read-only (spy mode) connection.
In this mode all the escape sequences (below) work, or report errors,
but all other keyboard input is discarded.
.TP
.B \-t
Send a text
.I message
to
.IR user @ console .
You may specify the target as
.I user
(send to
.IR user,
regardless of what console they are attached to),
.RI @ console
(send to all users attached to
.IR console ),
or
.IR user @ console
(send to
.I user
attached to
.IR console ).
.TP
.B \-u
Show a list of all consoles with status (`up' or `down')
and attached users (\fIuser\fP@\fIhost\fP if attached read-write,
`<spies>' if only users in spy mode, or `<none>').
and attached users
.RI ( user @ host
if attached read-write, `<spies>' if only users in spy mode, or `<none>').
.TP
.B \-v
Be more verbose when building the connection(s).
@ -150,21 +275,101 @@ and then exit.
.TP
.B \-w
Show a list of all who are currently connected to consoles,
including the hostnames where the \fBconsole\fP connections originate
and the idle times. This is useful to see if anybody is actively
including the hostnames where the
.B console
connections originate and the idle times.
This is useful to see if anybody is actively
using the console system if it becomes necessary to shut down
\fBconserver\fP.
.BR conserver .
.TP
.B \-W
Same as
.B \-w
but just acts on the primary server.
.TP
.B \-x
Show a list of consoles and devices.
.PP
The \fB\-A\fP, \fB\-F\fP, or \fB\-S\fP options have the same effect as
their lower-case variants.
The
.BR \-A ,
.BR \-F ", or"
.B \-S
options have the same effect as their lower-case variants.
In addition, they each request the last 20 lines of the console output after
making the connection (as if `\fB^Ecr\fP' were typed).
making the connection (as if
.RB ` ^Ecr '
were typed).
.PP
The
.B \-i
option outputs information regarding each console in 12 colon-separated fields.
.TP
.I name
The name of the console.
.TP
.I hostname,pid,socket
The hostname, pid, and socket number of the child process managing
the console.
.TP
.I type
The type of console.
Values will be a `/' for a local device, `|' for
a command, or `!' for a remote port.
.TP
.I console-details
The details regarding the console.
The values here (all comma seperated) depend on the type of the console.
Local devices will have values of the device file, baud rate, and
file descriptor for the device.
Commands will have values of the command, the command's pid, the
pseudo-tty, and file descriptor for the pseudo-tty.
Remote ports will have values of the remote hostname, remote port number,
and file descriptor for the socket connection.
.TP
.I users-list
The details of each user connected to the console.
The details for each
user are an `@' seperated list of `w', `r', or `s' (for read-write, read-only,
or suspended), username, hostname the user is on, the user's idle time,
and (for `r' and `s' users only) ``rw'' or ``ro'' (if the user wants
read-write mode or not).
Each user bundle is seperated by commas.
.TP
.I state
The state of the console.
Values with either be ``up'' or ``down''.
.TP
.I perm
This value will either be ``rw'' or ``ro''.
It will only be ``ro'' if
the console is a local device (`/' type) and the permissions are such
that the server can open the file for read, but not write.
.TP
.I logfile-details
The details regarding the logging for the console.
The comma seperated
values will be the logfile, ``log'' or ``nolog'' (if logging is on
or not - toggled via ^EcL), ``act'' or ``noact'' (if activity logging is
enabled or not - the `a' timestamp option), the timestamp interval, and
the file descriptor of the logfile.
.TP
.I break
The default break sequence used for the console.
.TP
.I reup
If the console is currently down and the automatic reconnection code
is at work, it will have the value of ``autoup'', otherwise it
will be ``noautoup''.
.TP
.I aliases
The console aliases are presented in a comma seperated list.
.TP
.I options
The active options for the console are presented in a comma seperated list.
.SH "ESCAPE SEQUENCES"
The connection can be controlled by a two-character escape sequence, followed
by a command. The default escape sequence is ``control-E c''
by a command.
The default escape sequence is ``control-E c''
(octal 005 143).
(The escape sequences are actually processed by the server; see the
.BR conserver (8)
@ -172,51 +377,81 @@ man page for more information.)
Commands are:
.sp
.PD 0
.IP a
.TP 13
.B a
attach read-write if nobody already is
.IP c
.TP
.B b
send broadcast message to all users on this console
.TP
.B c
toggle flow control (don't do this)
.IP d
.TP
.B d
down the current console
.IP e\fIcc\fP
.TP
.BI e cc
change the escape sequence to the next two characters
.IP f
.TP
.B f
forcibly attach read-write
.IP g
.TP
.B g
group info
.IP L
.TP
.B L
toggle logging on/off
.IP l1
send a 3-second serial line break (might halt a Sun)
("ell" then "one", not the L1 key)
.IP o
.TP
.B l?
list the break sequences available
.TP
.B l0
send the break sequence associated with this console
.TP
.B l1-9
send the specific break sequence
.TP
.B o
close (if open) and reopen the line (to clear errors (silo overflows))
and the log file
.IP p
.TP
.B p
replay the last 60 lines of output
.IP r
.TP
.B r
replay the last 20 lines of output
.IP s
.TP
.B s
switch to spy mode (read-only)
.IP u
.TP
.B u
show status of hosts/users in this group
.IP v
.TP
.B v
show the version of the group server
.IP w
.TP
.B w
who is using this console
.IP x
.TP
.B x
examine this group's devices and modes
.IP z
.TP
.B z
suspend this connection
.IP ?
.TP
.B ?
display list of commands
.IP "^M (return)"
.TP
.BR ^M " (return)"
continue, ignore the escape sequence
.IP "^R (ctrl-R)"
.TP
.BR ^R " (ctrl-R)"
replay the last line only
.IP \\\fIooo\fP
send character having octal code \fIooo\fP
(must specify three octal digits)
.TP
.BI \e ooo
send character having octal code
.IR ooo " (must"
specify three octal digits)
.IP \.
disconnect
.PD
@ -226,67 +461,82 @@ will be discarded.
Note that a line break or a down command
can only be sent from a full two-way attachment.
To send the escape sequence through the connection one must redefine
the outer escape sequence, or use \fB^Ec\\\fP\fIooo\fP to send the
the outer escape sequence, or use
.BI ^Ec\e ooo
to send the
first escape character before typing the second character directly.
.PP
In the \fB\-u\fP output, the login ``<none>'' indicates no one is
In the
.B \-u
output, the login ``<none>'' indicates no one is
viewing that console, and the login ``<spies>'' indicates that
no one has a full two-way attachment. When no one is attached to
a console its output is cloned to the stdout of the server process
if \fBconserver\fP was started with the \fB\-u\fP option.
no one has a full two-way attachment.
When no one is attached to
a console its output is cloned to the stdout of the server process if
.B conserver
was started with the
.B \-u
option.
.SH EXAMPLES
.TP
.TP 15
console \-u
Outputs something like:
.sp
.RS
.ta 18n 24n
dumb up <none>
.br
expert up ksb@mentor
.br
tyro up <spies>
.br
mentor up <none>
.br
sage up fine@cis
.DT
.RE
.IP
The \fB<none>\fP indicates no one is viewing \fIdumb\fP or \fImentor\fP,
the \fB<spies>\fP indicates only read-only connections exist for \fItyro\fP,
.ft CR
.nf
dumb up <none>
expert up ksb@mentor
tyro up <spies>
mentor up <none>
sage up fine@cis
.fi
.ft
.IP
The
.B <none>
indicates no one is viewing
.IR dumb
or
.IR mentor ,
the
.B <spies>
indicates only read-only connections exist for
.IR tyro ,
and other
.IR login @ host
entries indicate users attached read-write to
.I sage
and
other \fIlogin\fP@\fIhost\fP entries indicate users attached read-write to
\fIsage\fP and \fIexpert\fP.
.IR expert .
.TP
console \-w
Outputs something like:
.sp
.RS
.ta 18n 26n 32n
ksb@extra attach 2days expert
.br
file@cis attach 21:46 sage
.br
dmr@alice spy \00:04 tyro
.DT
.RE
.IP
.ft CR
.nf
ksb@extra attach 2days expert
file@cis attach 21:46 sage
dmr@alice spy \00:04 tyro
.fi
.ft
.IP
The third column is the idle time of the user.
Either \fIhours\fP:\fIminutes\fP or number of days is displayed.
Either
.IR hours : minutes
or number of days is displayed.
.TP
console \-e \*(lq^[1\*(rq lv426
console \-e "^[1" lv426
Requests a connection to the host ``lv426'' with the escape characters
set to ``escape one''.
.SH BUGS
Connections suspended under Dynix sometimes break the kernel when
resumed.
.PP
It is possible to create a loop of console connections, with ugly results.
Never run \fBconsole\fP from within a console connection (unless you set each
Never run
.B console
from within a console connection (unless you set each
escape sequence differently).
.PP
The \fB\-G\fP option doesn't help to explain how connections get built.
I'm sure there are more, I just don't know where they are.
Please let me know if you find any.
.SH AUTHORS
Thomas A. Fine, Ohio State Computer Science
.br

159
console/getpassword.c Normal file
View File

@ -0,0 +1,159 @@
/*
* $Id: getpassword.c,v 1.6 2003-09-12 10:36:19-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*
* Copyright GNAC, Inc., 1998
*/
#include <compat.h>
#include <pwd.h>
#include <util.h>
#include <version.h>
/* the next two routines assure that the users tty is in the
* correct mode for us to do our thing
*/
static int screwy = 0;
static struct termios o_tios;
/* this holds the password given to us by the user */
static STRING *pass = (STRING *)0;
/*
* show characters that are already tty processed,
* and read characters before cononical processing
* we really use cbreak at PUCC because we need even parity...
*/
static void
#if PROTOTYPES
C2Raw(int fd)
#else
C2Raw(fd)
int fd;
#endif
{
struct termios n_tios;
if (!isatty(fd) || 0 != screwy)
return;
if (0 != tcgetattr(fd, &o_tios)) {
Error("tcgetattr(%d): %s", fd, strerror(errno));
exit(EX_UNAVAILABLE);
}
n_tios = o_tios;
n_tios.c_iflag &= ~(IUCLC | IXON);
n_tios.c_oflag &= ~OPOST;
n_tios.c_lflag &= ~(ISIG | ECHO | IEXTEN);
n_tios.c_cc[VMIN] = 1;
n_tios.c_cc[VTIME] = 0;
if (0 != tcsetattr(fd, TCSANOW, &n_tios)) {
Error("tcsetattr(%d, TCSANOW): %s", fd, strerror(errno));
exit(EX_UNAVAILABLE);
}
screwy = 1;
}
/*
* put the tty back as it was, however that was
*/
static void
#if PROTOTYPES
C2Normal(int fd)
#else
C2Normal(fd)
int fd;
#endif
{
if (!screwy)
return;
tcsetattr(fd, TCSANOW, &o_tios);
screwy = 0;
}
char *
#if PROTOTYPES
GetPassword(char *prompt)
#else
GetPassword(prompt)
char *prompt;
#endif
{
int fd;
int nc;
char buf[BUFSIZ];
int done = 0;
if (prompt == (char *)0)
prompt = "";
if ((pass = AllocString()) == (STRING *)0)
OutOfMem();
BuildString((char *)0, pass);
if ((fd = open("/dev/tty", O_RDWR)) == -1) {
Error("could not open `/dev/tty': %s", strerror(errno));
return (char *)0;
}
C2Raw(fd);
write(fd, prompt, strlen(prompt));
while (!done) {
int i;
if ((nc = read(0, buf, sizeof(buf))) == 0)
break;
for (i = 0; i < nc; ++i) {
if (buf[i] == 0x0d || buf[i] == 0x0a) {
/* CR, NL */
done = 1;
break;
} else
BuildStringChar(buf[i], pass);
}
}
C2Normal(fd);
/*
{
static STRING *c = (STRING *) 0;
if ((c = AllocString()) == (STRING *) 0)
OutOfMem();
write(fd, "\n'", 2);
if (pass->used) {
FmtCtlStr(pass->string, pass->used - 1, c);
write(fd, c->string, c->used - 1);
}
write(fd, "'\n", 2);
}
*/
write(fd, "\n", 1);
close(fd);
/* this way a (char*)0 is only returned on error */
if (pass->string == (char *)0)
return "";
else
return pass->string;
}
void
#if PROTOTYPES
ClearPassword(void)
#else
ClearPassword()
#endif
{
if (pass == (STRING *)0 || pass->allocated == 0)
return;
#if HAVE_MEMSET
memset((void *)(pass->string), '\000', pass->allocated);
#else
bzero((char *)(pass->string), pass->allocated);
#endif
BuildString((char *)0, pass);
}

10
console/getpassword.h Normal file
View File

@ -0,0 +1,10 @@
/*
* $Id: getpassword.h,v 1.3 2003-09-11 02:10:58-07 bryan Exp $
*
* Copyright conserver.com, 2000
*
* Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
*/
extern char *GetPassword PARAMS((char *));
extern void *ClearPassword PARAMS((void));

6
contrib/README
View File

@ -8,11 +8,15 @@ Various contributions by folks....
Author: Paul Heinlein <heinlein@measurecast.com>
Synopsis: Files for a Redhat-tuned RPM
maketestcerts
Author: Bryan Stansell <bryan@conserver.com>
Synopsis: Silly script I used to create test SSL certs
I can't verify that these scripts will work for everyone. Hopefully they
will be helpful.
Bryan Stansell
#
# $Id: README,v 1.2 2001-06-15 06:02:59-07 bryan Exp $
# $Id: README,v 1.3 2002-10-13 19:57:44-07 bryan Exp $
#

54
contrib/maketestcerts Executable file
View File

@ -0,0 +1,54 @@
#!/bin/sh
#
# This is a "simple" script that I've used to create test certificates
# for conserver and it's OpenSSL bits. It's far from perfect...or useful
# outside of my own purposes. If this helps, cool. In the end I put the
# rootcert.pem file in my global certs directory (OPENSSL_ROOT/ssl/certs),
# point the server to server.pem and point the client at client.pem. I
# then run the c_rehash command (I supposed it helps or is important).
# When it asks for a passphrase, use 'pass', otherwise this script won't
# work. Ugly, yeah, but it's an ok test.
#
[ -f rootreq.pem -a -f rootkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -passin pass:pass -passout pass:pass
US
California
Folsom
conserver.com
Conserver CA
conserver.com
EOD
[ -f rootcert.pem ] || openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca -signkey rootkey.pem -out rootcert.pem
[ -f root.pem ] || cat rootcert.pem rootkey.pem > root.pem
[ -f serverreq.pem -a -f serverkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem -passin pass:pass -passout pass:pass
US
California
Folsom
conserver.com
conserver
conserver
EOD
[ -f servercert.pem ] || openssl x509 -req -in serverreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out servercert.pem
[ -f server.pem ] || cat servercert.pem serverkey.pem rootcert.pem > server.pem
[ -f clientreq.pem -a -f clientkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem -passin pass:pass -passout pass:pass
US
California
Folsom
conserver.com
console
console
EOD
[ -f clientcert.pem ] || openssl x509 -req -in clientreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem
[ -f client.pem ] || cat clientcert.pem clientkey.pem rootcert.pem > client.pem

5
contrib/redhat-rpm/conserver.init
View File

@ -38,8 +38,9 @@ case "$1" in
status conserver
;;
restart)
$0 stop
$0 start
echo -n "Restarting conserver: "
killproc conserver -HUP
echo
;;
*)
echo "Usage: conserver {start|stop|restart|status}"

9
contrib/redhat-rpm/conserver.spec
View File

@ -4,7 +4,7 @@
#
%define pkg conserver
%define ver 7.1.0
%define ver conserver-8.0.0
# define the name of the machine on which the main conserver
# daemon will be running if you don't want to use the default
@ -96,7 +96,8 @@ fi
%config(noreplace) %{_sysconfdir}/conserver.passwd
%attr(555,root,root) %{_initrddir}/conserver
%{prefix}/bin/console
%{prefix}/man/man1/console.1.gz
%{prefix}/man/man8/conserver.8.gz
%{prefix}/man/man8/conserver.cf.8.gz
%{prefix}/share/man/man1/console.1.gz
%{prefix}/share/man/man8/conserver.8.gz
%{prefix}/share/man/man5/conserver.cf.5.gz
%{prefix}/share/man/man5/conserver.passwd.5.gz
%{prefix}/sbin/conserver

1
contrib/solaris-package/Makefile
View File

@ -39,4 +39,5 @@ fakeinstall:
$(FIXMANCMD) man_tbl_header $(BUILDDIR)/conserver/conserver.man > $(MAN1MDIR)/conserver.$(MAN1MEXT)
$(FIXMANCMD) man_tbl_header $(BUILDDIR)/console/console.man > $(MAN1MDIR)/console.$(MAN1MEXT)
$(FIXMANCMD) $(BUILDDIR)/conserver.cf/conserver.cf.man > $(MAN4DIR)/conserver.cf.$(MAN4EXT)
$(FIXMANCMD) $(BUILDDIR)/conserver.cf/conserver.passwd.man > $(MAN4DIR)/conserver.passwd.$(MAN4EXT)
$(FIXSCRIPTCMD) $(BUILDDIR)/conserver/conserver.rc > $(LIBDIR)/conserver.rc

2
contrib/solaris-package/pkginfo
View File

@ -1,7 +1,7 @@
PKG="conserver"
NAME="Console server and client"
CATEGORY="system"
VERSION="7.1.0"
VERSION="conserver-8.0.0"
DESC="Console server and client"
CLASSES=none
ARCH=sparc

5
contrib/solaris-package/prototype
View File

@ -10,5 +10,6 @@ d none share/man 0755 bin bin
d none share/man/man1m 0755 bin bin
f none share/man/man1m/conserver.1m 0644 bin bin
f none share/man/man1m/console.1m 0644 bin bin
d none share/man/man4 0755 bin bin
f none share/man/man4/conserver.cf.4 0644 bin bin
d none share/man/man5 0755 bin bin
f none share/man/man5/conserver.cf.5 0644 bin bin
f none share/man/man5/conserver.passwd.5 0644 bin bin

97
test/dotest Executable file
View File

@ -0,0 +1,97 @@
#!/bin/sh
pid=0
testnum=0
exitval=0
cleanup()
{
[ -f test.out ] && rm -f test.out
[ -f c.cf ] && rm -f c.cf
[ $pid -eq 0 ] && return 0
kill $pid
for i in *.log; do
[ "$i" != "conserver.log" ] && [ -f "$i" ] && rm -f "$i";
done
[ "$exitval" = 0 ] && rm -f conserver.log
exit $exitval
}
dotest()
{
testnum=`expr $testnum + 1`
$ECHO "executing test #$testnum...$EE"
if [ "$2" ]; then
eval "$2" > test.out 2>&1
else
echo "$1" | \
../console/console -M 127.0.0.1 -p 7777 shell > test.out 2>&1
fi
if [ "$record" ]; then
echo "recorded"
mv test.out results/test$testnum
else
if [ -f results/test$testnum ]; then
if diff -i test.out results/test$testnum >test$testnum.diff 2>&1; then
echo "succeded"
rm -f test$testnum.diff
else
echo "failed (diffs in test$testnum.diff)"
exitval=1
fi
else
echo "unknown (not recorded)"
fi
rm -f test.out
fi
}
[ ! -f ../conserver/conserver -o ! -f ../console/console ] && \
echo 'binaries do not exist - did you run make yet?' && exit 1
trap cleanup 15
if [ "`echo -n`" = "-n" ]; then
ECHO="echo"
EE="\c"
else
ECHO="echo -n"
EE=""
fi
$ECHO "starting conserver...$EE"
rm -f c.cf
cp test1.cf c.cf
../conserver/conserver -M 127.0.0.1 -p 7777 -v -C c.cf \
-P test.passwd -m 32 > conserver.log 2>&1 &
pid=$!
echo "pid $pid"
sleep 3
[ ! -d results ] && mkdir results
dotest EVAL "../console/console -M 127.0.0.1 -p 7777 -u | sed -e 's/[0-9][0-9]*//g' -e 's/[ ][ ]*/ /g'"
dotest 'c?c.'
dotest 'cl?c.'
dotest 'cdc.'
dotest 'coc.'
echo "moving in second config file"
rm -f c.cf
cp test2.cf c.cf
kill -1 $pid
sleep 3
dotest EVAL "../console/console -M 127.0.0.1 -p 7777 -u | sed -e 's/[0-9][0-9]*//g' -e 's/[ ][ ]*/ /g'"
dotest 'c?c.'
dotest 'cl?c.'
dotest 'cdc.'
dotest 'coc.'
dotest EVAL "echo 'tu.' | ../console/console -M 127.0.0.1 -p 7777 -e 'tu' shell"
dotest EVAL "../console/console -M 127.0.0.1 -p 7777 -P | sed -e 's/:.*//'"
dotest EVAL "../console/console -M 127.0.0.1 -p 7777 -x | sed -e 's/ on [^ ]* */ on /'"
cleanup

2
test/results/test1 Normal file
View File

@ -0,0 +1,2 @@
shell up <none>
shell up <none>

4
test/results/test10 Normal file
View File

@ -0,0 +1,4 @@
console: shell is down
[Enter `^Ec?' for help]
[up -- attached]
[disconnect]

2
test/results/test11 Normal file
View File

@ -0,0 +1,2 @@
[Enter `tu?' for help]
[disconnect]

1
test/results/test12 Normal file
View File

@ -0,0 +1 @@
127.0.0.1

3
test/results/test13 Normal file
View File

@ -0,0 +1,3 @@
shellb on at Local
shella on at Local
shell on at Local

16
test/results/test2 Normal file
View File

@ -0,0 +1,16 @@
[Enter `^Ec?' for help]
[help]
. disconnect a attach read/write
b send broadcast message c toggle flow control
d down a console e change escape sequence
f force attach read/write g group info
i information dump L toggle logging on/off
l? break sequence list l0 send break per config file
l1-9 send specific break sequence o (re)open the tty and log file
p replay the last 60 lines r replay the last 20 lines
s spy read only u show host status
v show version info w who is on this console
x show console baud info z suspend the connection
<cr> ignore/abort command ? print this message
^R replay the last line \ooo send character by octal code
[disconnect]

9
test/results/test3 Normal file
View File

@ -0,0 +1,9 @@
[Enter `^Ec?' for help]
[halt list]
0 - 250ms, `\z'
1 - 250ms, `\z'
2 - 250ms, `\r~^b'
3 - 250ms, `#.'
4 - 600ms, `\r\d~\d^b'
5 - 250ms, `\rtest\r'
[disconnect]

3
test/results/test4 Normal file
View File

@ -0,0 +1,3 @@
[Enter `^Ec?' for help]
[line down]
[disconnect]

4
test/results/test5 Normal file
View File

@ -0,0 +1,4 @@
console: shell is down
[Enter `^Ec?' for help]
[up -- attached]
[disconnect]

3
test/results/test6 Normal file
View File

@ -0,0 +1,3 @@
shellb up <none>
shella up <none>
shell up <none>

16
test/results/test7 Normal file
View File

@ -0,0 +1,16 @@
[Enter `^Ec?' for help]
[help]
. disconnect a attach read/write
b send broadcast message c toggle flow control
d down a console e change escape sequence
f force attach read/write g group info
i information dump L toggle logging on/off
l? break sequence list l0 send break per config file
l1-9 send specific break sequence o (re)open the tty and log file
p replay the last 60 lines r replay the last 20 lines
s spy read only u show host status
v show version info w who is on this console
x show console baud info z suspend the connection
<cr> ignore/abort command ? print this message
^R replay the last line \ooo send character by octal code
[disconnect]

8
test/results/test8 Normal file
View File

@ -0,0 +1,8 @@
[Enter `^Ec?' for help]
[halt list]
0 - 250ms, `\z'
1 - 250ms, `\z'
2 - 250ms, `\r~^b'
3 - 250ms, `#.'
4 - 250ms, `hiya there\r'
[disconnect]

3
test/results/test9 Normal file
View File

@ -0,0 +1,3 @@
[Enter `^Ec?' for help]
[line down]
[disconnect]

29
test/test.cf Normal file
View File

@ -0,0 +1,29 @@
# test conserver config file
default full {
rw *;
}
default * {
logfile ./&;
timestamp "";
include full;
}
break 5 {
string "\rtest\r";
}
console shell {
master localhost;
logfile ./&.log;
timestamp 5;
type exec;
exec "";
}
console shell2 {
master localhost;
logfile ./shell2.log;
timestamp 2;
type exec;
exec "";
}
access * {
trusted 127.0.0.1;
}

0
test/test.passwd Normal file
View File

29
test/test1.cf Normal file
View File

@ -0,0 +1,29 @@
# test conserver config file
default full {
rw *;
}
default * {
logfile ./&;
timestamp "";
include full;
}
break 5 {
string "\rtest\r";
}
console shell {
master 127.0.0.1;
logfile ./&.log;
timestamp 5;
type exec;
exec "";
}
console shell2 {
master 127.0.0.1;
logfile ./shell2.log;
timestamp 2;
type exec;
exec "";
}
access * {
trusted 127.0.0.1;
}

35
test/test2.cf Normal file
View File

@ -0,0 +1,35 @@
# test conserver config file
default full {
rw *;
}
default * {
logfile ./&;
timestamp "";
include full;
}
break 4 {
string "hiya there\r";
}
console shell {
master 127.0.0.1;
logfile ./&.log;
timestamp 5;
type exec;
exec "";
}
console shella {
master 127.0.0.1;
logfile ./&.log;
timestamp 5;
type exec;
exec "";
}
console shellb {
master 127.0.0.1;
logfile ./&.log;
type exec;
exec "";
}
access * {
trusted 127.0.0.1;
}