Merge pull request #101 from abbra/increase-gss-buffers

Increase buffer size for GSSAPI exchanges

.cirrus.yml

@@ -0,0 +1,48 @@
+env:
+  CIRRUS_CLONE_DEPTH: 1
+
+freebsd_13_task:
+  freebsd_instance:
+    image_family: freebsd-13-3
+  install_script:
+    - pkg install -y autoconf automake
+    - ./package/setup-configure
+  basic_script: &basic
+    - "[ -f Makefile ] && make distclean"
+    - ./configure || { cat config.log; exit 1; }
+    - make
+    - make test
+  uds_script: &uds
+    - "[ -f Makefile ] && make distclean"
+    - ./configure --with-trust-uds-cred --with-uds || { cat config.log; exit 1; }
+    - make
+    - make test
+  pam_ssl_script: &pamssl
+    - "[ -f Makefile ] && make distclean"
+    - ./configure --with-pam --with-openssl || { cat config.log; exit 1; }
+    - make
+    - make test
+  gssapi_script: &gssapi
+    - "[ -f Makefile ] && make distclean"
+    - ./configure --with-gssapi || { cat config.log; exit 1; }
+    - make
+    - make test
+
+linux_gcc_task:
+  container:
+    image: gcc:latest
+  install_script:
+    - ./package/setup-configure
+  basic_script: *basic
+  uds_script: *uds
+  pam_ssl_script: *pamssl
+
+#macos_task:
+#  osx_instance:
+#    image: mojave-xcode-10.1
+#  install_script:
+#    - brew install autoconf automake
+#    - ./package/setup-configure
+#  basic_script: *basic
+#  uds_script: *uds
+#  pam_ssl_script: *pamssl

.gitignore

@@ -0,0 +1 @@
+*.[ch]~

FAQ

@@ -14,7 +14,11 @@ directed to faq@conserver.com.  The FAQ answers the following questions:
     6) What does "console: gethostbyname: console: host lookup error"
        mean (or something close to that)?
     7) How do I set up a serial port for no parity?
-   99) Ok, things just don't seem to work.  Help?!?
+    8) Is "Conserver" a Trademark or Registered Trademark?
+    9) When I connect to a console, it says it is down.  Why?
+   10) Is there a technical reason why --with-maxmemb's default is 16?
+       I've changed mine to 96.
+   99) OK, things just don't seem to work.  Help?!?
 
 
  1) What is conserver?
@@ -61,25 +65,88 @@ directed to faq@conserver.com.  The FAQ answers the following questions:
     When conserver was compiled, it was told to use the /etc/services
     entry of "conserver" (what came after getservbyname:).  You'll need
     to either recompile conserver and hard-code a port number (using
-    PORT instead of SERVICE in conserver/cons.h) or enter "conserver"
-    in /etc/services.
+    --with-port=<num>) or enter "conserver" in /etc/services.
 
  6) What does "console: gethostbyname: console: host lookup error"
     mean (or something close to that)?
 
     When the console command was compiled, it was told to use the
     hostname "console" (what came after gethostbyname:) as the master
-    conserver host.  You'll need to either recompile console with the
-    appropriate name of your conserver host or add an alias of "console".
-    In most cases, adding an alias is my suggestion.
+    conserver host.  You'll need to either reconfigure with the
+    appropriate name of your conserver host (--with-master=<name>) or
+    add an alias of "console".  In most cases, adding an alias is my
+    suggestion.
 
  7) How do I set up a local serial port for no parity?
 
-    The conserver.cf man page will have this in the 6.17 release,
-    but the answer is to use a 'p' after the baud rate.  So, '9600p'
-    is 9600 baud, no parity.
+    The manpage has the answer to this question.  For those that don't
+    want to read it, here are some guidelines.  For pre-7.2.2, you'd
+    want to use a 'p' after the baud rate ("9600p", for example).  For
+    7.2.2 thru 7.2.7, you can use an 'n'.  For 8.0.0 and beyond, you use
+    'parity none;'.
 
-99) Ok, things just don't seem to work.  Help?!?
+ 8) Is "Conserver" a trademark or registered trademark?
+
+    The best answer I can give is "not as far as I know".  A couple of
+    quick searches through the source code doesn't find any claim of a
+    trademark.  I've never done a registered trademark search, but if
+    it had been registered (by a previous author), I'm sure it would be
+    mentioned.  But I'm no lawyer and don't deal with these types of
+    things, so I'm not exactly sure what I'm taking about and my answer
+    becomes a very vague "not as far as I know".
+
+ 9) When I connect to a console, it says it is down.  Why?
+
+    There are multiple reasons why this might happen.  First, see if it's
+    just a remnant of some other temporary problem.  Try and bring the
+    console up by doing a '^Eco' from the client.  If that doesn't work,
+    there's a more serious problem which, hopefully, the conserver logfile
+    will explain.  Check the log for any permission problems, connection
+    refused messages, etc.  You might get more useful information in
+    the log by using the -v option or even by enabling debugging with
+    -D (ideally that shouldn't be necessary).  Depending on the type of
+    console, your system might be out of pseudo-terminals, another process
+    might have a terminal server port occupied (another console server or
+    telnet session), or there was an unseen typo in a path or hostname.
+    The logfile should show hints of things like this and other issues.
+
+10) Is there a technical reason why --with-maxmemb's default is 16?
+    I've changed mine to 96.
+
+    The following is an array of things you need to think about when
+    adjusting --with-maxmemb.  It's a bit long, but it's an important
+    question.
+
+    The big reason (and the main reason for conserver spawning multiple
+    processes) is the maximum number of open files a process can have.
+    Each console can have a few file descriptors associated with it
+    (device, logfile, connected users, and listening socket).  So, each
+    process will have about ( 2 * consoles + users + 1 ) open files
+    (--with-maxmemb sets the maximum number of consoles per process
+    in the equation).  Although most current operating systems allow a
+    large number of open files per process, the general assumption is
+    it's still pretty low.
+
+    You also have the speed of your conserver host vs the rates at which
+    data could be streaming to it.  Go back a decade and this was probably
+    more of an issue than today, but it's still something to think about.
+
+    And then you have the problem of delays.  If any of the 96 console
+    connections "lock up", it'll delay all activity on the 96 consoles.
+    With 16, there's less of an impact.  This can be an issue once the
+    server is up or during startup.  Also, with 16 consoles per process,
+    you get a bit more parallelization during startup.
+
+    So, is there any reason not to up the number to 96?  No.  Assuming you
+    know the risks and weigh things appropriately.  If I remember right,
+    I've upped the number to 48 at some sites.  But that was mainly to
+    reduce the memory footprint in older versions of the code which had
+    statically allocated buffers.  No need to worry about that with the
+    current code.  Personally, I wouldn't change from 16 unless there
+    was a really good reason (like wanting to only have one child process
+    for firewall rules or some such reason).
+
+99) OK, things just don't seem to work.  Help?!?
 
     Yes, this is a pretty vague question, but here are a few tips that
     might help.
@@ -117,7 +184,3 @@ directed to faq@conserver.com.  The FAQ answers the following questions:
     - Have you tried a search on the conserver site (it searches
       mailing list traffic as well) to see if someone else has gone
       through the same problem?
-
-#
-#  $Id: FAQ,v 1.5 2002-01-20 19:06:42-08 bryan Exp $
-#

INSTALL

@@ -1,5 +1,5 @@
-				INSTALL
-				=======
+                                INSTALL
+                                =======
 
 Upgrading?
 
@@ -10,34 +10,125 @@ Upgrading?
     new features added to the client if you're considering *not*
     upgrading.
 
+    Version 8.1.3
+	- The '^Ec;' sequence won't work correctly with 8.1.2 (where it
+	  was introduced).
+
+    Version 8.1.2
+	- The 'devicesubst' and 'execsubst' formats have changed from
+	  8.1.1.  It's fairly simple to update your config file to the
+	  new format...just check the conserver.cf manpage.  Sorry for
+	  having to change things, but it's for a good reason (I should
+	  have though ahead when designing the original format).
+
+    Version 8.1.0
+
+	- The client/server protocol has changed to better protect 8-bit
+	  data and to allow programs invoked with '^Ec|' not have to
+	  worry about accidentally sending the escape sequence to the
+	  server.  Though it will look like things are mostly
+	  backward-compatible, don't count on it and just upgrade.
+
+    Version 8.0.2
+
+	- I've added a '^Ec;' sequence to allow the client to signal the
+	  server as to when it's ready to see console data.  Without
+	  this, verbose consoles will prevent clients from attaching
+	  (the client sees unexpected data).  An 8.0.2 client should be
+	  compatible with an 8.0.1 server, but an 8.0.1 client is not
+	  compatible with an 8.0.2 server.
+
+    Version 8.0.1
+
+	- There's a slight client/server protocol change to implement
+	  the new 'initcmd' console option.  If you use this
+	  functionality with an 8.0.0 client, you'll run into a
+	  compatibility problem while the 'initcmd' command is running.
+
+    Version 8.0.0
+
+	- The client/server protocol has been rearchitected.  You *MUST*
+	  use an 8.0.0 client with an 8.0.0 server.  No combination of
+	  client/server will work with pre-8.0.0 code.
+
+	- Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires
+	  you to change your conserver.cf and conserver.passwd files
+	  because both of the file formats have changed.
+
+	  The conserver.cf file changes are so major that there is a
+	  convert program available in the conserver subdirectory.  Just
+	  run './conserver/convert <old-cf-file>' and it will attempt a
+	  conversion to the new format, sending it to stdout.  Any errors
+	  will be printed to stderr.  There are a couple of things
+	  you might need to adjust.  First are the user access lists.
+	  If you are restricting users to certain consoles in your old
+	  conserver.passwd file, you'll need to move those restrictions
+	  into the new conserver.cf file.  Restrictions are set with the
+	  'ro' and 'rw' tags in the configuration file.  Second are the
+	  'access' blocks.  What get produced by the convert program
+	  will be functionally equivalent to the old behavior, but you
+	  may be able to tune things to better suit your environment.
+
+	  The conserver.passwd file's console restrictions have moved,
+	  as described above.  So to convert the conserver.passwd file,
+	  all you really need to do is something like:
+
+		awk -F: '{print $1 ":" $2}' <old-passwd-file>
+
+	  If you have comments or continuation lines in your file,
+	  you'll have to do a bit more cleanup to strip out the third
+	  field (which is what the awk command is intending to do).
+
+	- Conserver no longer trusts reverse DNS information by default.
+	  If you use the --with-trustrevdns configure flag, you can
+	  re-enable the use of gethostbyaddr() [I don't recommended it,
+	  however].  If you are using domain names in access lists,
+	  you'll either need to change those to use hostnames and/or ip
+	  addresses/ranges or use the --with-trustrevdns flag.  For
+	  example, if you have (in the
+	  8.0.0 format):
+
+		allowed conserver.com;  # allow *.conserver.com
+
+	  then you'll need to worry about this change.  If you only use
+	  full hostnames, you shouldn't have to do anything.
+
+    Version 7.2.4
+
+        - If SSL support is compiled into the code, older versions of
+          the client and server are, by default, incompatible because
+          encrypted connections are a requirement.  Use of the -E flag in
+          the client and/or server can work around this (but I discourage
+          this - please upgrade the clients and servers instead).
+
     Version 7.2.0
 
-	- The code related to broadcast messages in the client (-b) has
-	  changed.  If you want the username to come across properly in
-	  the broadcast message, you'll need to make sure you upgrade
-	  to the 7.2.0 client.
+        - The code related to broadcast messages in the client (-b) has
+          changed.  If you want the username to come across properly in
+          the broadcast message, you'll need to make sure you upgrade
+          to the 7.2.0 client.
 
     Version 7.1.1
 
-	- Both conserver.passwd and conserver.cf file parsing behaves
-	  the same now.  Both use leading whitespace as a continuation
-	  line indicator - if you have leading whitespace on a line
-	  (aside from comments) you probably should remove it.
+        - Both conserver.passwd and conserver.cf file parsing behaves
+          the same now.  Both use leading whitespace as a continuation
+          line indicator - if you have leading whitespace on a line
+          (aside from comments) you probably should remove it.
 
     Version 7.1.0
 
-	- The client/server protocol has changed.  You *MUST* use a
-	  7.1.0 client with a 7.1.0 and above server.  A 7.1.0 client
-	  is *not* backward compatible with a pre-7.1.0 server.
+        - The client/server protocol has changed.  You *MUST* use a
+          7.1.0 client with a 7.1.0 and above server.  A 7.1.0 client
+          is *not* backward compatible with a pre-7.1.0 server.
 
-	- Some of the flags in the client (-d, -D, and -r) and server
-	  (-n) have been given new identities to make the client and
-	  server flags more uniform.
+        - Some of the flags in the client (-d, -D, and -r) and server
+          (-n) have been given new identities to make the client and
+          server flags more uniform.
 
-	- The conserver.passwd file now uses the first username match
-	  to determine access rights - if you have multiple instances
-	  of a username in an existing password file, they must be
-	  combined into one to continue to work.
+        - The conserver.passwd file now uses the first username match
+          to determine access rights - if you have multiple instances
+          of a username in an existing password file, they must be
+          combined into one to continue to work.
 
 
 Quickie Instructions
@@ -46,6 +137,10 @@ Quickie Instructions
 
     - Run './configure'
 
+    - Run 'make'
+
+    - Run 'make test'
+
     - If all is well, run 'make install'
 
     - Now set up config files, etc. (see below)
@@ -58,25 +153,54 @@ Detailed Instructions
       the defaults shown, you're set.  If not, here are the conserver
       unique options:
 
-	--with-port=PORT        Specify port number [conserver]
-	--with-base=PORT        Base port for secondary channel [0]
-	--with-master=MASTER    Specify master server hostname [console]
-	--with-cffile=CFFILE    Specify config filename [conserver.cf]
-	--with-pwdfile=PWDFILE  Specify password filename [conserver.passwd]
-	--with-logfile=LOGFILE  Specify log filename [/var/log/conserver]
-	--with-pidfile=PIDFILE  Specify PID filepath [/var/run/conserver.pid]
-	--with-maxmemb=MAXMEMB  Specify maximum consoles per process [16]
-	--with-timeout=TIMEOUT  Specify connect() timeout in seconds [10]
-	--with-libwrap[=PATH]   Compile in libwrap (tcp_wrappers) support
+        --with-port=PORT        Specify port number [conserver]
+        --with-base=PORT        Base port for secondary channel [0]
+        --with-master=MASTER    Specify master server hostname [console]
+        --with-ccffile=CFFILE   Specify client config filename
+                                [SYSCONFDIR/console.cf]
+        --with-cffile=CFFILE    Specify config filename [SYSCONFDIR/conserver.cf]
+        --with-pwdfile=PWDFILE  Specify password filename
+                                [SYSCONFDIR/conserver.passwd]
+        --with-logfile=LOGFILE  Specify log filename [/var/log/conserver]
+        --with-pidfile=PIDFILE  Specify PID filepath [/var/run/conserver.pid]
+        --with-maxmemb=MAXMEMB  Specify maximum consoles per process [16]
+        --with-timeout=TIMEOUT  Specify connect() timeout in seconds [10]
+        --with-trustrevdns      Trust reverse DNS information
+        --with-extmsgs          Produce extended messages
+        --with-rpath            Use -R as well as -L for libraries
+        --with-cycladests       (deprecated - noop) Build for a Cyclades TS
+        --with-uds[=DIR]        Use Unix domain sockets for client/server
+                                communication [/tmp/conserver]
+        --with-trust-uds-cred   Trust UDS credentials obtained via socket
+        --with-libwrap[=PATH]   Compile in libwrap (tcp_wrappers) support
+        --with-openssl[=PATH]   Compile in OpenSSL support
+        --with-req-server-cert  Require server SSL certificate by client
+        --with-gssapi[=PATH]    Compile in GSS-API support
+        --with-striprealm       retry username without @REALM with gss-api
+                                authentication
+        --with-freeipmi[=PATH]  Compile in FreeIPMI support
+        --with-dmalloc[=PATH]   Compile in dmalloc support
+        --with-pam              Enable PAM support
+        --with-ipv6             (experimental) Use IPv6 for client/server
+                                communication
 
       Not surprisingly, some match the old conserver/cons.h items...here
       they are for reference:
 
-	PORT or SERVICE		- Socket used to communicate
-	HOST			- Hostname of console server
-	CONFIG			- Config file path
-	PASSWD_FILE		- Password file path
-	MAXMEMB			- Number of consoles per child process
+        PORT or SERVICE         - Socket used to communicate
+        HOST                    - Hostname of console server
+        CONFIG                  - Config file path
+        PASSWD_FILE             - Password file path
+        MAXMEMB                 - Number of consoles per child process
+
+      A couple of notes.  First, --with-libwrap will add tcp_wrappers
+      lookups to all socket connections in the server.  --with-openssl
+      will add encryption between the client and server when you connect
+      to a console.  --with-uds will cause the client and server to use
+      unix domain sockets for their communication, eliminating the
+      tcp communication they normally do (which means --with-master and
+      --with-port are not used).  --with-dmalloc should only be used to
+      do memory allocation debugging and not used in production.
 
     - Run './configure'.  This will detect system specific
       information.  The --prefix option will redirect where things are
@@ -85,6 +209,11 @@ Detailed Instructions
 
     - Now run 'make'.  Hopefully things will compile.
 
+    - To test your binaries, run 'make test'.  If there are problems, it
+      should mean something is wrong, but check the output differences
+      to make sure it wasn't a temporary failure.  I tried to make the
+      tests generic, but I may have missed something.
+
     - Once things build, you can run 'make install'.
 
     - If you'd like to build the autologin application, you'll need to
@@ -95,35 +224,54 @@ Detailed Instructions
       configuration files and such.
 
       + Does your conserver master hostname exist?  This is the
-	hostname specified with the --with-master option.  By default
-	the hostname is "console", so make sure it's in DNS, hosts
-	files, or whatever.
+        hostname specified with the --with-master option.  By default
+        the hostname is "console", so make sure it's in DNS, hosts
+        files, or whatever.
 
       + If you used a symbolic name for the --with-port option (by
-	default it uses "conserver", so the answer would be yes),
-	you'll need to enter a definition in your services file
-	(directly, via NIS, or whatever).  Here's what we use:
+        default it uses "conserver", so the answer would be yes),
+        you'll need to enter a definition in your services file
+        (directly, via NIS, or whatever).  Here's what we use:
 
-	    console      782/tcp    conserver    # console server
+            console      782/tcp    conserver    # console server
 
-	If you used a number, you shouldn't have to worry about this
-	step.
+        If you used a number, you shouldn't have to worry about this
+        step.
 
       + Next, make sure conserver runs during boot.  The init script we
-	use under Solaris is installed in <PREFIX>/etc/conserver.rc.
-	Use that or some form of it for your own /etc/init.d script or
-	an entry in startup files (/etc/rc, /etc/rc.local, or
-	whatever).
+	use under Solaris is installed in
+	<DATADIR>/examples/conserver/conserver.rc.  Use that or some
+	form of it for your own /etc/init.d script or an entry in
+	startup files (/etc/rc, /etc/rc.local, or whatever).
 
       + Now for the fun stuff.  You need to create a conserver.cf and
-	conserver.passwd file.  Those are defined with the
-	--with-cffile and --with-pwdfile settings.  If you ever need to
-	know what values were compiled into conserver, run 'conserver
-	-V'.  See the conserver.cf/INSTALL file for instructions on
-	setup of these files.
+        conserver.passwd file.  Those are defined with the
+        --with-cffile and --with-pwdfile settings.  If you ever need to
+        know what values were compiled into conserver, run 'conserver
+        -V'.  See the conserver.cf/INSTALL file for instructions on
+        setup of these files.
 
     - That's it!  Just start up the console server and enjoy!
 
-#
-#  $Id: INSTALL,v 1.21 2002-03-12 00:19:25-08 bryan Exp $
-#
+
+Other Information And Gotchas
+
+    - Potential GCC bug
+
+        Adam Morris <AMorris@providence.org> reported a problem with
+        the following line in console/console.c:
+
+            if ((in_addr_t) (-1) == pPort->sin_addr.s_addr) {
+
+        This tickles a GCC bug under HP-UX 11.11 using GCC 3.0.2 in
+        64-bit mode with optimization enabled (-O).  The bug could
+        possibly be provoked in other combinations as well.  His fix is
+        to change the line to:
+
+            if ((in_addr_t) (-1) == inet_addr(pcToHost)) {
+
+        It's also reported that newer versions of the compiler fix the
+        issue, so if you happen to have problems with the client
+        connecting to servers, you might be tickling this bug and you
+        can upgrade the compiler, turn off the optimization, or apply
+        this code change.

LICENSE

@@ -1,115 +1,29 @@
-Since this piece of software has had many contiributors, there is a
-"chain" of licensing information embedded in the files.  I've copied
-what I could find here so that it's easy to reference.  The entire
-bundle of software is guided by these licensing statements.
-
-----------------------------------------------------------------------------
+BSD 3-Clause License
 
 Copyright (c) 2000, conserver.com
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
+modification, are permitted provided that the following conditions are met:
 
-  - Redistributions of source code must retain the above copyright notice,
-    this list of conditions and the following disclaimer.
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
 
-  - Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in the
-    documentation and/or other materials provided with the
-    distribution.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
 
-  - Neither the name of conserver.com nor the names of its contributors
-    may be used to endorse or promote products derived from this
-    software without specific prior written permission.
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-----------------------------------------------------------------------------
-
-Copyright (c) 1998, GNAC, Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-  - Redistributions of source code must retain the above copyright notice,
-    this list of conditions and the following disclaimer.
-
-  - Redistributions in binary form must reproduce the above copyright
-    notice, this list of conditions and the following disclaimer in the
-    documentation and/or other materials provided with the
-    distribution.
-
-  - Neither the name of GNAC, Inc. nor the names of its contributors
-    may be used to endorse or promote products derived from this
-    software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-----------------------------------------------------------------------------
-
-Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
-47907.  All rights reserved.
-
-This software is not subject to any license of the American Telephone
-and Telegraph Company or the Regents of the University of California.
-
-Permission is granted to anyone to use this software for any purpose on
-any computer system, and to alter it and redistribute it freely, subject
-to the following restrictions:
-
-1. Neither the authors nor Purdue University are responsible for any
-   consequences of the use of this software.
-
-2. The origin of this software must not be misrepresented, either by
-   explicit claim or by omission.  Credit to the authors and Purdue
-   University must appear in documentation and sources.
-
-3. Altered versions must be plainly marked as such, and must not be
-   misrepresented as being the original software.
-
-4. This notice may not be removed or altered.
-
-----------------------------------------------------------------------------
-
-Copyright (c) 1990 The Ohio State University.
-All rights reserved.
-
-Redistribution and use in source and binary forms are permitted
-provided that: (1) source distributions retain this entire copyright
-notice and comment, and (2) distributions including binaries display
-the following acknowledgement:  ``This product includes software
-developed by The Ohio State University and its contributors''
-in the documentation or other materials provided with the distribution
-and in all advertising materials mentioning features or use of this
-software. Neither the name of the University nor the names of its
-contributors may be used to endorse or promote products derived
-from this software without specific prior written permission.
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-----------------------------------------------------------------------------
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LICENSES

@@ -0,0 +1,115 @@
+Since this piece of software has had many contiributors, there is a
+"chain" of licensing information embedded in the files.  I've copied
+what I could find here so that it's easy to reference.  The entire
+bundle of software is guided by these licensing statements.
+
+----------------------------------------------------------------------------
+
+Copyright (c) 2000, conserver.com
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  - Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+  - Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the
+    distribution.
+
+  - Neither the name of conserver.com nor the names of its contributors
+    may be used to endorse or promote products derived from this
+    software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+----------------------------------------------------------------------------
+
+Copyright (c) 1998, GNAC, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+  - Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+  - Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the
+    distribution.
+
+  - Neither the name of GNAC, Inc. nor the names of its contributors
+    may be used to endorse or promote products derived from this
+    software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+----------------------------------------------------------------------------
+
+Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
+47907.  All rights reserved.
+
+This software is not subject to any license of the American Telephone
+and Telegraph Company or the Regents of the University of California.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it freely, subject
+to the following restrictions:
+
+1. Neither the authors nor Purdue University are responsible for any
+   consequences of the use of this software.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission.  Credit to the authors and Purdue
+   University must appear in documentation and sources.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+4. This notice may not be removed or altered.
+
+----------------------------------------------------------------------------
+
+Copyright (c) 1990 The Ohio State University.
+All rights reserved.
+
+Redistribution and use in source and binary forms are permitted
+provided that: (1) source distributions retain this entire copyright
+notice and comment, and (2) distributions including binaries display
+the following acknowledgement:  ``This product includes software
+developed by The Ohio State University and its contributors''
+in the documentation or other materials provided with the distribution
+and in all advertising materials mentioning features or use of this
+software. Neither the name of the University nor the names of its
+contributors may be used to endorse or promote products derived
+from this software without specific prior written permission.
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+----------------------------------------------------------------------------

LICENSES.md

@@ -0,0 +1,104 @@
+License Clarification
+=====================
+
+The licenses attached to this software ([LICENSES](LICENSES)) are supposed
+to paint a simple concept: that this software was built for the open source
+community and they result in a license compatible with [LICENSE](LICENSE).
+
+Unfortunately, the real world steps in and troubles can arise.  This note
+has been moved over from the [INSTALL](INSTALL) file:
+
+    The Debian folks have conserver distributed with the package
+    names of conserver-client and conserver-server.  They are in
+    the distribution "sid" and the "non-free" part (because the
+    Ohio State license doesn't explicitly allow for modification to
+    the code, even though it's totally implied and the intention of
+    the author - I've even got proof in email!  Oh well, can't
+    blame the Debian folks for being cautious - they've been burned
+    before, apparently).
+
+Here's a copy of the message I exchanged with Thomas A. Fine (original
+author at OSU) in 2001 that is referenced above:
+
+    Date: Wed, 27 Jun 2001 19:47:18 -0400 (EDT)
+    To: bryan@conserver.com
+    From: "Thomas A. Fine" <fine@head-cfa.harvard.edu>
+    Subject: Re: A conserver license question...
+    
+    > Hi Tom,
+    > 
+    > I had a little "problem" crop up that I was hoping you could help me
+    > with.  A guy out in net-land is trying to put a debian package together
+    > of the code I've been releasing (based on your original work) and they
+    > don't like part of the Ohio State license.  I've attached the message
+    > below.
+    > 
+    > I'm not sure what can be done.  One thought was a message from you that
+    > I could put with the code stating that modifications are ok would
+    > work.  Or maybe just modifying the original license statement.  Heck, I
+    > don't even know if either are 100% legal.  Maybe I need to talk to
+    > someone at Ohio State.
+    > 
+    > Well, if you have any ideas or suggestions, please let me know.  Don't
+    > know if I ever got a chance to thank you for the great stuff you
+    > started!  Thank you!  ;-)
+    
+    Well, if I knew then what I know now, I would have copyrighted it
+    under my own name, and not under OSU, and then I could change it.
+    Since I don't work there anymore, strictly speaking, I can't change
+    it.
+    
+    However, IMHO, this license allows modifications, without explicitly
+    stating it.  I can state without a doubt that this was my intention
+    at the time (and hence, OSU's intention, since I put in the copyright
+    while working for OSU).
+    
+    But also, since it allows use of the source, and since the statement
+    required for inclusion says "includes software ..." it seems pretty
+    clear that modification was both allowed and expected.  You can't
+    really use sources if you aren't changing them, and you certainly
+    can't include this software in some other product without making
+    modifications.
+    
+    As I recall, I more or less used the copyright that Berkeley was using
+    back then for there BSD-related software, so I'm surprised there's a
+    problem with it.
+    
+    I have to point out that version 1.2, available at
+    http://hea-www.harvard.edu/~fine/Tech/cs1.2/
+    is distributed entirely without copyright notices.  Interesting, no?
+    So I guess I could add a copyright notice to that.  But would I then
+    be violating the OSU copyright that I wrote for 1.1?  Since it is
+    a different version, I could probably write a new copyright notice 
+    and license and be free and clear.
+    
+    There's also Purdue's versions of the software.  It's mentioned on my
+    console server web page at
+    http://hea-www.harvard.edu/~fine/Tech/console-server.html
+    
+    So, pass this on to the people you're working with and let me know how
+    you want to proceed.
+    
+    	 tom
+
+In addition, a post to the Conserver Users mailing list in May 2020 contained:
+
+    From: Paul Wise via users <users@conserver.com>
+    To: users@conserver.com
+    Subject: Re: license change?
+    Date: Mon, 25 May 2020 12:42:28 +0800
+    
+    On Thu, 2019-07-04 at 10:20 +0200, Bryan Stansell via users wrote:
+    > So, it's more the lack of explicitly stating the code can be
+    > modified.
+    
+    Since then I talked to one of RedHat's lawyers and they mentioned that
+    they have dealt with this problem too and also concluded that these
+    licenses were intended to cover modification. The current wording of
+    the initial part of the BSD license reflects an attempt to correct an
+    earlier mistake (i.e. someone pointed out the error and Berkeley added
+    "with or without modification"). Also the anti-endorsement clause
+    implies a right to modify.
+
+Hopefully corporations (or, I suppose, their lawyers) will be happy with the
+explanation above and become comfortable with the stated license.

Makefile.in

@@ -1,4 +1,5 @@
 ### Path settings
+datarootdir = @datarootdir@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 bindir = @bindir@
@@ -25,6 +26,15 @@ autologin:
 autologin.install:
 	( cd autologin && $(MAKE) install $(MAKE_FLAGS) ) || exit 1;
 
+chat:
+	( cd contrib/chat && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1;
+
+chat.install:
+	( cd contrib/chat && $(MAKE) install $(MAKE_FLAGS) ) || exit 1;
+
+test:
+	( cd test && ./dotest ) || exit 1
+
 install:
 	for n in $(SUBDIRS); do \
 		( cd $$n && $(MAKE) $@ $(MAKE_FLAGS) ) || exit 1; \
@@ -41,4 +51,4 @@ distclean:
 	done
 	rm -f config.cache config.log config.status config.h Makefile
 
-.PHONY: autologin autologin.install clean distclean install all
+.PHONY: autologin autologin.install clean distclean install all test

PROTOCOL

@@ -0,0 +1,302 @@
+			   Conserver Protocol
+			   ==================
+
+
+What Is This?
+-------------
+
+The following is an attempt to describe the client/server protocol used
+between the server (conserver) and the client (console).  This document
+bases its information on conserver version 8.1.4, as it's the release
+currently available.  If there are changes to the client/server
+protocol, the INSTALL file should reference them and, ideally, this
+document will be updated.
+
+The information is looked at from the point of the server, since it's
+the server that controls all information and triggers actions on the
+client (like a suspend).  The client's perspective should be obvious
+from this information.
+
+
+SSL
+---
+
+The client and server can negotiate an SSL connection.  As far as the
+code is concerned, the SSL "layer" is transparent.  Data is sent and
+received just as if it was unencrypted.  Therefore, aside bringing up
+the SSL connection, the SSL bits are unimportant from a protocol
+standpoint.  The client and server still send and receive the same
+information - it just happens to be encrypted to everyone else.
+
+
+"On-The-Wire" Data
+------------------
+
+The low-level, "on-the-wire" data is encapsulated similar to the telnet
+protocol.  All data is sent "as-is" with the exception of 0xFF.  0xFF is
+used as a "command character" and both the client and server expect to
+see a predefined option after it.  The possible options are: 0xFF, 'E',
+'G', 'Z', and '.'.
+
+The 0xFF option says to use the literal character 0xFF.  So, if there is
+a 0xFF character in the data stream to be sent, the code will send two
+0xFF characters (it's similar to using '\\' in C strings to embed a
+'\').
+
+The other options are used in various contexts, which will be described
+in detail below.
+
+
+Life As A Server
+----------------
+
+There are three different interfaces presented to clients by the server.
+I'm going to name the three modes "master", "group", and "console".  The
+first two are line-based, and the third is character-based.
+
+To understand the differences, I must outline how conserver manages
+consoles.  When conserver starts, it reads the configuration file,
+listens on the master socket, and, for each group of consoles it must
+manage (where the group size is set by -m), it forks off a copy of
+itself.  Those child processes are what actually connect to the consoles
+and they each listen on a new socket for client connections.  So, you
+end up with a parent process (that knows about all consoles) that
+manages the child processes (that know only about consoles it manages),
+and everyone is listening on an individual socket for connections from
+clients.
+
+The parent process interacts with clients in "master" mode.  That mode
+expects line-based commands and responds similarly.  Because it's the
+master, it understands a certain set of commands that are different than
+in "group" mode.
+
+The child processes interact with clients in "group" mode first, and
+negotiate a change to "console" mode when a client requests a connection
+to a specific console.
+
+
+"master" Mode
+-------------
+
+When parent process gets a connection from a client, it either sends an
+"ok" string to signal it's ready or an error message (like "access from
+your host is refused") and the connection is dropped.  At this point,
+there are a small number of commands recognized by the server, since
+most are restricted to "logged in" clients.  Here's the list of
+available commands:
+
+    exit   disconnect
+    help   this help message
+    login  log in
+    ssl    start ssl session
+
+An "exit" is sent a "goodbye" response and the connection is dropped.  A
+"help" is sent the list above.  A "ssl" is sent an "ok" response and
+then the server expects the client to negotiate an ssl connection.  A
+"login" requires one argument (the username) and is either sent an "ok",
+meaning the client is logged in, or a "passwd?" followed by the local
+hostname, asking for the user's password, which it expects next.  If the
+client sends a valid password, an "ok" is sent, otherwise an error
+message and the connection is dropped.
+
+Upon successful login, the commands available are:
+
+    call      provide port for given console
+    exit      disconnect
+    groups    provide ports for group leaders
+    help      this help message
+    master    provide a list of master servers
+    newlogs*  close and open all logfiles (SIGUSR2)
+    pid       provide pid of master process
+    quit*     terminate conserver (SIGTERM)
+    restart*  restart conserver (SIGHUP) - deprecated
+    reconfig* reread config file (SIGHUP)
+    version   provide version info for server
+    up*       bring up all downed consoles (SIGUSR1)
+    * = requires admin privileges
+
+"exit" and "help" are the same as before the client logged login.
+
+The "call" command expects one argument, the console name to connect to.
+The server will respond with either a port number (if it's a locally
+managed console), an "@hostname" where hostname is the name of the
+remote conserver host managing the console (if it's a remotely managed
+console), or an error message (possibly multi-line).  The client is not
+disconnected, whatever the response.
+
+The "groups" command responds with a colon-separated list of port
+numbers, which correspond to each of the child processes running on the
+local host.  The client is not disconnected.
+
+The "master" command responds with a colon-separated list of "@hostname"
+names.  The list includes any hosts (including the possibility of the
+local host) which have locally managed consoles.  The client is not
+disconnected.
+
+The "newlogs" command reopens all logfiles used by conserver, assuming
+the user has administrative access.  It responds with a message starting
+with "ok" if successful and an error message otherwise (like
+"unauthorized command").  The client is disconnected if it's successful.
+
+The "pid" command responds with the pid of the master process (in this
+case, the one the client is talking to).  The client is not
+disconnected.
+
+The "quit" command will shut down conserver, assuming the user has
+administrative access.  It responds with a message starting with "ok" if
+successful and an error message otherwise (like "unauthorized command").
+The client is disconnected if it's successful.
+
+The "restart" command has been deprecated.  You should use "reconfig".
+
+The "reconfig" command will cause conserver to reread the configuration
+file and apply any changes, assuming the user has administrative access.
+It responds with a message starting with "ok" if successful and an error
+message otherwise (like "unauthorized command").  The client is not
+disconnected.
+
+The "version" command responds with the version string.  The client is
+not disconnected.
+
+The "up" command tries to "bring up" all disconnected consoles, assuming
+the user has administrative access.  It responds with a message starting
+with "ok" if successful and an error message otherwise (like
+"unauthorized command").  The client is disconnected if it's successful.
+
+
+"group" Mode
+------------
+
+When a child process gets a connection from a client, it either sends an
+"ok" string to signal it's ready or an error message (like "access from
+your host is refused") and the connection is dropped.  At this point,
+"group" mode acts just like "master" mode.  Once the client successfully
+logs in, however, "group" mode has the recognizes the following
+commands:
+
+    broadcast    send broadcast message
+    call         connect to given console
+    disconnect*  disconnect the given user(s)
+    examine      examine port and baud rates
+    exit         disconnect
+    group        show users in this group
+    help         this help message
+    hosts        show host status and user
+    info         show console information
+    textmsg      send a text message
+    * = requires admin privileges
+
+The "exit" and "help" commands are like the others documented above.
+
+The "broadcast" command expects a text string of the message to be sent
+to all users connected to this process.  An "ok" is sent as a response.
+
+The "call" command expects one argument, the console name to connect to,
+just like in "master" mode.  The difference here is that this requests
+the server to attach the client to the console and go into "console"
+mode.  If the attachment is successful, the response will begin with a
+'[' character.  If not, an error message is returned.  The success
+responses are:
+
+    [console is read-only]	 - console is read only
+    [read-only -- initializing]	 - console is initializing, and
+				   read-only for the time being
+    [line to console is down]	 - console is down
+    [attached]			 - attached read-write
+    [spy]			 - attached read-only
+
+
+The "disconnect" command expects an argument of the form "user@console"
+where either the "user" or "@console" part may be omitted.  Upon
+success, a response of the form "ok -- disconnected X users" is sent,
+where X is the number of users disconnected.  If a user is unauthorized
+or some other problem occurs, an error message (like "unauthorized
+command") is sent.
+
+The "examine" command returns a list of console information of the form
+that 'console -x' shows.
+
+The "group" command returns a list of console information of the form
+that 'console -w' shows.
+
+The "hosts" command returns a list of console information of the form
+that 'console -u' shows.
+
+The "info" command returns a list of console information of the form
+that 'console -i' shows.
+
+The "textmsg" command expects two arguments, the first being the
+recipient of the message in the form "user@console" (again, where the
+"user" or "@console" portion may be omitted) and the second being the
+string, like the "broadcast" command.  The server returns "ok".
+
+
+"console" Mode
+--------------
+
+As mentioned above, "console" mode is obtained by using the "call"
+command when connected to a child processes operating in "group" mode.
+
+"console" mode should look very familiar to a user of conserver, as it's
+what the user interacts with when connected to a console.  There's
+really nothings special here.  Each character received from the client
+is compared to the escape sequence, and if it matches, an action occurs
+on the server side.  If it doesn't match the escape sequence, the data
+is sent on to the console.  All data received from the console is sent
+to the client(s).  Of course, there are certain exceptions to these
+rules, based on the state of the console and the state of the client.
+And, certain escape sequences cause special behaviors to occur.
+
+Most escape sequences cause the server to send information back to the
+user.  Stuff like "^Ecw", "^Eci", and "^Ecu" are examples.  The escape
+sequence is absorbed by the server, the server sends the client a
+variety of information, and things continue as before.
+
+The more "interesting" escape sequences are the following.
+
+"^Ec;"  The server sends a 0xFF,'G' command sequence to the client, to
+	signal a wish to move to a new console.  The client then gets
+	put into the same state as the "^Ecz" sequence (paused), which
+	gives the client a chance to either resume the connection or
+	disconnect.
+
+"^Ec|"  The server sends a 0xFF,'E' command sequence to the client, to
+	signal a wish to have the client program interact with a
+	program, as opposed to the user.  The server discards all data
+	until it receives one of the following command sequences from
+	the client:
+
+	    0xFF,'E'	Signals successful redirection of interaction to
+			a program.  The server then responds with "[rw]"
+			or "[ro]" to tell the client whether or not they
+			have read-write access.  If not, the client
+			should abort the program and send the abort
+			command sequence below, as other data received by
+			the server will just get dropped.
+
+	    0xFF,'.'	Abort the operation.  The server assumes the
+			redirection didn't happen and returns the client
+			to it's normal mode.
+
+	The server keeps the client in the "redirected" state until it
+	receives a 0xFF,'.' command sequence from the client (which
+	usually occurs when the client command terminates).
+
+	If the client is "bumped" from read-write to read-only by
+	another user, the server will send the client a 0xFF,'.' command
+	sequence to tell it to abort the redirection and return control
+	back to the user.
+
+"^Ecz"  The server sends a 0xFF,'Z' command sequence to the client, to
+	signal a wish to suspend to client process.  The client is then
+	put into a "paused" state where it receives no more data from
+	the server.  When the client is ready to resume receiving data,
+	it sends a character of data to the server, at which point the
+	server discards the character and sends back a status message of
+	the form " -- MSG]".  The current set of possible messages are:
+
+	    " -- line down]"
+	    " -- read-only]"
+	    " -- attached (nologging)]"
+	    " -- attached]"
+	    " -- spy mode]"

README

@@ -1,49 +0,0 @@
-				README
-				======
-
-
-Maintainer/Enhancer
-
-    Bryan Stansell (bryan@conserver.com)
-
-
-Documentation
-
-    See the INSTALL file for installation, the conserver.html file for
-    an overview, and the man pages for specifics.
-
-
-Downloading
-
-    The latest version can be found at http://www.conserver.com/
-
-
-Postcard
-
-    I always like to hear from people who use conserver - it's exciting
-    to see how many people all over the world are using the package.
-    If you'd like to give me a real thrill, send me a postcard of your
-    site, town, or area!  Even if you're right around the corner, it
-    would be a blast to hear from you.
-
-	    Bryan Stansell
-	    P.O. Box 984
-	    Redwood City, CA 94064-0984
-	    USA
-
-
-Contributions
-
-    Contributions distributed with the code can be found in the contrib
-    subdirectory.  Other tools that complement conserver are listed
-    below.
-
-    Zinc
-    ----
-    According to the website, Zinc is a console log output management
-    program.  For more information, visit the website at:
-    http://www.columbia.edu/acis/sy/unixdev/zinc
-
-#
-#  $Id: README,v 1.19 2002-02-16 17:31:44-08 bryan Exp $
-#

README.md

@@ -0,0 +1,35 @@
+Conserver
+=========
+
+[![Build Status](https://api.cirrus-ci.com/github/bstansell/conserver.svg)](https://cirrus-ci.com/github/bstansell/conserver)
+
+Conserver is an application that allows multiple users to watch a
+serial console at the same time. It can log the data, allows users to
+take write-access of a console (one at a time), and has a variety of
+bells and whistles to accentuate that basic functionality. The idea is
+that conserver will log all your serial traffic so you can go back and
+review why something crashed, look at changes (if done on the console),
+or tie the console logs into a monitoring system (just watch the
+logfiles it creates).  With multi-user capabilities you can work on
+equipment with others, mentor, train, etc. It also does all that
+client-server stuff so that, assuming you have a network connection,
+you can interact with any of the equipment from home or wherever.
+
+
+Documentation
+-------------
+
+See the `INSTALL` file for installation and the man pages for specifics.
+
+
+Downloading
+-----------
+
+The latest version can be found on [GitHub](https://github.com/bstansell/conserver/releases).
+
+
+Contributions
+-------------
+
+Contributions distributed with the code can be found in the `contrib`
+subdirectory.

TODO

@@ -10,69 +10,57 @@ Bryan Stansell
 
 ---------------------------------------------------------------------------
 
-- Singular logging so that swatch/logsurfer can watch for errors across
-  the board - unloved output comes close
-
 - Telnet protocol should be improved
-    - Not even RFC 854 compliant
-    - Option negotiation ignored - should we negotiate anything?
+    - Not even RFC 854 compliant...or maybe it is (as of 8.1.0)
+    - Option negotiation semi-ignored - should we negotiate anything more?
     - Others?
 
-- better shadow file support
-
-- PAM support
-
 - syslog?
     Daniel E. Singer <des@cs.duke.edu> would like to see it - especially
     in regards to --use-libwrap code
 
 - alternate (md5) password encryption support in conserver.passwd
+    - actually happens if the crypt() call supports it, like under linux
+    - hpux has bigcrypt() also, which we support, so maybe we're covered
 
 - config file examples for various configurations
+    - sample conserver.cf has some...but it's not explained well
 
 - per-line timestamps
     - only when not connected?
 
-- flow control configuration (hardcoded on, i think)
-
 - pipe input/output (console <-> program) via 'console'
     - some apps (net-ups thing, gdb) might need to talk to user
-
-- group permissions (better user management in general)
-
-- 64-bit compilation support (have a patch set contributed, somewhere, i think)
+    - ^Ec| does this, but the interact with user bits might not work
+    - actually, ^Ec| does work right with 8.1.0...one change that might
+      be nice is the ability to NOT watch the i/o pass to the local
+      command - try sending a big file to the local host with xmodem.
 
 - autologout?  setting per console?  gack, would have to interpret data.
+    - this will never happen...i don't want to interpret data
 
 - "listen" capability (watch all/multiple consoles)
 
-- break sequences - need .5 second delays (or delays in general?)
-
-- aliases for console entries
+- send data to multiple consoles (carbon copy) -
+    Steve Lammert <slammert@panasas.com>
 
 - authentication to terminal servers (ssh, passphrase, whatever)
-
-- "not" or "except" in passwd file (!console).
-
-- multi-homed/multi-ip hosts not supported well
-    - other names/ip addrs not detected as local, necessarily
-    - acls don't look at aliases properly
-    - the whole thing needs some serious help
+    - ssh should probably just be handled by invoking the ssh command.
+      so, that's really already covered, no?
+    - passphrase...hmmm..could really use some sort of send/expect
+      thing here.  you could write a wrapper script of sorts, but it
+      really would be nice to have a raw socket and do the right thing.
+    - this does work, using the 'initcmd' option, so, all done?
 
 - cyclades ts1000/2000 port : "Moses, Joel" <jmoses@deloitte.com>
 
-- config file for client (list of masters, for example)
-
 - strftime() idea for logfile names : Lars Kellogg-Stedman <lars@larsshack.org>
 
 - 9600baud log replay?
 
-- SSH/SSL/Encryption of some type between client/server
-
 - server -M flag should accept multiple addresses (comma separated)
     - should client as well?
-
-- logfile rotation based on size
+    - this may never happen...does anyone really need it?
 
 - automatic log rotation in general : Egan Ford <egan@us.ibm.com>
 
@@ -83,21 +71,38 @@ Bryan Stansell
 
 - suggestions by Trevor Fiatal <trevor@seven.com>
     - include server hostname on 'console -x' output
-    - non-interactively be able to
-	- disconnect a single user-to-port session
-	- disconnect all sessions to a given port
-	- disconnect all sessions registered to a particular user
-    - non-interactively be able to send messages to
-	- all sessions open by a particular user
-	  console -t user "Time to go home."
-	- a particular user-session
-	  console -t user@managed-host "Please disconnect from this host."
-	- all users on a given host
-	  console -t @managed-host "I am taking over this host."
+	- i think the -i output covers it, but maybe not
 
-- support 2 stop bits (as well as other stty-type options in console
-  definitions) : Kelly Setzer <setzer@placemark.com>
+- ability to configure strings to be sent to a console periodically :
+  Greg A. Woods <woods@planix.com>
 
-#
-#  $Id: TODO,v 1.22 2002-03-11 18:11:48-08 bryan Exp $
-#
+- show attach/detach events to/of spy console clients : Greg A. Woods
+  <woods@planix.com>
+
+- redefine client escape sequence in conserver.cf : Toby Gerhart
+  <toby.gerhart@eds.com>
+    - not even sure if this is possible w/o confusing the client,
+      but maybe with the new 8.1.0 client-server protocol, we can!
+
+- log rotation by date : Tom Pachla <tom.pachla@nlc-bnc.ca>
+
+- strict file permission checks on conserver.passwd/conserver.cf : Erik
+  Sjolund <erik.sjolund@sbc.su.se>
+
+- netgroup support?  : Nikolaos Papavassiliou
+  <Nikolaos.Papavassiliou@reuters.com> and Phil Dibowitz <phil@usc.edu>
+
+- send sequences to console on client connect? (to repaint screen,
+  for example) : John Cagle <jcagle@gmail.com>
+
+- uucp locks : Sebastian Zagrodzki <sebek@heron.net.icm.edu.pl>
+
+- support more than 9 break sequences : Danish Mirza <Danish@lehman.com>
+  thought it was easy, but adding more than could break things with
+  current encoding.  doable, will have to think harder about it.
+
+- reintroduce console grouping : Martin Turba
+  <martin.turba@igd.fraunhofer.de>
+
+- quick-recheck of down consoles (for uds) and possibly only log state
+  changes (instead of each try) : DJ Gregor <dj@gregor.com>

_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-cayman

acconfig.h

@@ -1,59 +0,0 @@
-/*
- * ./configure invocation
- */
-#undef CONFIGINVOCATION
-
-/*
- * Socket used to communicate
- */
-#undef DEFPORT
-
-/*
- * Base socket used for secondary channel
- */
-#undef DEFBASEPORT
-
-/*
- * Hostname of console server
- */
-#undef MASTERHOST
-
-/*
- * Config file path
- */
-#undef CONFIGFILE
-
-/*
- * Password file path
- */
-#undef PASSWDFILE
-
-/*
- * Logfile path
- */
-#undef LOGFILEPATH
-
-/*
- * Number of consoles per child process
- */
-#undef MAXMEMB
-
-/*
- * TCP connection timeout
- */
-#undef CONNECTTIMEOUT
-
-/*
- * pidfile to write to
- */
-#undef PIDFILE
-
-/*
- * use tcp_wrappers libwrap
- */
-#undef USE_LIBWRAP
-
-/*
- * use ansi prototypes/decls
- */
-#undef USE_ANSI_PROTO

autologin/INSTALL.old

@@ -1,5 +1,3 @@
-# $Id: INSTALL,v 1.3 94/07/11 12:38:19 ksb Exp $
-
 To install this program you need root access and access to the physical
 console of the machine (either through the console server or via the physical
 world).

autologin/Makefile.in

@@ -1,4 +1,5 @@
 ### Path settings
+datarootdir = @datarootdir@
 srcdir = @srcdir@
 top_srcdir = @top_srcdir@
 prefix = @prefix@
@@ -31,6 +32,8 @@ ALL = autologin
 
 all: $(ALL)
 
+$(AUTOLOGIN_OBJS): $(AUTOLOGIN_HDRS)
+
 autologin: $(AUTOLOGIN_OBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o autologin $(AUTOLOGIN_OBJS) $(LIBS)
 
@@ -43,7 +46,7 @@ clean:
 distclean: clean
 	rm -f Makefile
 
-install:
+install: autologin
 	$(MKDIR) $(DESTDIR)$(bindir)
 	$(INSTALL_PROGRAM) autologin $(DESTDIR)$(bindir)
 

autologin/README

@@ -1,16 +1,17 @@
 
-I have not touched the autologin directory.  See the README.old and
-INSTALL.old files if you interested in the program.  I cannot guarantee
-it will compile, install, or run.  It is definately not integrated with
-../Makefile or any of the porting support.  If you have patches that
-make it work, please send them to me and I'll be more than happy to
-incorporate them.
+This file used to say "I have not touched the autologin directory."
+That's no longer true.  I've applied patches submitted by the user
+community (see the CHANGES file for details).  I still cannot guarantee
+anything, but it sounds like at least one person out there is
+successfully using the code.  And now for my original hand-waving...
+
+See the README.old and INSTALL.old files if you interested in the
+program.  I cannot guarantee it will compile, install, or run.  It is
+definately not integrated with ../Makefile or any of the porting
+support.  If you have patches that make it work, please send them to me
+and I'll be more than happy to incorporate them.
 
 No one I've ever talked to found a need for something like autologin.
 Good luck.
 
 Bryan Stansell
-
-#
-#  $Id: README,v 1.1 1999-01-21 22:59:40-08 bryan Exp $
-#

autologin/README.old

@@ -1,5 +1,3 @@
-# $Id: README,v 1.3 93/04/21 16:13:37 ksb Exp $
-
 This program can be used to put a root shell on the console at boot time.
 See the manual page.
 

autologin/autologin.c

@@ -19,6 +19,29 @@
 #include <grp.h>
 #include <pwd.h>
 #include <utmp.h>
+#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
+
+/*
+ * There is no official registry of non-vendor audit event numbers,
+ * but the following should be OK.
+ *
+ * You need to add a line by hand to /etc/security/audit_event to make
+ * praudit(1) look pretty:
+ *
+ *  32900:AUE_autologin:autologin:lo
+ *
+ * If you have to change the value for AUE_autologin, you'll also need
+ * to change the /etc/security/audit_event line.
+ */
+
+# define	AUE_autologin			32900
+
+# include <sys/unistd.h>
+# include <netdb.h>
+# include <bsm/audit.h>
+# include <bsm/libbsm.h>
+# include <libintl.h>
+#endif
 
 #include <compat.h>
 
@@ -45,12 +68,9 @@
  * Global variables
  */
 
-#ifndef	lint
-char	*rcsid = "$Id: autologin.c,v 1.22 93/09/04 21:48:41 ksb Exp $";
-#endif	/* not lint */
-extern char	*progname;
-gid_t	 awGrps[NGROUPS_MAX];
-int	 iGrps = 0;
+extern char *progname;
+gid_t awGrps[NGROUPS_MAX];
+int iGrps = 0;
 
 /*
  * External variables
@@ -59,406 +79,439 @@ int	 iGrps = 0;
 extern int optind;
 extern char *optarg;
 
-void	make_utmp();
-void	usage();
+void make_utmp();
+void usage();
 
 int
-Process()
+Process(void)
 {
-	register int		 c;
-	int			 iErrs = 0;
-	int			 i, iNewGrp;
-	gid_t			 wGid;
-	uid_t			 wUid;
-	char			*pcCmd = (char *)0,
-				*pcDevTty = (char *)0;
-	char			*pcTmp;
+    int iErrs = 0;
+    int i, iNewGrp;
+    gid_t wGid;
+    uid_t wUid;
+    char *pcCmd = (char *)0, *pcDevTty = (char *)0;
 #ifdef	HAVE_GETUSERATTR
-	char			*pcGrps;
+    char *pcGrps;
 #endif
-	struct	passwd		*pwd;
-	struct	stat		 st;
-#ifdef HAVE_TERMIOS_H
-	struct	termios		 n_tio;
-#else
-# ifdef TIOCNOTTY
-#  ifdef O_CBREAK
-	auto struct tc n_tchars;
-#  else
-	auto struct tchars n_tchars;
-#  endif
-#  ifdef TIOCGLTC
-	auto struct ltchars n_ltchars;
-#  endif
-# else
-#  ifdef TIOCGETP
-	auto struct sgttyb n_sty;
-#  endif
-# endif
+    struct passwd *pwd;
+    struct stat st;
+    struct termios n_tio;
+#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
+    char my_hostname[MAXHOSTNAMELEN];
 #endif
 
 
-	if ((char *)0 != pcCommand) {
-		if ((char *)0 == (pcCmd = (char *)malloc(strlen(pcCommand) + 4))) {
-			(void) fprintf(stderr, "%s: malloc: %s\n", progname, strerror(errno));
-			exit(1);
-			/* NOTREACHED */
-		}
-		(void)strcpy(pcCmd, "-c ");
-		(void)strcat(pcCmd, pcCommand);
+#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
+    if (0 != gethostname(my_hostname, sizeof(my_hostname))) {
+	(void)fprintf(stderr, "%s: gethostname: %s\n", progname,
+		      strerror(errno));
+	exit(1);
+	/* NOTREACHED */
+    }
+#endif
+    if ((char *)0 != pcCommand) {
+	if ((char *)0 == (pcCmd = (char *)malloc(strlen(pcCommand) + 4))) {
+	    (void)fprintf(stderr, "%s: malloc: %s\n", progname,
+			  strerror(errno));
+	    exit(1);
+	    /* NOTREACHED */
 	}
+	(void)strcpy(pcCmd, "-c ");
+	(void)strcat(pcCmd, pcCommand);
+    }
 
-	if ( (char *)0 != pcGroup ) {
-		iErrs += addgroup(pcGroup);
+    if ((char *)0 != pcGroup) {
+	iErrs += addgroup(pcGroup);
+    }
+
+    if ((char *)0 == pcLogin) {
+	static char acLogin[17];
+	if ((struct passwd *)0 == (pwd = getpwuid(geteuid()))) {
+	    (void)fprintf(stderr, "%s: %d: uid unknown\n", progname,
+			  geteuid());
+	    exit(1);
+	    /* NOTREACHED */
 	}
+	pcLogin = strcpy(acLogin, pwd->pw_name);
+    } else if ((struct passwd *)0 == (pwd = getpwnam(pcLogin))) {
+	(void)fprintf(stderr, "%s: %s: login name unknown\n", progname,
+		      pcLogin);
+	exit(1);
+	/* NOTREACHED */
+    }
+    wUid = pwd->pw_uid;
+    wGid = pwd->pw_gid;
+    (void)endpwent();
+#ifdef	HAVE_GETUSERATTR
+    /* getuserattr() returns a funny list of groups:
+     *      "grp1\0grp2\0grp3\0\0"
+     */
+    if (0 == getuserattr(pcLogin, S_SUGROUPS, &pcGrps, SEC_LIST)) {
+	while ('\000' != *pcGrps) {
+	    /* ignore "ALL" and any group beginning with '!' */
+	    if ('!' == *pcGrps || 0 != strcmp(pcGrps, "ALL")) {
+		iErrs += addgroup(pcGrps);
+	    }
+	    pcGrps = pcGrps + strlen(pcGrps) + 1;
+	}
+    }
+#endif /* HAVE_GETUSERATTR */
+    (void)endgrent();
 
-	if ( (char *)0 == pcLogin ) {
-		static char acLogin[17];
-		if ((struct passwd *)0 == (pwd = getpwuid(geteuid()))) {
-			(void) fprintf(stderr, "%s: %d: uid unknown\n", progname, geteuid());
-			exit(1);
-			/* NOTREACHED */
-		}
-		pcLogin = strcpy(acLogin, pwd->pw_name);
-	} else if ((struct passwd *)0 == (pwd = getpwnam(pcLogin))) {
-		(void) fprintf(stderr, "%s: %s: login name unknown\n", progname, pcLogin);
+    if ((char *)0 != pcTty) {
+	if ('/' == *pcTty) {
+	    pcDevTty = pcTty;
+	} else {
+	    if ((char *)0 ==
+		(pcDevTty = (char *)malloc(strlen(pcTty) + 5 + 1))) {
+		(void)fprintf(stderr, "%s: malloc: %s\n", progname,
+			      strerror(errno));
 		exit(1);
-		/* NOTREACHED */
+	    }
+	    sprintf(pcDevTty, "/dev/%s", pcTty);
 	}
-	wUid = pwd->pw_uid;
-	wGid = pwd->pw_gid;
-#ifdef	HAVE_GETUSERATTR
-	/* getuserattr() returns a funny list of groups:
-	 *	"grp1\0grp2\0grp3\0\0"
-	 */
-	if (0 == getuserattr(pcLogin, S_SUGROUPS, &pcGrps, SEC_LIST)) {
-		while ('\000' != *pcGrps) {
-			/* ignore "ALL" and any group beginning with '!' */
-			if ('!' == *pcGrps || 0 != strcmp(pcGrps, "ALL")) {
-				iErrs += addgroup(pcGrps);
-			}
-			pcGrps = pcGrps + strlen(pcGrps) + 1;
-		}
-	}
-#endif	/* HAVE_GETUSERATTR */
-
-	if ((char *)0 != pcTty) {
-		if ( '/' == *pcTty ) {
-			pcDevTty = pcTty;
-		} else {
-			if ( (char *)0 == (pcDevTty = (char *)malloc(strlen(pcTty)+5+1) ) ) {
-				(void) fprintf(stderr, "%s: malloc: %s\n", progname, strerror(errno));
-				exit(1);
-			}
-			sprintf(pcDevTty, "/dev/%s", pcTty);
-		}
 
 
-		if (0 != stat(pcDevTty, &st)) {
-			(void) fprintf(stderr, "%s: Can't stat %s: %s\n", progname, pcDevTty, strerror(errno));
-			++iErrs;
+	if (0 != stat(pcDevTty, &st)) {
+	    (void)fprintf(stderr, "%s: Can't stat %s: %s\n", progname,
+			  pcDevTty, strerror(errno));
+	    ++iErrs;
 #if defined(VCHR) && defined(VMPC)
-		} else if (VCHR != st.st_type && VMPC != st.st_type) {
-			(void) fprintf(stderr, "%s: %s is not a character device\n", progname, pcDevTty);
-			++iErrs;
+	} else if (VCHR != st.st_type && VMPC != st.st_type) {
+	    (void)fprintf(stderr, "%s: %s is not a character device\n",
+			  progname, pcDevTty);
+	    ++iErrs;
 #endif
-		}
-	} else {
-		pcDevTty = (char *)0;
 	}
+    } else {
+	pcDevTty = (char *)0;
+    }
 
-	if (iErrs) {
-		usage();
-		exit(1);
-		/* NOTREACHED */
-	}
-	if (0 != geteuid()) {
-		(void) fprintf(stderr, "%s: Must be root!!!\n", progname);
-		exit(1);
-		/* NOTREACHED */
-	}
-	if (iGrps && 0 < setgroups(iGrps, awGrps)) {
-		(void) fprintf(stderr, "%s: Can't setgroups(): %s\n", progname, strerror(errno));
-		exit(1);
-		/* NOTREACHED */
-	}
+    if (iErrs) {
+	usage();
+	exit(1);
+	/* NOTREACHED */
+    }
+    if (0 != geteuid()) {
+	(void)fprintf(stderr, "%s: Must be root!!!\n", progname);
+	exit(1);
+	/* NOTREACHED */
+    }
+    if (iGrps && 0 < setgroups(iGrps, awGrps)) {
+	(void)fprintf(stderr, "%s: Can't setgroups(): %s\n", progname,
+		      strerror(errno));
+	exit(1);
+	/* NOTREACHED */
+    }
 
-	/* Close open files
-	 */
-	for (i = (char *)0 == pcTty ? 3 : 0; i < getdtablesize(); ++i) {
-		(void) close(i);
-	}
+    /* Close open files
+     */
+#if HAVE_CLOSEFROM
+    closefrom((char *)0 == pcTty ? 3 : 0);
+#else
+    for (i = (char *)0 == pcTty ? 3 : 0; i < getdtablesize(); ++i) {
+	(void)close(i);
+    }
+#endif
 
-	/* Make us a session leader so that when we open /dev/tty
-	 * it will become our controlling terminal.
-	 */
-	if (-1 == (iNewGrp = getsid(getpid()))) {
-		if (-1 == (iNewGrp = setsid())) {
-			(void) fprintf(stderr, "%s: setsid: %d: %s\n", progname, iNewGrp, strerror(errno));
-			iNewGrp = getpid();
-		}
+    /* Make us a session leader so that when we open /dev/tty
+     * it will become our controlling terminal.
+     */
+    if (-1 == (iNewGrp = getsid(getpid()))) {
+	if (-1 == (iNewGrp = setsid())) {
+	    (void)fprintf(stderr, "%s: setsid: %d: %s\n", progname,
+			  iNewGrp, strerror(errno));
+	    iNewGrp = getpid();
 	}
+    }
+#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
+    if (!cannot_audit(0)) {
+# if defined(HAVE_GETAUDIT_ADDR)
+	struct auditinfo_addr audit_info;
+# else
+	struct auditinfo audit_info;
+# endif
+	au_mask_t audit_mask;
+# if !defined(HAVE_GETAUDIT_ADDR)
+	struct hostent *hp;
+# endif
+	int iAuditFile;
+	int fShowEvent = 1;
+	token_t *ptAuditToken;
 
-	/* Open the TTY for stdin, stdout and stderr
-	 */
-	if ((char *)0 != pcDevTty) {
+	(void)memset(&audit_info, 0, sizeof(audit_info));
+	audit_info.ai_auid = wUid;
+	audit_info.ai_asid = getpid();
+	audit_mask.am_success = audit_mask.am_failure = 0;
+	(void)au_user_mask(pcLogin, &audit_mask);
+	audit_info.ai_mask.am_success = audit_mask.am_success;
+	audit_info.ai_mask.am_failure = audit_mask.am_failure;
+# if defined(HAVE_GETAUDIT_ADDR)
+	(void)aug_get_machine(my_hostname,
+			      &audit_info.ai_termid.at_addr[0],
+			      &audit_info.ai_termid.at_type);
+# else
+	if ((char *)0 != (hp = gethostbyname(my_hostname))
+	    && AF_INET == hp->h_addrtype) {
+	    (void)memcpy(&audit_info.ai_termid.machine, hp->h_addr,
+			 sizeof(audit_info.ai_termid.machine));
+	}
+# endif
+# if defined(HAVE_GETAUDIT_ADDR)
+	if (0 > setaudit_addr(&audit_info, sizeof(audit_info)))
+# else
+	if (0 > setaudit(&audit_info))
+# endif
+	{
+	    fprintf(stderr, "%s: setaudit failed: %s\n", progname,
+		    strerror(errno));
+	    fShowEvent = 0;
+	}
+	if (fShowEvent) {
+	    fShowEvent =
+		au_preselect(AUE_autologin, &audit_mask, AU_PRS_SUCCESS,
+			     AU_PRS_REREAD);
+	}
+	if (fShowEvent) {
+	    iAuditFile = au_open();
+# if defined(HAVE_GETAUDIT_ADDR)
+	    ptAuditToken =
+		au_to_subject_ex(wUid, wUid, wGid, wUid, wGid,
+				 audit_info.ai_asid, audit_info.ai_asid,
+				 &audit_info.ai_termid),
+# else
+	    ptAuditToken =
+		au_to_subject(wUid, wUid, wGid, wUid, wGid,
+			      audit_info.ai_asid, audit_info.ai_asid,
+			      &audit_info.ai_termid),
+# endif
+		(void)au_write(iAuditFile, ptAuditToken);
+	    ptAuditToken = au_to_text(gettext("successful login"));
+	    (void)au_write(iAuditFile, ptAuditToken);
+	    if ((char *)0 != pcCmd) {
+		ptAuditToken = au_to_text(pcCmd);
+		(void)au_write(iAuditFile, ptAuditToken);
+	    }
+# if defined(HAVE_GETAUDIT_ADDR)
+	    ptAuditToken = au_to_return32(0, 0);
+# else
+	    ptAuditToken = au_to_return(0, 0);
+# endif
+	    (void)au_write(iAuditFile, ptAuditToken);
+	    if (0 > au_close(iAuditFile, AU_TO_WRITE, AUE_autologin)) {
+		fprintf(stderr, "%s: audit write failed: %s", progname,
+			strerror(errno));
+	    }
+	}
+    }
+#endif
+
+    /* Open the TTY for stdin, stdout and stderr
+     */
+    if ((char *)0 != pcDevTty) {
 #ifdef TIOCNOTTY
-		if (-1 != (i = open("/dev/tty", 2, 0))) {
-			if ( ioctl(i, TIOCNOTTY, (char *)0) )
-				(void) fprintf(stderr, "%s: ioctl(%d, TIOCNOTTY, (char *)0): %s\n", progname, i, strerror(errno));
-			(void) close(i);
-		}
-#endif
-		if (0 != open(pcDevTty, O_RDWR, 0666)) {
-			exit(1);
-			/* NOTREACHED */
-		}
-		dup(0);
-		dup(0);
+	if (-1 != (i = open("/dev/tty", 2, 0))) {
+	    if (ioctl(i, TIOCNOTTY, (char *)0))
+		(void)fprintf(stderr,
+			      "%s: ioctl(%d, TIOCNOTTY, (char *)0): %s\n",
+			      progname, i, strerror(errno));
+	    (void)close(i);
 	}
+#endif
+	if (0 != open(pcDevTty, O_RDWR, 0666)) {
+	    exit(1);
+	    /* NOTREACHED */
+	}
+	dup(0);
+	dup(0);
+    }
 
-	/* put the tty in out process group
-	 */
+    /* put the tty in out process group
+     */
 #ifdef HAVE_TCGETPGRP
-	if (-1 >= (i = tcgetpgrp(0))){
-		(void) fprintf(stderr, "%s: tcgetpgrp: %s\n", progname, strerror(errno));
-	}
+    if (-1 >= (i = tcgetpgrp(0))) {
+	(void)fprintf(stderr, "%s: tcgetpgrp: %s\n", progname,
+		      strerror(errno));
+    }
 #endif
-#ifndef SETPGRP_VOID
-	if (-1 != i && setpgrp(0, i) ){
-		(void) fprintf(stderr, "%s: setpgrp: %s, i = %d\n", progname, strerror(errno), i);
-	}
-#endif
-
+    if (-1 != i && setpgrp(0, i)) {
+	(void)fprintf(stderr, "%s: setpgrp: %s, i = %d\n", progname,
+		      strerror(errno), i);
+    }
 #ifdef HAVE_TCSETPGRP
-	if (tcsetpgrp(0, iNewGrp)){
-		(void) fprintf(stderr, "%s: tcsetpgrp: %s\n", progname, strerror(errno));
-	}
-#endif
-#ifndef SETPGRP_VOID
-	if (-1 != iNewGrp && setpgrp(0, iNewGrp)){
-		(void) fprintf(stderr, "%s: setpgrp: %s, iNewGrp = %d\n", progname, strerror(errno), iNewGrp);
-	}
+    if (tcsetpgrp(0, iNewGrp)) {
+	(void)fprintf(stderr, "%s: tcsetpgrp: %s\n", progname,
+		      strerror(errno));
+    }
 #endif
+    if (-1 != iNewGrp && setpgrp(0, iNewGrp)) {
+	(void)fprintf(stderr, "%s: setpgrp: %s, iNewGrp = %d\n", progname,
+		      strerror(errno), iNewGrp);
+    }
 
-	/* put the tty in the correct mode
-	 */
-#ifndef HAVE_TERMIOS_H
-	if (0 != ioctl(0, TIOCGETP, (char *)&n_sty)) {
-		fprintf(stderr, "%s: iotcl: getp: %s\n", progname, strerror(errno));
-		exit(10);
-	}
-#ifdef O_CBREAK
-	n_sty.sg_flags &= ~(O_CBREAK);
-	n_sty.sg_flags |= (O_CRMOD|O_ECHO);
-#else
-	n_sty.sg_flags &= ~(CBREAK);
-	n_sty.sg_flags |= (CRMOD|ECHO);
-#endif
-	n_sty.sg_kill = '\025';             /* ^U   */
-	n_sty.sg_erase = '\010';            /* ^H   */
-	if (0 != ioctl(0, TIOCSETP, (char *)&n_sty)) {
-		fprintf(stderr, "%s: iotcl: setp: %s\n", progname, strerror(errno));
-		exit(10);
-	}
-
-	/* stty undef all tty chars
-	 */
-#if 0
-	if (-1 == ioctl(0, TIOCGETC, (char *)&n_tchars)) {
-		fprintf(stderr, "%s: ioctl: getc: %s\n", progname, strerror(errno));
-		return;
-	}
-	n_tchars.t_intrc = -1;
-	n_tchars.t_quitc = -1;
-	if (-1 == ioctl(0, TIOCSETC, (char *)&n_tchars)) {
-		fprintf(stderr, "%s: ioctl: setc: %s\n", progname, strerror(errno));
-		return;
-	}
-#endif
-#ifdef TIOCGLTC
-	if (-1 == ioctl(0, TIOCGLTC, (char *)&n_ltchars)) {
-		fprintf(stderr, "%s: ioctl: gltc: %s\n", progname, strerror(errno));
-		return;
-	}
-	n_ltchars.t_suspc = -1;
-	n_ltchars.t_dsuspc = -1;
-	n_ltchars.t_flushc = -1;
-	n_ltchars.t_lnextc = -1;
-	if (-1 == ioctl(0, TIOCSLTC, (char *)&n_ltchars)) {
-		fprintf(stderr, "%s: ioctl: sltc: %s\n", progname, strerror(errno));
-		return;
-	}
-#endif
-#else	/* not using ioctl, using POSIX or sun stuff */
+    /* put the tty in the correct mode
+     */
 #ifdef HAVE_TCGETATTR
-	if (0 != tcgetattr(0, &n_tio)) {
-		(void) fprintf(stderr, "%s: tcgetattr: %s\n", progname, strerror(errno));
-		exit(1);
-		/* NOTREACHED */
-	}
+    if (0 != tcgetattr(0, &n_tio)) {
+	(void)fprintf(stderr, "%s: tcgetattr: %s\n", progname,
+		      strerror(errno));
+	exit(1);
+	/* NOTREACHED */
+    }
 #else
-	if (0 != ioctl(0, TCGETS, &n_tio)) {
-		(void) fprintf(stderr, "%s: iotcl: TCGETS: %s\n", progname, strerror(errno));
-		exit(1);
-		/* NOTREACHED */
-	}
+    if (0 != ioctl(0, TCGETS, &n_tio)) {
+	(void)fprintf(stderr, "%s: iotcl: TCGETS: %s\n", progname,
+		      strerror(errno));
+	exit(1);
+	/* NOTREACHED */
+    }
 #endif
-	n_tio.c_iflag &= ~(IGNCR|IUCLC);
-	n_tio.c_iflag |= ICRNL|IXON|IXANY;
-	n_tio.c_oflag &= ~(OLCUC|ONOCR|ONLRET|OFILL|NLDLY|CRDLY|TABDLY|BSDLY);
-	n_tio.c_oflag |= OPOST|ONLCR|TAB3;
-	n_tio.c_lflag &= ~(XCASE|NOFLSH|ECHOK|ECHONL);
-	n_tio.c_lflag |= ISIG|ICANON|ECHO;
-	n_tio.c_cc[VEOF] = '\004';		/* ^D	*/
-	n_tio.c_cc[VEOL] = '\000';		/* EOL	*/
-	n_tio.c_cc[VERASE] = '\010';		/* ^H	*/
-	n_tio.c_cc[VINTR] = '\003';		/* ^C	*/
-	n_tio.c_cc[VKILL] = '\025';		/* ^U	*/
-	/* MIN */
-	n_tio.c_cc[VQUIT] = '\034';		/* ^\	*/
-	n_tio.c_cc[VSTART] = '\021';		/* ^Q	*/
-	n_tio.c_cc[VSTOP] = '\023';		/* ^S	*/
-	n_tio.c_cc[VSUSP] = '\032';		/* ^Z	*/
+    n_tio.c_iflag &= ~(IGNCR | IUCLC);
+    n_tio.c_iflag |= ICRNL | IXON | IXANY;
+    n_tio.c_oflag &=
+	~(OLCUC | ONOCR | ONLRET | OFILL | NLDLY | CRDLY | TABDLY | BSDLY);
+    n_tio.c_oflag |= OPOST | ONLCR | TAB3;
+    n_tio.c_lflag &= ~(XCASE | NOFLSH | ECHOK | ECHONL);
+    n_tio.c_lflag |= ISIG | ICANON | ECHO;
+    n_tio.c_cc[VEOF] = '\004';	/* ^D   */
+    n_tio.c_cc[VEOL] = '\000';	/* EOL  */
+    n_tio.c_cc[VERASE] = '\010';	/* ^H   */
+    n_tio.c_cc[VINTR] = '\003';	/* ^C   */
+    n_tio.c_cc[VKILL] = '\025';	/* ^U   */
+    /* MIN */
+    n_tio.c_cc[VQUIT] = '\034';	/* ^\   */
+    n_tio.c_cc[VSTART] = '\021';	/* ^Q   */
+    n_tio.c_cc[VSTOP] = '\023';	/* ^S   */
+    n_tio.c_cc[VSUSP] = '\032';	/* ^Z   */
 #ifdef HAVE_TCSETATTR
-	if (0 != tcsetattr(0, TCSANOW, &n_tio)) {
-		(void) fprintf(stderr, "%s: tcsetattr: %s\n", progname, strerror(errno));
-		exit(1);
-		/* NOTREACHED */
-	}
-#else
-#ifndef HAVE_TERMIOS_H
-	if (0 != ioctl(0, TCSETS, &n_tio)) {
-		(void) fprintf(stderr, "%s: ioctl: TCSETS: %s\n", progname, strerror(errno));
-		exit(1);
-		/* NOTREACHED */
-	}
+    if (0 != tcsetattr(0, TCSANOW, &n_tio)) {
+	(void)fprintf(stderr, "%s: tcsetattr: %s\n", progname,
+		      strerror(errno));
+	exit(1);
+	/* NOTREACHED */
+    }
 #endif
-#endif
-#endif	/* setup tty */
 
-	if (fMakeUtmp) {
-		extern char *ttyname();
-		make_utmp(pcLogin, (char *)0 != pcTty ? pcTty : ttyname(0));
-	}
-	/* Change ownership and modes on the tty.
-	 */
-	if ((char *)0 != pcDevTty) {
-		(void) chown(pcDevTty, wUid, wGid);
-		(void) chmod(pcDevTty, (mode_t) TTYMODE);
-	}
+    if (fMakeUtmp) {
+	extern char *ttyname();
+	make_utmp(pcLogin, (char *)0 != pcTty ? pcTty : ttyname(0));
+    }
+    /* Change ownership and modes on the tty.
+     */
+    if ((char *)0 != pcDevTty) {
+	(void)chown(pcDevTty, wUid, wGid);
+	(void)chmod(pcDevTty, (mode_t) TTYMODE);
+    }
 
-	if ((char *)0 != pcCmd) {
-		execl(PATH_SU, "su", "-", pcLogin, pcCmd, (char *)0);
-	} else {
-		execl(PATH_SU, "su", "-", pcLogin, (char *)0);
-	}
+    if ((char *)0 != pcCmd) {
+	execl(PATH_SU, "su", "-", pcLogin, pcCmd, (char *)0);
+    } else {
+	execl(PATH_SU, "su", "-", pcLogin, (char *)0);
+    }
 }
 
 #ifndef HAVE_PUTENV
 int
-putenv(pcAssign)
-char *pcAssign;
+putenv(char *pcAssign)
 {
-	register char *pcEq;
+    register char *pcEq;
 
-	if ((char *)0 != (pcEq = strchr(pcAssign, '='))) {
-		*pcEq++ = '\000';
-		(void)setenv(pcAssign, pcEq, 1);
-		*--pcEq = '=';
-	} else {
-		unsetenv(pcAssign);
-	}
+    if ((char *)0 != (pcEq = strchr(pcAssign, '='))) {
+	*pcEq++ = '\000';
+	(void)setenv(pcAssign, pcEq, 1);
+	*--pcEq = '=';
+    } else {
+	unsetenv(pcAssign);
+    }
 }
 #endif
 
 int
-addgroup(pcGrp)
-char	*pcGrp;
+addgroup(char *pcGrp)
 {
-	struct	group		*grp;
+    struct group *grp;
 
-	grp = getgrnam(pcGrp);
-	if ((struct group *)0 == grp) {
-		(void) fprintf(stderr, "%s: Unknown group: %s\n", progname, pcGrp);
-		return(1);
-	}
-	if (iGrps >= NGROUPS_MAX) {
-		(void) fprintf(stderr, "%s: Too many groups specified with \"%s\".\n", progname, pcGrp);
-		return(1);
-	}
-	awGrps[iGrps++] = grp->gr_gid;
-	return(0);
+    grp = getgrnam(pcGrp);
+    if ((struct group *)0 == grp) {
+	(void)fprintf(stderr, "%s: Unknown group: %s\n", progname, pcGrp);
+	return (1);
+    }
+    if (iGrps >= NGROUPS_MAX) {
+	(void)fprintf(stderr,
+		      "%s: Too many groups specified with \"%s\".\n",
+		      progname, pcGrp);
+	return (1);
+    }
+    awGrps[iGrps++] = grp->gr_gid;
+    return (0);
 }
 
 
 /* install a utmp entry to show the use we know is here is here		(ksb)
  */
 void
-make_utmp(pclogin, pctty)
-char	*pclogin;
-char	*pctty;
+make_utmp(char *pclogin, char *pctty)
 {
-	register int iFound, iPos;
-	register int fdUtmp;
-	register char *pcDev;
-	register struct utmp *up;
-	auto struct utmp outmp, utmp;
+    register int iFound, iPos;
+    register int fdUtmp;
+    register char *pcDev;
+    register struct utmp *up;
+    auto struct utmp utmp;
 
 
-	if ((char *)0 == pctty) {
-		return;
+    if ((char *)0 == pctty) {
+	return;
+    }
+
+    if ((fdUtmp = open(UTMP_FILE, O_RDWR, 0664)) < 0) {
+	return;
+    }
+
+    /* create empty utmp entry
+     */
+    (void)memset(&utmp, 0, sizeof(struct utmp));
+
+    /* Only the last portion of the tty is saved, unless it's
+     * all digits.  Then back up and include the previous part
+     * /dev/pty/02  -> pty/02 (not just 02)
+     */
+    if ((char *)0 != (pcDev = strrchr(pctty, '/'))) {
+	if (!*(pcDev + strspn(pcDev, "/0123456789"))) {
+	    while (pcDev != pctty && *--pcDev != '/') {
+	    }
 	}
-
-	if ((fdUtmp = open(UTMP_FILE, O_RDWR, 0664)) < 0) {
-		return;
-	}
-		
-	/* create empty utmp entry
-	 */
-	(void)memset(&utmp, 0, sizeof(struct utmp));
-
-	/* Only the last portion of the tty is saved, unless it's
-	 * all digits.  Then back up and include the previous part
-	 * /dev/pty/02  -> pty/02 (not just 02)
-	 */
-	if ((char *)0 != (pcDev = strrchr(pctty, '/'))) {
-		if (! *(pcDev + strspn(pcDev, "/0123456789"))) {
-			while (pcDev != pctty && *--pcDev != '/') {
-			}
-		}
-		if (*pcDev == '/') {
-			++pcDev;
-		}
-	} else {
-		pcDev = pctty;
+	if (*pcDev == '/') {
+	    ++pcDev;
 	}
+    } else {
+	pcDev = pctty;
+    }
 
 #ifdef HAVE_GETUTENT
-	/* look through getutent's by pid
-	 */
-	(void)setutent();
-	utmp.ut_pid = getpid();
-	iFound = iPos = 0;
-	while ((up = getutent()) != NULL) {
-		if (up->ut_pid == utmp.ut_pid) {
-			utmp = *up;
-			++iFound;
-			break;
-		}
-		iPos++;
-	}
-	(void)endutent();
-	/* we were an initprocess, now we are a login shell
-	 */
-	utmp.ut_type = USER_PROCESS;
-	(void)strncpy(utmp.ut_user, pclogin, sizeof(utmp.ut_user));
-	if ('\000' == utmp.ut_line[0]) {
-		(void)strncpy(utmp.ut_line, pcDev, sizeof(utmp.ut_line));
+    /* look through getutent's by pid
+     */
+    (void)setutent();
+    utmp.ut_pid = getpid();
+    iFound = iPos = 0;
+    while ((up = getutent()) != NULL) {
+	if (up->ut_pid == utmp.ut_pid) {
+	    utmp = *up;
+	    ++iFound;
+	    break;
 	}
+	iPos++;
+    }
+    (void)endutent();
+    /* we were an initprocess, now we are a login shell
+     */
+    utmp.ut_type = USER_PROCESS;
+    (void)strncpy(utmp.ut_user, pclogin, sizeof(utmp.ut_user));
+    if ('\000' == utmp.ut_line[0]) {
+	(void)strncpy(utmp.ut_line, pcDev, sizeof(utmp.ut_line));
+    }
 #else
-#ifdef HAVE_SETTTYENT
-	{
+# ifdef HAVE_SETTTYENT
+    {
 	register struct ttyent *ty;
 
 	/* look through ttyslots by line?
@@ -466,56 +519,56 @@ char	*pctty;
 	(void)setttyent();
 	iFound = iPos = 0;
 	while ((ty = getttyent()) != NULL) {
-		if (strcmp(ty->ty_name, pcDev) == 0) {
-			++iFound;
-			break;
-		}
-		iPos++;
+	    if (strcmp(ty->ty_name, pcDev) == 0) {
+		++iFound;
+		break;
+	    }
+	    iPos++;
 	}
 	/* fill in utmp from ty ZZZ */
 	(void)endttyent();
+    }
+    (void)strncpy(utmp.ut_line, pcDev, sizeof(utmp.ut_line));
+    (void)strncpy(utmp.ut_name, pclogin, sizeof(utmp.ut_name));
+    (void)strncpy(utmp.ut_host, "(autologin)", sizeof(utmp.ut_host));
+# else
+    /* look through /etc/utmp by hand (sigh)
+     */
+    iFound = iPos = 0;
+    while (sizeof(utmp) == read(fdUtmp, &utmp, sizeof(utmp))) {
+	if (0 == strncmp(utmp.ut_line, pcDev, sizeof(utmp.ut_line))) {
+	    ++iFound;
+	    break;
 	}
-	(void)strncpy(utmp.ut_line, pcDev, sizeof(utmp.ut_line));
-	(void)strncpy(utmp.ut_name, pclogin, sizeof(utmp.ut_name));
-	(void)strncpy(utmp.ut_host, "(autologin)", sizeof(utmp.ut_host));
-#else
-	/* look through /etc/utmp by hand (sigh)
-	 */
-	iFound = iPos = 0;
-	while (sizeof(utmp) == read(fdUtmp, & utmp, sizeof(utmp))) {
-		if (0 == strncmp(utmp.ut_line, pcDev, sizeof(utmp.ut_line))) {
-			++iFound;
-			break;
-		}
-		iPos++;
-	}
-	(void)strncpy(utmp.ut_name, pclogin, sizeof(utmp.ut_name));
+	iPos++;
+    }
+    (void)strncpy(utmp.ut_name, pclogin, sizeof(utmp.ut_name));
+# endif
 #endif
-#endif
-	utmp.ut_time = time((time_t *) 0);
+    utmp.ut_time = time((time_t *)0);
 
-	if (0 == iFound) {
-		fprintf(stderr, "%s: %s: no ttyslot\n", progname, pctty);
-	} else if (-1 == lseek(fdUtmp, (off_t)(iPos*sizeof(utmp)), 0)) {
-		fprintf(stderr, "%s: lseek: %s\n", progname, strerror(errno));
-	} else {
-		(void)write(fdUtmp, (char *)&utmp, sizeof(utmp));
-	}
-	(void)close(fdUtmp);
+    if (0 == iFound) {
+	fprintf(stderr, "%s: %s: no ttyslot\n", progname, pctty);
+    } else if (-1 == lseek(fdUtmp, (off_t) (iPos * sizeof(utmp)), 0)) {
+	fprintf(stderr, "%s: lseek: %s\n", progname, strerror(errno));
+    } else {
+	(void)write(fdUtmp, (char *)&utmp, sizeof(utmp));
+    }
+    (void)close(fdUtmp);
 }
 
 
 void
-usage()
+usage(void)
 {
-	char *u_pch;
-	int u_loop;
+    char *u_pch;
+    int u_loop;
 
-	for (u_loop = 0; (char *)0 != (u_pch = au_terse[u_loop]); ++u_loop) {
-		fprintf(stdout, "%s: usage%s\n", progname, u_pch);
-	}
-	for (u_loop = 0; (char *)0 != (u_pch = u_help[u_loop]); ++u_loop) {
-		fprintf(stdout, "%s\n", u_pch);
-	}
+    for (u_loop = 0; (char *)0 != (u_pch = au_terse[u_loop]); ++u_loop) {
+	fprintf(stdout, "%s: usage%s\n", progname, u_pch);
+    }
+    for (u_loop = 0; (char *)0 != (u_pch = u_help[u_loop]); ++u_loop) {
+	fprintf(stdout, "%s\n", u_pch);
+    }
 
 }

autologin/autologin.m

@@ -1,7 +1,5 @@
 # mkcmd parser for autologin program
 %%
-static char *rcsid =
-	"$Id: autologin.m,v 1.2 92/07/28 13:18:34 ksb Exp $";
 %%
 
 integer variable "iErrs" {

autologin/autologin.man

@@ -1,4 +1,3 @@
-.\" $Id: autologin.man,v 1.3 93/03/16 16:41:45 ksb Exp $
 .TH AUTOLOGIN 8L PUCC
 .SH NAME
 autologin \- create an automatic login session from /etc/inittab
@@ -112,12 +111,21 @@ environment variable set to
 	ss10:2:respawn:/usr/local/etc/autologin \-e TERM=reg20 \-t/dev/tty10 \-lssinfo
 .ad
 .PP
-Adding the following line to \fI/etc/ttytab\fP on a Sun 4.1.\fIx\fP
+Adding the following line to
+.I /etc/ttytab
+on a Sun
+.RI 4.1. x
 machine establishes a root login on the console device:
+.br
 .na
 	console "/usr/local/etc/autologin \-lroot \-t"    xterm   on local secure
 .ad
-Note that \fIinit\fP provides the \fItty\fP argument on the end of the command.
+.PP
+Note that
+.I init
+provides the
+.I tty
+argument on the end of the command.
 .SH FILES
 /bin/su
 .br

autologin/main.c

@@ -13,174 +13,170 @@
 
 #ifndef HAVE_GETOPT
 static int
-	optopt;			/* character checked for validity	*/
+  optopt;			/* character checked for validity       */
 
 /* get option letter from argument vector, also does -number correctly
  * for nice, xargs, and stuff (these extras by ksb)
  * does +arg if you give a last argument of "+", else give (char *)0
  */
 static int
-getopt(nargc, nargv, ostr)
-int nargc;
-char **nargv, *ostr;
+getopt(int nargc, char **nargv, char *ostr)
 {
-	register char	*oli;		/* option letter list index	*/
-	static char	EMSG[] = "";	/* just a null place		*/
-	static char	*place = EMSG;	/* option letter processing	*/
+    register char *oli;		/* option letter list index     */
+    static char EMSG[] = "";	/* just a null place            */
+    static char *place = EMSG;	/* option letter processing     */
 
-	if ('\000' == *place) {		/* update scanning pointer */
-		if (optind >= nargc)
-			return EOF;
-		if (nargv[optind][0] != '-') {
-			register int iLen;
-			return EOF;
-		}
-		place = nargv[optind];
-		if ('\000' == *++place)	/* "-" (stdin)		*/
-			return EOF;
-		if (*place == '-' && '\000' == place[1]) {
-			/* found "--"		*/
-			++optind;
-			return EOF;
-		}
-	}				/* option letter okay? */
-	/* if we find the letter, (not a `:')
-	 * or a digit to match a # in the list
-	 */
-	if ((optopt = *place++) == ':' ||
-	 ((char *)0 == (oli = strchr(ostr,optopt)) &&
-	  (!(isdigit(optopt)||'-'==optopt) || (char *)0 == (oli = strchr(ostr, '#'))))) {
-		if(!*place) ++optind;
-		return('?');
+    if ('\000' == *place) {	/* update scanning pointer */
+	if (optind >= nargc)
+	    return EOF;
+	if (nargv[optind][0] != '-') {
+	    register int iLen;
+	    return EOF;
 	}
-	if ('#' == *oli) {		/* accept as -digits */
-		optarg = place -1;
-		++optind;
-		place = EMSG;
-		return '#';
+	place = nargv[optind];
+	if ('\000' == *++place)	/* "-" (stdin)              */
+	    return EOF;
+	if (*place == '-' && '\000' == place[1]) {
+	    /* found "--"           */
+	    ++optind;
+	    return EOF;
 	}
-	if (*++oli != ':') {		/* don't need argument */
-		optarg = NULL;
-		if ('\000' == *place)
-			++optind;
-	} else {				/* need an argument */
-		if (*place) {			/* no white space */
-			optarg = place;
-		} else if (nargc <= ++optind) {	/* no arg!! */
-			place = EMSG;
-			return '*';
-		} else {
-			optarg = nargv[optind];	/* white space */
-		}
-		place = EMSG;
-		++optind;
+    }
+    /* option letter okay? */
+    /* if we find the letter, (not a `:')
+     * or a digit to match a # in the list
+     */
+    if ((optopt = *place++) == ':' ||
+	((char *)0 == (oli = strchr(ostr, optopt)) &&
+	 (!(isdigit(optopt) || '-' == optopt) ||
+	  (char *)0 == (oli = strchr(ostr, '#'))))) {
+	if (!*place)
+	    ++optind;
+	return ('?');
+    }
+    if ('#' == *oli) {		/* accept as -digits */
+	optarg = place - 1;
+	++optind;
+	place = EMSG;
+	return '#';
+    }
+    if (*++oli != ':') {	/* don't need argument */
+	optarg = NULL;
+	if ('\000' == *place)
+	    ++optind;
+    } else {			/* need an argument */
+	if (*place) {		/* no white space */
+	    optarg = place;
+	} else if (nargc <= ++optind) {	/* no arg!! */
+	    place = EMSG;
+	    return '*';
+	} else {
+	    optarg = nargv[optind];	/* white space */
 	}
-	return optopt;			/* dump back option letter */
+	place = EMSG;
+	++optind;
+    }
+    return optopt;		/* dump back option letter */
 }
 #endif /* ! HAVE_GETOPT */
 
 char
-	*progname = "$Id$",
-	*au_terse[] = {
-		" [-u] [-c cmd] [-e env=value] [-g group] [-l login] [-t tty]",
-		" -h",
-		" -V",
-		(char *)0
-	},
-	*u_help[] = {
-		"c cmd       command to run",
-		"e env=value environment variable to set",
-		"g group     initial group",
-		"h           print this help message",
-		"l login     login name",
-		"t tty       attach to this terminal",
-		"u           do no make utmp entry",
-		"V           show version information",
-		(char *)0
-	},
-	*pcCommand = (char *)0,
-	*pcGroup = (char *)0,
-	*pcLogin = (char *)0,
-	*pcTty = (char *)0;
+ *progname = "", *au_terse[] = {
+    " [-u] [-c cmd] [-e env=value] [-g group] [-l login] [-t tty]",
+    " -h",
+    " -V",
+    (char *)0
+}, *u_help[] = {
+
+    "c cmd       command to run",
+    "e env=value environment variable to set",
+    "g group     initial group",
+    "h           print this help message",
+    "l login     login name",
+    "t tty       attach to this terminal",
+    "u           do no make utmp entry",
+    "V           show version information", (char *)0
+}, *pcCommand = (char *)0, *pcGroup = (char *)0, *pcLogin =
+    (char *)0, *pcTty = (char *)0;
 int
-	fMakeUtmp = 1,
-	iErrs = 0;
+  fMakeUtmp = 1, iErrs = 0;
 
 #ifndef u_terse
-#define u_terse	(au_terse[0])
+# define u_terse	(au_terse[0])
 #endif
 
-static char *rcsid =
-        "$Id: autologin.m,v 1.2 92/07/28 13:18:34 ksb Exp $";
-
 /*
  * parser
  */
 int
-main(argc, argv)
-int argc;
-char **argv;
+main(int argc, char **argv)
 {
-	static char
-		sbOpt[] = "c:e:g:hl:t:uV",
-		*u_pch = (char *)0;
-	static int
-		u_loop = 0;
-	register int u_curopt;
-	extern int atoi();
+    static char
+      sbOpt[] = "c:e:g:hl:t:uV", *u_pch = (char *)0;
+    static int
+      u_loop = 0;
+    register int u_curopt;
+    extern int atoi();
 
-	progname = strrchr(argv[0], '/');
-	if ((char *)0 == progname)
-		progname = argv[0];
-	else
-		++progname;
-	while (EOF != (u_curopt = getopt(argc, argv, sbOpt))) {
-		switch (u_curopt) {
-		case '*':
-			fprintf(stderr, "%s: option `-%c\' needs a parameter\n", progname, optopt);
-			exit(1);
-		case '?':
-			fprintf(stderr, "%s: unknown option `-%c\', use `-h\' for help\n", progname, optopt);
-			exit(1);
-		case 'c':
-			pcCommand = optarg;
-			continue;
-		case 'e':
-			if (putenv(optarg) != 0) {
-				 (void) fprintf(stderr, "%s: putenv(\"%s\"): failed\n", progname, optarg);
-				exit(1);
-			}
-			continue;
-		case 'g':
-			pcGroup = optarg;
-			continue;
-		case 'h':
-			for (u_loop = 0; (char *)0 != (u_pch = au_terse[u_loop]); ++u_loop) {
-				if ('\000' == *u_pch) {
-					fprintf(stdout, "%s: with no parameters\n", progname);
-					continue;
-				}
-				fprintf(stdout, "%s: usage%s\n", progname, u_pch);
-			}
-			for (u_loop = 0; (char *)0 != (u_pch = u_help[u_loop]); ++u_loop) {
-				fprintf(stdout, "%s\n", u_pch);
-			}
-			exit(0);
-		case 'l':
-			pcLogin = optarg;
-			continue;
-		case 't':
-			pcTty = optarg;
-			continue;
-		case 'u':
-			fMakeUtmp = 0;
-			continue;
-		case 'V':
-			printf("%s: %s\n", progname, rcsid);
-			exit(0);
+    progname = strrchr(argv[0], '/');
+    if ((char *)0 == progname)
+	progname = argv[0];
+    else
+	++progname;
+    while (EOF != (u_curopt = getopt(argc, argv, sbOpt))) {
+	switch (u_curopt) {
+	    case '*':
+		fprintf(stderr, "%s: option `-%c\' needs a parameter\n",
+			progname, optopt);
+		exit(1);
+	    case '?':
+		fprintf(stderr,
+			"%s: unknown option `-%c\', use `-h\' for help\n",
+			progname, optopt);
+		exit(1);
+	    case 'c':
+		pcCommand = optarg;
+		continue;
+	    case 'e':
+		if (putenv(optarg) != 0) {
+		    (void)fprintf(stderr, "%s: putenv(\"%s\"): failed\n",
+				  progname, optarg);
+		    exit(1);
 		}
-		break;
+		continue;
+	    case 'g':
+		pcGroup = optarg;
+		continue;
+	    case 'h':
+		for (u_loop = 0; (char *)0 != (u_pch = au_terse[u_loop]);
+		     ++u_loop) {
+		    if ('\000' == *u_pch) {
+			fprintf(stdout, "%s: with no parameters\n",
+				progname);
+			continue;
+		    }
+		    fprintf(stdout, "%s: usage%s\n", progname, u_pch);
+		}
+		for (u_loop = 0; (char *)0 != (u_pch = u_help[u_loop]);
+		     ++u_loop) {
+		    fprintf(stdout, "%s\n", u_pch);
+		}
+		exit(0);
+	    case 'l':
+		pcLogin = optarg;
+		continue;
+	    case 't':
+		pcTty = optarg;
+		continue;
+	    case 'u':
+		fMakeUtmp = 0;
+		continue;
+	    case 'V':
+		printf("%s\n", progname);
+		exit(0);
 	}
-	Process();
-	exit(iErrs);
+	break;
+    }
+    Process();
+    exit(iErrs);
 }

autologin/main.h

@@ -4,7 +4,7 @@
 
 extern char *progname, *au_terse[4], *u_help[9];
 #ifndef u_terse
-#define u_terse	(au_terse[0])
+# define u_terse	(au_terse[0])
 #endif
 extern int main();
 extern int fMakeUtmp, iErrs;
@@ -12,4 +12,3 @@ extern char *pcCommand, *pcGroup, *pcLogin, *pcTty;
 /* from std_help.m */
 /* from std_version.m */
 /* from autologin.m */
-

compat.h

@@ -1,5 +1,64 @@
 #include <config.h>
 
+/* things everything seems to need */
+#include <stdio.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <sys/un.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <signal.h>
+
+/* If, when processing a logfile for replaying the last N lines,
+ * we end up seeing more than MAXREPLAYLINELEN characters in a line,
+ * abort processing and display the data.  Why?  There could be some
+ * very large logfiles and very long lines and we'd chew up lots of
+ * memory and send a LOT of data down to the client - all potentially
+ * bad.  If there's a line over this in size, would you really want to
+ * see the whole thing (and possibly others)?
+ */
+#if !defined(MAXREPLAYLINELEN)
+# define MAXREPLAYLINELEN 10000
+#endif
+
+/* the default escape sequence used to give meta commands
+ */
+#if !defined(DEFATTN)
+# define DEFATTN	'\005'
+#endif
+#if !defined(DEFESC)
+# define DEFESC		'c'
+#endif
+
+/* set the default length of the replay functions
+ * DEFREPLAY for 'r'
+ * DEFPLAYBACK for 'p'
+ */
+#if !defined(DEFREPLAY)
+# define DEFREPLAY	20
+#endif
+#if !defined(PLAYBACK)
+# define DEFPLAYBACK	60
+#endif
+
+/* For legacy compile-time setting of the port...
+ */
+#if ! defined(DEFPORT)
+# if defined(SERVICENAME)
+#  define DEFPORT SERVICENAME
+# else
+#  if defined(PORTNUMBER)
+#   define DEFPORT PORTNUMBER
+#  else
+#   define DEFPORT "conserver"
+#  endif
+# endif
+#endif
 
 #if STDC_HEADERS
 # include <string.h>
@@ -11,6 +70,10 @@
 #  define strrchr rindex
 # endif
 #endif
+#if !HAVE_STRCASECMP && HAVE_STRICMP
+# define strcasecmp stricmp
+# define strncasecmp strnicmp
+#endif
 
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
@@ -38,14 +101,16 @@ typedef long fd_set;
 # include <sys/ioctl_compat.h>
 #endif
 
-#ifdef HAVE_TERMIOS_H
-# include <termios.h>		/* POSIX */
-#else
-# ifdef HAVE_TERMIO_H
-#  include <termio.h>		/* SysV */
+#include <termios.h>
+
+#ifndef TAB3
+# ifdef OXTABS
+#  define TAB3 OXTABS
 # else
-#  ifdef HAVE_SGTTY_H
-#   include <sgtty.h>		/* BSD */
+#  ifdef XTABS
+#   define TAB3 XTABS
+#  else
+#   define TAB3 0
 #  endif
 # endif
 #endif
@@ -64,7 +129,7 @@ typedef long fd_set;
 #endif
 
 #if HAVE_TYPES_H
-#include <sys/types.h>
+# include <sys/types.h>
 #endif
 
 #if HAVE_SYS_WAIT_H
@@ -73,30 +138,30 @@ typedef long fd_set;
 #define LO(s) ((unsigned)((s) & 0377))
 #define HI(s) ((unsigned)(((s) >> 8) & 0377))
 #if !defined(WIFEXITED)
-#define WIFEXITED(s) (LO(s)==0)
+# define WIFEXITED(s) (LO(s)==0)
 #endif
 #if !defined(WEXITSTATUS)
-#define WEXITSTATUS(s) HI(s)
+# define WEXITSTATUS(s) HI(s)
 #endif
 #if !defined(WIFSIGNALED)
-#define WIFSIGNALED(s) ((LO(s)>0)&&(HI(s)==0))
+# define WIFSIGNALED(s) ((LO(s)>0)&&(HI(s)==0))
 #endif
 #if !defined(WTERMSIG)
-#define WTERMSIG(s) (LO(s)&0177)
+# define WTERMSIG(s) (LO(s)&0177)
 #endif
 #if !defined(WIFSTOPPED)
-#define WIFSTOPPED(s) ((LO(s)==0177)&&(HI(s)!=0))
+# define WIFSTOPPED(s) ((LO(s)==0177)&&(HI(s)!=0))
 #endif
 #if !defined(WSTOPSIG)
-#define WSTOPSIG(s) HI(s)
+# define WSTOPSIG(s) HI(s)
 #endif
 
 #if HAVE_SYSEXITS_H
-#include <sysexits.h>
+# include <sysexits.h>
 #else
-#define EX_OK 0
-#define EX_UNAVAILABLE 69
-#define EX_TEMPFAIL 75
+# define EX_OK 0
+# define EX_UNAVAILABLE 69
+# define EX_TEMPFAIL 75
 #endif
 
 #include <errno.h>
@@ -135,6 +200,14 @@ extern char *h_errlist[];
 # include <crypt.h>
 #endif
 
+#ifdef HAVE_HPSECURITY_H
+# include <hpsecurity.h>
+#endif
+
+#ifdef HAVE_PROT_H
+# include <prot.h>
+#endif
+
 #ifdef HAVE_GETOPT_H
 # include <getopt.h>
 #endif
@@ -162,7 +235,19 @@ extern char *h_errlist[];
 #endif
 
 #ifdef HAVE_USERSEC_H
-#include <usersec.h>
+# include <usersec.h>
+#endif
+
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+# include <libutil.h>
+#endif
+
+#ifdef HAVE_UTIL_H
+# include <util.h>
 #endif
 
 
@@ -186,38 +271,75 @@ extern char *h_errlist[];
 typedef unsigned long in_addr_t;
 #endif
 
+#ifndef HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
 /*
  * IUCLC, OLCUC and XCASE were removed from IEEE Std 1003.1-200x
  *  as legacy definitions.
  */
 #ifndef IUCLC
-#define IUCLC 0
+# define IUCLC 0
 #endif
 #ifndef OLCUC
-#define OLCUC 0
+# define OLCUC 0
 #endif
 #ifndef XCASE
-#define XCASE 0
+# define XCASE 0
 #endif
 /* Some systems don't have OFILL or *DLY. */
 #ifndef OFILL
-#define OFILL 0
+# define OFILL 0
 #endif
 #ifndef NLDLY
-#define NLDLY 0
+# define NLDLY 0
 #endif
 #ifndef CRDLY
-#define CRDLY 0
+# define CRDLY 0
 #endif
 #ifndef TABDLY
-#define TABDLY 0
+# define TABDLY 0
 #endif
 #ifndef BSDLY
-#define BSDLY 0
+# define BSDLY 0
 #endif
 #ifndef ONOCR
-#define ONOCR 0
+# define ONOCR 0
 #endif
 #ifndef ONLRET
-#define ONLRET 0
+# define ONLRET 0
+#endif
+
+#ifndef SEEK_SET
+# define SEEK_SET L_SET
+#endif
+
+/* setup a conditional debugging line */
+#ifndef CONDDEBUG
+# define CONDDEBUG(line) if (fDebug) {debugFileName=__FILE__; debugLineNo=__LINE__; Debug line;}
+#endif
+
+#if HAVE_DMALLOC
+# include <dmalloc.h>
+#endif
+
+#if HAVE_FREEIPMI
+# include <ipmiconsole.h>
+#endif
+
+#ifndef INADDR_STYPE
+# if USE_IPV6
+#  define INADDR_STYPE struct sockaddr_storage
+# else
+#  define INADDR_STYPE struct in_addr
+# endif
+#endif
+
+#ifndef SOCKADDR_STYPE
+# if USE_IPV6
+#  define SOCKADDR_STYPE struct sockaddr_storage
+# else
+#  define SOCKADDR_STYPE struct sockaddr_in
+# endif
 #endif

config.h.in

@@ -1,283 +0,0 @@
-/* config.h.in.  Generated automatically from configure.in by autoheader.  */
-/*
- * ./configure invocation
- */
-#undef CONFIGINVOCATION
-
-/*
- * Socket used to communicate
- */
-#undef DEFPORT
-
-/*
- * Base socket used for secondary channel
- */
-#undef DEFBASEPORT
-
-/*
- * Hostname of console server
- */
-#undef MASTERHOST
-
-/*
- * Config file path
- */
-#undef CONFIGFILE
-
-/*
- * Password file path
- */
-#undef PASSWDFILE
-
-/*
- * Logfile path
- */
-#undef LOGFILEPATH
-
-/*
- * Number of consoles per child process
- */
-#undef MAXMEMB
-
-/*
- * TCP connection timeout
- */
-#undef CONNECTTIMEOUT
-
-/*
- * pidfile to write to
- */
-#undef PIDFILE
-
-/*
- * use tcp_wrappers libwrap
- */
-#undef USE_LIBWRAP
-
-/*
- * use ansi prototypes/decls
- */
-#undef USE_ANSI_PROTO
-
-/* Define if you have the <crypt.h> header file. */
-#undef HAVE_CRYPT_H
-
-/* Define if you have the `flock' function. */
-#undef HAVE_FLOCK
-
-/* Define if you have the `getdtablesize' function. */
-#undef HAVE_GETDTABLESIZE
-
-/* Define if you have the `getlogin' function. */
-#undef HAVE_GETLOGIN
-
-/* Define if you have the `getopt' function. */
-#undef HAVE_GETOPT
-
-/* Define if you have the <getopt.h> header file. */
-#undef HAVE_GETOPT_H
-
-/* Define if you have the `getpassphrase' function. */
-#undef HAVE_GETPASSPHRASE
-
-/* Define if you have the `getrlimit' function. */
-#undef HAVE_GETRLIMIT
-
-/* Define if you have the `getsid' function. */
-#undef HAVE_GETSID
-
-/* Define if you have the `getspnam' function. */
-#undef HAVE_GETSPNAM
-
-/* Define if you have the `getuserattr' function. */
-#undef HAVE_GETUSERATTR
-
-/* Define if you have the `getutent' function. */
-#undef HAVE_GETUTENT
-
-/* Define if you have the `grantpt' function. */
-#undef HAVE_GRANTPT
-
-/* Define if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define if the system has the type `in_addr_t'. */
-#undef HAVE_IN_ADDR_T
-
-/* Define if you have the `memcmp' function. */
-#undef HAVE_MEMCMP
-
-/* Define if you have the `memcpy' function. */
-#undef HAVE_MEMCPY
-
-/* Define if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define if you have the `memset' function. */
-#undef HAVE_MEMSET
-
-/* Define if you have the `ptsname' function. */
-#undef HAVE_PTSNAME
-
-/* Define if you have the `putenv' function. */
-#undef HAVE_PUTENV
-
-/* Define if you have the `setgroups' function. */
-#undef HAVE_SETGROUPS
-
-/* Define if you have the `setlinebuf' function. */
-#undef HAVE_SETLINEBUF
-
-/* Define if you have the `setpgrp' function. */
-#undef HAVE_SETPGRP
-
-/* Define if you have the `setsid' function. */
-#undef HAVE_SETSID
-
-/* Define if you have the `setsockopt' function. */
-#undef HAVE_SETSOCKOPT
-
-/* Define if you have the `setttyent' function. */
-#undef HAVE_SETTTYENT
-
-/* Define if you have the `setvbuf' function. */
-#undef HAVE_SETVBUF
-
-/* Define if you have the <sgtty.h> header file. */
-#undef HAVE_SGTTY_H
-
-/* Define if you have the <shadow.h> header file. */
-#undef HAVE_SHADOW_H
-
-/* Define if you have the `sigaction' function. */
-#undef HAVE_SIGACTION
-
-/* Define if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define if you have the `strerror' function. */
-#undef HAVE_STRERROR
-
-/* Define if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define if you have the <stropts.h> header file. */
-#undef HAVE_STROPTS_H
-
-/* Define if you have the `sysconf' function. */
-#undef HAVE_SYSCONF
-
-/* Define if you have the <sysexits.h> header file. */
-#undef HAVE_SYSEXITS_H
-
-/* Define if you have the <sys/audit.h> header file. */
-#undef HAVE_SYS_AUDIT_H
-
-/* Define if you have the <sys/ioctl_compat.h> header file. */
-#undef HAVE_SYS_IOCTL_COMPAT_H
-
-/* Define if you have the <sys/ioctl.h> header file. */
-#undef HAVE_SYS_IOCTL_H
-
-/* Define if you have the <sys/proc.h> header file. */
-#undef HAVE_SYS_PROC_H
-
-/* Define if you have the <sys/resource.h> header file. */
-#undef HAVE_SYS_RESOURCE_H
-
-/* Define if you have the <sys/select.h> header file. */
-#undef HAVE_SYS_SELECT_H
-
-/* Define if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
-/* Define if you have the <sys/ttold.h> header file. */
-#undef HAVE_SYS_TTOLD_H
-
-/* Define if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define if you have the <sys/uio.h> header file. */
-#undef HAVE_SYS_UIO_H
-
-/* Define if you have the <sys/vlimit.h> header file. */
-#undef HAVE_SYS_VLIMIT_H
-
-/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
-#undef HAVE_SYS_WAIT_H
-
-/* Define if you have the `tcgetattr' function. */
-#undef HAVE_TCGETATTR
-
-/* Define if you have the `tcgetpgrp' function. */
-#undef HAVE_TCGETPGRP
-
-/* Define if you have the `tcsendbreak' function. */
-#undef HAVE_TCSENDBREAK
-
-/* Define if you have the `tcsetattr' function. */
-#undef HAVE_TCSETATTR
-
-/* Define if you have the `tcsetpgrp' function. */
-#undef HAVE_TCSETPGRP
-
-/* Define if you have the <termios.h> header file. */
-#undef HAVE_TERMIOS_H
-
-/* Define if you have the <termio.h> header file. */
-#undef HAVE_TERMIO_H
-
-/* Define if you have the <ttyent.h> header file. */
-#undef HAVE_TTYENT_H
-
-/* Define if you have the <types.h> header file. */
-#undef HAVE_TYPES_H
-
-/* Define if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define if you have the `unlockpt' function. */
-#undef HAVE_UNLOCKPT
-
-/* Define if you have the <usersec.h> header file. */
-#undef HAVE_USERSEC_H
-
-/* Define as the return type of signal handlers (`int' or `void'). */
-#undef RETSIGTYPE
-
-/* Define if the `setpgrp' function takes no argument. */
-#undef SETPGRP_VOID
-
-/* The size of a `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
-/* Define if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Define if you can safely include both <sys/time.h> and <time.h>. */
-#undef TIME_WITH_SYS_TIME
-
-/* Define if on AIX 3.
-   System headers sometimes define this.
-   We just want to avoid a redefinition error message.  */
-#ifndef _ALL_SOURCE
-# undef _ALL_SOURCE
-#endif
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `int' if <sys/types.h> does not define. */
-#undef mode_t
-
-/* Define if <signal.h> does not define sig_atomic_t */
-#undef sig_atomic_t

configure.ac

@@ -0,0 +1,899 @@
+dnl ### autoheader templates ########################################
+AH_TEMPLATE([CONFIGINVOCATION], [./configure invocation])
+AH_TEMPLATE([DEFPORT], [Socket used to communicate])
+AH_TEMPLATE([DEFBASEPORT], [Base socket used for secondary channel])
+AH_TEMPLATE([MASTERHOST], [Hostname of console server])
+AH_TEMPLATE([CONFIGFILE], [Config file path])
+AH_TEMPLATE([CLIENTCONFIGFILE], [Client config file path])
+AH_TEMPLATE([PASSWDFILE], [Password file path])
+AH_TEMPLATE([LOGFILEPATH], [Logfile path])
+AH_TEMPLATE([MAXMEMB], [Number of consoles per child process])
+AH_TEMPLATE([CONNECTTIMEOUT], [TCP connection timeout])
+AH_TEMPLATE([PIDFILE], [pidfile to write to])
+AH_TEMPLATE([USE_LIBWRAP], [use tcp_wrappers libwrap])
+dnl AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp])
+AH_TEMPLATE([HAVE_PAM], [have PAM support])
+AH_TEMPLATE([HAVE_OPENSSL], [have openssl support])
+AH_TEMPLATE([HAVE_GSSAPI], [have gss-api support])
+AH_TEMPLATE([HAVE_FREEIPMI], [have freeipmi support])
+AH_TEMPLATE([STRIP_REALM], [retry username without @REALM with gss-api authentication])
+AH_TEMPLATE([HAVE_DMALLOC], [have dmalloc support])
+AH_TEMPLATE([HAVE_SA_LEN],[Defined if sa_len member exists in struct sockaddr])
+AH_TEMPLATE([TRUST_REVERSE_DNS],[Defined if we trust reverse DNS])
+AH_TEMPLATE([USE_EXTENDED_MESSAGES],[Defined if we produce extended messages])
+AH_TEMPLATE([USE_UNIX_DOMAIN_SOCKETS],[Defined if we use Unix domain sockets])
+AH_TEMPLATE([USE_IPV6], [Defined if building with IPv6 support])
+AH_TEMPLATE([UDSDIR], [Directory for Unix domain sockets])
+AH_TEMPLATE([FOR_CYCLADES_TS], [Defined if building for a Cyclades TS])
+AH_TEMPLATE([REQ_SERVER_CERT], [Defined if client requires server SSL certificate])
+AH_TEMPLATE([TRUST_UDS_CRED], [Defined if we trust credentials from UDS client])
+
+dnl ### Normal initialization. ######################################
+AC_INIT([conserver],m4_esyscmd_s([./gen-version number]))
+AC_PREREQ(2.69)
+AC_CONFIG_SRCDIR([conserver/main.c])
+AC_CONFIG_HEADER(config.h)
+
+AC_DEFINE_UNQUOTED(CONFIGINVOCATION, "$0 $*")
+
+dnl ### Set some option defaults. ###################################
+if test -z "$CFLAGS"; then
+  CFLAGS="-O"
+fi
+MKDIR="mkdir -p -m 755"
+AC_SUBST(MKDIR)
+
+AC_SUBST(CONSERVER_VERSION, m4_esyscmd_s([./gen-version number]))
+AC_SUBST(CONSERVER_DATE, m4_esyscmd_s([./gen-version date]))
+
+
+dnl ### Custom settings. ############################################
+dnl AC_MSG_CHECKING(whether to allow 64bit compilation)
+dnl AC_ARG_WITH(64bit,
+dnl 	AC_HELP_STRING([--with-64bit],[Allow 64bit compilation]),
+dnl 		[case "$withval" in
+dnl 		    yes)
+dnl 			with_64bit=yes
+dnl 			;;
+dnl 		    *)
+dnl 			with_64bit=no
+dnl 			;;
+dnl 		esac], [with_64bit=no])
+dnl AC_MSG_RESULT($with_64bit)
+
+AC_MSG_CHECKING(for port number specification)
+AC_ARG_WITH(port,
+	AS_HELP_STRING([--with-port=PORT],[Specify port number @<:@conserver@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
+		AC_MSG_RESULT(port 'conserver')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(DEFPORT, "$withval")
+		AC_MSG_RESULT(port '$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
+	AC_MSG_RESULT(port 'conserver')])
+
+AC_MSG_CHECKING(for secondary channel base port)
+AC_ARG_WITH(base,
+	AS_HELP_STRING([--with-base=PORT], [Base port for secondary channel @<:@0@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
+		AC_MSG_RESULT(port '0')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(DEFBASEPORT, "$withval")
+		AC_MSG_RESULT(port '$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
+	AC_MSG_RESULT(port '0')])
+
+AC_MSG_CHECKING(for master conserver hostname)
+AC_ARG_WITH(master,
+	AS_HELP_STRING([--with-master=MASTER],[Specify master server hostname @<:@console@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(MASTERHOST, "console")
+		AC_MSG_RESULT('console')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(MASTERHOST, "$withval")
+		AC_MSG_RESULT('$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(MASTERHOST, "console")
+	AC_MSG_RESULT('console')])
+
+AC_MSG_CHECKING(for client configuration filename)
+AC_ARG_WITH(ccffile,
+	AS_HELP_STRING([--with-ccffile=CFFILE],[Specify client config filename @<:@SYSCONFDIR/console.cf@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, [SYSCONFDIR "/console.cf"])
+		AC_MSG_RESULT('$sysconfdir/console.cf')
+		;;
+	    [[\\/]]* | ?:[[\\/]]* )
+		AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, ["$withval"])
+		AC_MSG_RESULT('$withval')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, [SYSCONFDIR "/$withval"])
+		AC_MSG_RESULT('$sysconfdir/$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(CLIENTCONFIGFILE, [SYSCONFDIR "/console.cf"])
+	AC_MSG_RESULT('$sysconfdir/console.cf')])
+
+AC_MSG_CHECKING(for configuration filename)
+AC_ARG_WITH(cffile,
+	AS_HELP_STRING([--with-cffile=CFFILE],[Specify config filename @<:@SYSCONFDIR/conserver.cf@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
+		AC_MSG_RESULT('$sysconfdir/conserver.cf')
+		;;
+	    [[\\/]]* | ?:[[\\/]]* )
+		AC_DEFINE_UNQUOTED(CONFIGFILE, ["$withval"])
+		AC_MSG_RESULT('$withval')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/$withval"])
+		AC_MSG_RESULT('$sysconfdir/$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(CONFIGFILE, [SYSCONFDIR "/conserver.cf"])
+	AC_MSG_RESULT('$sysconfdir/conserver.cf')])
+
+AC_MSG_CHECKING(for password filename)
+AC_ARG_WITH(pwdfile,
+	AS_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename @<:@SYSCONFDIR/conserver.passwd@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
+		AC_MSG_RESULT('$sysconfdir/conserver.passwd')
+		;;
+	    [[\\/]]* | ?:[[\\/]]* )
+		AC_DEFINE_UNQUOTED(PASSWDFILE, ["$withval"])
+		AC_MSG_RESULT('$withval')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/$withval"])
+		AC_MSG_RESULT('$sysconfdir/$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(PASSWDFILE, [SYSCONFDIR "/conserver.passwd"])
+	AC_MSG_RESULT('$sysconfdir/conserver.passwd')])
+
+AC_MSG_CHECKING(for log filename)
+AC_ARG_WITH(logfile,
+	AS_HELP_STRING([--with-logfile=LOGFILE],[Specify log filename @<:@/var/log/conserver@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
+		AC_MSG_RESULT('/var/log/conserver')
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(LOGFILEPATH, "$withval")
+		AC_MSG_RESULT('$withval')
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
+	AC_MSG_RESULT('/var/log/conserver')])
+
+AC_SUBST(PIDFILE)
+AC_MSG_CHECKING(for PID filename)
+AC_ARG_WITH(pidfile,
+	AS_HELP_STRING([--with-pidfile=PIDFILE],[Specify PID filepath @<:@/var/run/conserver.pid@:>@]),
+	[case "$withval" in
+	    yes|no)
+		PIDFILE="/var/run/conserver.pid"
+		;;
+	    *)
+		PIDFILE="$withval"
+		;;
+	esac],
+	[PIDFILE="/var/run/conserver.pid"])
+AC_DEFINE_UNQUOTED(PIDFILE, "$PIDFILE")
+AC_MSG_RESULT('$PIDFILE')
+
+AC_MSG_CHECKING(for MAXMEMB setting)
+AC_ARG_WITH(maxmemb,
+	AS_HELP_STRING([--with-maxmemb=MAXMEMB],[Specify maximum consoles per process @<:@16@:>@]),
+	[case "$withval" in
+	    yes|no)
+		AC_DEFINE_UNQUOTED(MAXMEMB, 16)
+		AC_MSG_RESULT(16)
+		;;
+	    *)
+		if expr "$withval" : '[[0-9]]*$' >/dev/null 2>&1 &&
+		   test "$withval" -gt 0 -a "$withval" -lt 256; then
+		    AC_DEFINE_UNQUOTED(MAXMEMB, $withval)
+		    AC_MSG_RESULT($withval)
+		else
+		    AC_DEFINE_UNQUOTED(MAXMEMB, 16)
+		    AC_MSG_RESULT([value out of bounds (0<x<256) - setting to 16])
+		fi
+		;;
+	esac],
+	[AC_DEFINE_UNQUOTED(MAXMEMB, 16)
+	AC_MSG_RESULT(16)])
+
+AC_MSG_CHECKING(for connect() timeout)
+AC_ARG_WITH(timeout,
+	AS_HELP_STRING([--with-timeout=TIMEOUT],[Specify connect() timeout in seconds @<:@10@:>@]),
+	[if expr "$withval" : '[[0-9]]*$' >/dev/null 2>&1 &&
+	    test "$withval" -gt 0 -a "$withval" -lt 300; then
+		AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, $withval)
+		AC_MSG_RESULT($withval)
+	else
+		AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
+		AC_MSG_RESULT([value out of bounds (0<x<300) - setting to 10])
+	fi],
+	[AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
+	AC_MSG_RESULT(10)])
+
+AC_MSG_CHECKING(whether to trust reverse DNS)
+AC_ARG_WITH(trustrevdns,
+	AS_HELP_STRING([--with-trustrevdns],[Trust reverse DNS information]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(TRUST_REVERSE_DNS)
+		AC_MSG_RESULT(yes)
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+AC_MSG_CHECKING(whether to display extended messages)
+AC_ARG_WITH(extmsgs,
+	AS_HELP_STRING([--with-extmsgs],[Produce extended messages]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(USE_EXTENDED_MESSAGES)
+		AC_MSG_RESULT(yes)
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+use_dash_r=no
+AC_MSG_CHECKING(whether to use -R paths as well as -L)
+AC_ARG_WITH(rpath,
+	AS_HELP_STRING([--with-rpath],[Use -R as well as -L for libraries]),
+	[case "$withval" in
+	    yes|no)
+		AC_MSG_RESULT($withval)
+		use_dash_r=$withval
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],
+	[AC_MSG_RESULT(no)])
+
+AC_MSG_CHECKING(whether we are building for a Cyclades TS)
+AC_ARG_WITH(cycladests,
+	AS_HELP_STRING([--with-cycladests],[(deprecated - noop) Build for a Cyclades TS]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(FOR_CYCLADES_TS)
+		AC_MSG_RESULT(yes)
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+
+dnl ### Check for compiler et al. ###################################
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_LN_S
+AC_PROG_MAKE_SET
+
+dnl ### Compiler characteristics. ##################################
+AC_AIX
+AC_C_CONST
+
+dnl AC_CHECK_SIZEOF(long)
+dnl if test "$ac_cv_sizeof_long" -gt 4; then
+dnl     if test "$with_64bit" != "yes"; then
+dnl 	AC_MSG_ERROR([cannot build on >32bit systems (to override use --with-64bit)])
+dnl     else
+dnl 	AC_MSG_WARN([building a 64bit version of conserver - good luck!])
+dnl     fi
+dnl fi
+
+dnl ### Checks for header files. ###################################
+AC_HEADER_STDC
+AC_CHECK_HEADERS(sys/ioctl.h)
+
+AC_SYS_POSIX_TERMIOS
+if test "$ac_cv_sys_posix_termios" != "yes"; then
+    AC_MSG_ERROR([POSIX termios interface required])
+fi
+
+AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h sys/sockio.h sys/param.h sys/un.h)
+dnl sys/proc.h needs sys/param.h on openbsd, apparently
+AC_CHECK_HEADERS(sys/proc.h, [], [],
+[#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+])
+AC_HEADER_TIME
+AC_HEADER_SYS_WAIT
+AC_TYPE_MODE_T
+AC_TYPE_SIGNAL
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_UID_T
+
+AC_CHECK_TYPE([sig_atomic_t],,
+    AC_DEFINE(sig_atomic_t, volatile int,
+	[Define if <signal.h> does not define sig_atomic_t]),
+    [#include <signal.h>])
+
+AC_CHECK_TYPE([in_addr_t],[AC_DEFINE(HAVE_IN_ADDR_T,1,
+	[Defined if in_addr_t exists])],,[$ac_includes_default
+#include <netinet/in.h>])
+AC_CHECK_TYPE([socklen_t],[AC_DEFINE(HAVE_SOCKLEN_T,1,
+	[Defined if socklen_t exists])],,[$ac_includes_default
+#include <sys/socket.h>])
+
+AC_MSG_CHECKING(for sa_len in struct sockaddr)
+AC_TRY_COMPILE([#include <sys/types.h>
+	#include <sys/socket.h>],
+	[struct sockaddr s; s.sa_len=0;],
+	[AC_MSG_RESULT(yes)
+	 AC_DEFINE(HAVE_SA_LEN)],
+	[AC_MSG_RESULT(no)])
+
+
+dnl ### Host specific checks. ######################################
+AC_CANONICAL_HOST
+
+case "$host" in
+*-*-hpux*)
+    CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE_EXTENDED=1"
+    AC_CHECK_LIB(xnet,t_error,,AC_MSG_ERROR([-lxnet needed on HP-UX]))
+    AC_CHECK_LIB(sec,getspnam)
+    AC_CHECK_HEADERS(hpsecurity.h prot.h)
+    AC_CHECK_FUNCS(bigcrypt iscomsec getprpwnam)
+    ;;
+esac
+
+dnl ### Check for libraries. #######################################
+AC_SEARCH_LIBS(socket,socket)
+AC_SEARCH_LIBS(gethostbyname,nsl)
+AC_SEARCH_LIBS(crypt,crypt)
+
+AC_SUBST(CONSLIBS)
+AC_SUBST(CONSCPPFLAGS)
+AC_SUBST(CONSLDFLAGS)
+
+AC_MSG_CHECKING(whether to use Unix domain sockets)
+cons_with_uds="NO"
+AC_ARG_WITH(uds,
+	AS_HELP_STRING([--with-uds@<:@=DIR@:>@    ],
+	    [Use Unix domain sockets for client/server communication @<:@/tmp/conserver@:>@]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE_UNQUOTED(UDSDIR, "/tmp/conserver")
+		AC_DEFINE(USE_UNIX_DOMAIN_SOCKETS)
+		AC_MSG_RESULT([/tmp/conserver])
+		cons_with_uds="YES"
+		;;
+	    no)
+		AC_MSG_RESULT(no)
+		;;
+	    *)
+		AC_DEFINE_UNQUOTED(UDSDIR, "$withval")
+		AC_DEFINE(USE_UNIX_DOMAIN_SOCKETS)
+		AC_MSG_RESULT('$withval')
+		cons_with_uds="YES"
+		if expr "$withval" : '/' >/dev/null 2>&1; then
+		    :
+		else
+		    echo "*** WARNING *** you may have better success using a fully-qualified path"
+		    echo "*** WARNING *** instead of '$withval'"
+		fi
+		;;
+	esac
+	
+	if test $cons_with_uds = YES; then
+	    AC_MSG_CHECKING(whether to trust UDS credentials)
+	    AC_ARG_WITH(trust-uds-cred,
+		    AS_HELP_STRING([--with-trust-uds-cred],[Trust UDS credentials obtained via socket]),
+		    [case "$withval" in
+			yes)
+			    AC_TRY_COMPILE([#include <sys/types.h>
+				    #include <sys/socket.h>],
+				    [
+struct sockpeercred u;
+u.uid = 0;
+#if !defined(SO_PEERCRED)
+#error "no SO_PEERCRED defined"
+#endif
+				    ],
+				    [AC_MSG_RESULT(yes)
+				     AC_DEFINE(UDS_CRED_STYPE, sockpeercred, [Defined to UDS credential structure name])
+				     AC_DEFINE(UDS_CRED_UID, uid, [Defined to UDS credential structure uid field])
+				     AC_DEFINE(UDS_CRED_SO, SO_PEERCRED, [Defined to UDS credential socket option])
+				     AC_DEFINE(TRUST_UDS_CRED)],
+				    [
+					AC_TRY_COMPILE([#include <sys/types.h>
+						#include <sys/socket.h>],
+						[
+struct ucred u;
+u.euid = 0;
+#if !defined(SO_PEERCRED)
+#error "no SO_PEERCRED defined"
+#endif
+						],
+						[AC_MSG_RESULT(yes)
+						AC_DEFINE(UDS_CRED_STYPE, ucred, [Defined to UDS credential structure name])
+						AC_DEFINE(UDS_CRED_UID, uid, [Defined to UDS credential structure uid field])
+						AC_DEFINE(UDS_CRED_SO, SO_PEERCRED, [Defined to UDS credential socket option])
+						AC_DEFINE(TRUST_UDS_CRED)],
+						[
+							AC_TRY_COMPILE([#include <sys/types.h>
+								#include <sys/socket.h>],
+								[
+struct peercred_struct u;
+u.euid = 0;
+#if !defined(SO_PEERID)
+#error "no SO_PEERID defined"
+#endif
+								],
+								[AC_MSG_RESULT(yes)
+								 AC_DEFINE(UDS_CRED_STYPE, peercred_struct, [Defined to UDS credential structure name])
+								 AC_DEFINE(UDS_CRED_UID, euid, [Defined to UDS credential structure uid field])
+								 AC_DEFINE(UDS_CRED_SO, SO_PEERID, [Defined to UDS credential socket option])
+								 AC_DEFINE(TRUST_UDS_CRED)],
+								[AC_MSG_RESULT(no)]),
+						    ])
+				    ])
+			    ;;
+			*)
+			    AC_MSG_RESULT(no)
+			    ;;
+		    esac],[AC_MSG_RESULT(no)])
+	fi
+	],[AC_MSG_RESULT(no)])
+
+cons_with_libwrap="NO"
+AC_ARG_WITH(libwrap,
+    AS_HELP_STRING([--with-libwrap@<:@=PATH@:>@],
+	[Compile in libwrap (tcp_wrappers) support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    WRAPCPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		WRAPLDFLAGS="-L$withval/lib"
+	    else
+		WRAPLDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    WRAPCPPFLAGS=""
+	    WRAPLDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+
+	CPPFLAGS="$CPPFLAGS $WRAPCPPFLAGS"
+	LDFLAGS="$LDFLAGS $WRAPLDFLAGS"
+
+	AC_CHECK_HEADER(tcpd.h,
+	    [LIBS="$LIBS -lwrap"
+	    AC_MSG_CHECKING(for TCP wrappers library -lwrap)
+	    AC_TRY_LINK([#include <tcpd.h>
+		int allow_severity = 0;
+		int deny_severity  = 0;
+		],[hosts_access((void *)0)],
+		[AC_MSG_RESULT(yes)
+		 cons_with_libwrap="YES"
+		 AC_DEFINE(USE_LIBWRAP)
+		 CONSLIBS="$CONSLIBS -lwrap"
+		 CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
+		 CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
+		[AC_MSG_RESULT(no)
+		 LIBS="$LIBS -lnsl"
+		 AC_MSG_CHECKING(for TCP wrappers library -lwrap with -lnsl)
+		 AC_TRY_LINK([#include <tcpd.h>
+		    int allow_severity = 0;
+		    int deny_severity  = 0;
+		    ],[hosts_access((void *)0)],
+		    [AC_MSG_RESULT(yes)
+		     cons_with_libwrap="YES"
+		     AC_DEFINE(USE_LIBWRAP)
+		     CONSLIBS="$CONSLIBS -lwrap -lnsl"
+		     CONSLDFLAGS="$CONSLDFLAGS $WRAPLDFLAGS"
+		     CONSCPPFLAGS="$CONSCPPFLAGS $WRAPCPPFLAGS"],
+		    [AC_MSG_RESULT(no)])])],)
+	LIBS="$oLIBS"
+	CPPFLAGS="$oCPPFLAGS"
+	LDFLAGS="$oLDFLAGS"
+    fi]
+)
+
+cons_with_openssl="NO"
+AC_ARG_WITH(openssl,
+    AS_HELP_STRING([--with-openssl@<:@=PATH@:>@],
+	[Compile in OpenSSL support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    OPENSSLCPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		OPENSSLLDFLAGS="-L$withval/lib"
+	    else
+		OPENSSLLDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    OPENSSLCPPFLAGS=""
+	    OPENSSLLDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_openssl=no
+
+	CPPFLAGS="$CPPFLAGS $OPENSSLCPPFLAGS"
+	LDFLAGS="$LDFLAGS $OPENSSLLDFLAGS"
+
+	AC_CHECK_HEADER([openssl/ssl.h],
+	    [LIBS="$LIBS -lssl -lcrypto"
+	    AC_MSG_CHECKING(for openssl libraries -lssl and -lcrypto)
+	    AC_TRY_LINK([#include <openssl/ssl.h>
+		],[SSL_CTX_new(NULL)],
+		[AC_MSG_RESULT(yes)
+		cons_with_openssl="YES"
+		AC_DEFINE(HAVE_OPENSSL)
+		have_openssl=yes],
+		[AC_MSG_RESULT(no)])],)
+
+	if test $have_openssl = no; then
+	    LIBS="$oLIBS"
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	fi
+
+	AC_MSG_CHECKING(whether to require server cert)
+	AC_ARG_WITH(req-server-cert,
+		AS_HELP_STRING([--with-req-server-cert],[Require server SSL certificate by client]),
+		[case "$withval" in
+		    yes)
+			AC_DEFINE(REQ_SERVER_CERT)
+			AC_MSG_RESULT(yes)
+			;;
+		    *)
+			AC_MSG_RESULT(no)
+			;;
+		esac],[AC_MSG_RESULT(no)])
+    fi]
+)
+
+cons_with_gssapi="NO"
+cons_strip_realm="NO"
+AC_ARG_WITH(gssapi,
+    AS_HELP_STRING([--with-gssapi@<:@=PATH@:>@],
+	[Compile in GSS-API support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    GSSAPICPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		GSSAPILDFLAGS="-L$withval/lib"
+	    else
+		GSSAPILDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    GSSAPICPPFLAGS=""
+	    GSSAPILDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_gssapi=no
+
+	CPPFLAGS="$CPPFLAGS $GSSAPICPPFLAGS"
+	LDFLAGS="$LDFLAGS $GSSAPILDFLAGS"
+
+	AC_CHECK_HEADER([gssapi/gssapi.h],
+	    [LIBS="$oLIBS -lgssapi"
+	    AC_MSG_CHECKING(for gssapi library -lgssapi)
+	    AC_TRY_LINK([#include <gssapi/gssapi.h>
+			 #include <stdio.h>
+		],[gss_create_empty_oid_set(NULL, NULL)],
+		[AC_MSG_RESULT(yes)
+		cons_with_gssapi="YES"
+		AC_DEFINE(HAVE_GSSAPI)
+		have_gssapi=yes],
+		[AC_MSG_RESULT(no)
+		LIBS="$oLIBS -lgssglue"
+		AC_MSG_CHECKING(for gssapi library -lgssglue)
+		AC_TRY_LINK([#include <gssapi/gssapi.h>
+			     #include <stdio.h>
+		    ],[gss_create_empty_oid_set(NULL, NULL)],
+		    [AC_MSG_RESULT(yes)
+		    cons_with_gssapi="YES"
+		    AC_DEFINE(HAVE_GSSAPI)
+		    have_gssapi=yes],
+		    [AC_MSG_RESULT(no)
+		    LIBS="$oLIBS -lgss"
+		    AC_MSG_CHECKING(for gssapi library -lgss)
+		    AC_TRY_LINK([#include <gssapi/gssapi.h>
+				 #include <stdio.h>
+			],[gss_create_empty_oid_set(NULL, NULL)],
+			[AC_MSG_RESULT(yes)
+			cons_with_gssapi="YES"
+			AC_DEFINE(HAVE_GSSAPI)
+			have_gssapi=yes],
+			[AC_MSG_RESULT(no)
+			LIBS="$oLIBS -lgssapi_krb5"
+			AC_MSG_CHECKING(for gssapi library -lgssapi_krb5)
+			AC_TRY_LINK([#include <gssapi/gssapi.h>
+			],[gss_create_empty_oid_set(NULL, NULL)],
+			[AC_MSG_RESULT(yes)
+			cons_with_gssapi="YES"
+			AC_DEFINE(HAVE_GSSAPI)
+			have_gssapi=yes],
+			[AC_MSG_RESULT(no)])])])])],)
+
+
+	if test $have_gssapi = no; then
+	    LIBS="$oLIBS"
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	else
+	    AC_MSG_CHECKING(whether to fallback to username without @REALM)
+	    AC_ARG_WITH(striprealm,
+		    AS_HELP_STRING([--with-striprealm],[retry username without @REALM with gss-api authentication]),
+		    [case "$withval" in
+			yes)
+			    AC_DEFINE(STRIP_REALM)
+			    AC_MSG_RESULT(yes)
+			    cons_strip_realm="YES"
+			    ;;
+			*)
+			    AC_MSG_RESULT(no)
+			    ;;
+		    esac],[AC_MSG_RESULT(no)])
+	fi
+    fi]
+)
+
+cons_with_freeipmi="NO"
+AC_ARG_WITH(freeipmi,
+    AS_HELP_STRING([--with-freeipmi@<:@=PATH@:>@],
+	[Compile in FreeIPMI support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    FREEIPMICPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		FREEIPMILDFLAGS="-L$withval/lib"
+	    else
+		FREEIPMILDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    FREEIPMICPPFLAGS=""
+	    FREEIPMILDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_freeipmi=no
+
+	CPPFLAGS="$CPPFLAGS $FREEIPMICPPFLAGS"
+	LDFLAGS="$LDFLAGS $FREEIPMILDFLAGS"
+
+	AC_CHECK_HEADER([ipmiconsole.h],
+	    [LIBS="$LIBS -lipmiconsole"
+	    AC_MSG_CHECKING(for freeipmi libraries -lipmiconsole)
+	    AC_TRY_LINK([#include <ipmiconsole.h>
+		],[ipmiconsole_ctx_fd(0)],
+		[AC_MSG_RESULT(yes)
+		cons_with_freeipmi="YES"
+		AC_DEFINE(HAVE_FREEIPMI)
+		CONSLIBS="$CONSLIBS -lipmiconsole"
+		have_freeipmi=yes],
+		[AC_MSG_RESULT(no)])],)
+
+	LIBS="$oLIBS"
+	if test $have_freeipmi = no; then
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	fi
+    fi]
+)
+
+cons_with_dmalloc="NO"
+AC_ARG_WITH(dmalloc,
+    AS_HELP_STRING([--with-dmalloc@<:@=PATH@:>@],
+	[Compile in dmalloc support]),
+    [if test "$withval" != "no"; then
+	if test "$withval" != "yes"; then
+	    DMALLOCCPPFLAGS="-I$withval/include"
+	    if test "$use_dash_r" != "yes"; then
+		DMALLOCLDFLAGS="-L$withval/lib"
+	    else
+		DMALLOCLDFLAGS="-L$withval/lib -R$withval/lib"
+	    fi
+	else
+	    DMALLOCCPPFLAGS=""
+	    DMALLOCLDFLAGS=""
+	fi
+
+	oCPPFLAGS="$CPPFLAGS"
+	oLDFLAGS="$LDFLAGS"
+	oLIBS="$LIBS"
+	have_dmalloc=no
+
+	CPPFLAGS="$CPPFLAGS $DMALLOCCPPFLAGS"
+	LDFLAGS="$LDFLAGS $DMALLOCLDFLAGS"
+
+	AC_CHECK_HEADER([dmalloc.h],
+	    [LIBS="$LIBS -ldmalloc"
+	    AC_MSG_CHECKING(for dmalloc libraries -ldmalloc)
+	    AC_TRY_LINK([#include <dmalloc.h>
+		],[dmalloc_debug(0)],
+		[AC_MSG_RESULT(yes)
+		cons_with_dmalloc="YES"
+		AC_DEFINE(HAVE_DMALLOC)
+		have_dmalloc=yes],
+		[AC_MSG_RESULT(no)])],)
+
+	if test $have_dmalloc = no; then
+	    LIBS="$oLIBS"
+	    CPPFLAGS="$oCPPFLAGS"
+	    LDFLAGS="$oLDFLAGS"
+	fi
+    fi]
+)
+
+
+dnl ### Check for needed functions. ################################
+
+dnl dnl The following basically stollen from the less-358 distribution, but
+dnl dnl modified for my own purposes
+dnl AC_MSG_CHECKING(for POSIX regex)
+dnl AC_ARG_WITH(regex,
+dnl     AC_HELP_STRING([--with-regex],
+dnl 	[Use regular expressions in conserver.passwd]),
+dnl 	[if test "$withval" = yes; then
+dnl 	    AC_TRY_RUN([
+dnl 		#include <sys/types.h>
+dnl 		#include <regex.h>
+dnl 		main() { regex_t r; regmatch_t rm; char *text = "xabcy";
+dnl 		if (regcomp(&r, "abc", 0)) exit(1);
+dnl 		if (regexec(&r, text, 1, &rm, 0)) exit(1);
+dnl 		if (rm.rm_so != 1) exit(1); /* check for correct offset */
+dnl 		exit(0); }
+dnl 	    ],have_posix_regex=yes,have_posix_regex=no,have_posix_regex=unknown)
+dnl 	    if test $have_posix_regex = yes; then
+dnl 	      AC_MSG_RESULT(yes)
+dnl 	      AC_DEFINE(HAVE_POSIX_REGCOMP)
+dnl 	    elif test $have_posix_regex = unknown; then
+dnl 		AC_TRY_LINK([
+dnl 		    #include <sys/types.h>
+dnl 		    #include <regex.h>],
+dnl 		[regex_t *r; regfree(r);],
+dnl 		AC_MSG_RESULT(yes)
+dnl 		AC_DEFINE(HAVE_POSIX_REGCOMP))
+dnl 	    else
+dnl 	      AC_MSG_RESULT(no)
+dnl 	    fi
+dnl 	else
+dnl 	    AC_MSG_RESULT(no)
+dnl 	fi],[AC_MSG_RESULT(no)])
+
+cons_with_pam="NO"
+AC_MSG_CHECKING(for PAM support)
+AC_ARG_WITH(pam,
+    AS_HELP_STRING([--with-pam],
+	[Enable PAM support]),
+	[if test "$withval" = yes; then
+	    oLIBS="$LIBS"
+
+	    AC_CHECK_HEADER(security/pam_appl.h,
+		[LIBS="$LIBS -lpam"
+		AC_MSG_CHECKING(for PAM library -lpam)
+		AC_TRY_LINK_FUNC([pam_start],
+		    [AC_MSG_RESULT(yes)
+		    cons_with_pam="YES"
+		    AC_DEFINE(HAVE_PAM)
+		    CONSLIBS="$CONSLIBS -lpam"],
+		    [LIBS="$LIBS -ldl"
+		    AC_MSG_RESULT(no)
+		    AC_MSG_CHECKING(for PAM library -lpam with -ldl)
+		    AC_TRY_LINK_FUNC([pam_end],
+			[AC_MSG_RESULT(yes)
+			cons_with_pam="YES"
+			AC_DEFINE(HAVE_PAM)
+			CONSLIBS="$CONSLIBS -lpam -ldl"],
+			[AC_MSG_RESULT(no)])])],)
+
+	    LIBS="$oLIBS"
+	else
+	    AC_MSG_RESULT(no)
+	fi],[AC_MSG_RESULT(no)])
+
+cons_with_ipv6="NO"
+AC_MSG_CHECKING(whether to support IPv6)
+AC_ARG_WITH(ipv6,
+	AS_HELP_STRING([--with-ipv6],
+	    [(experimental) Use IPv6 for client/server communication]),
+	[case "$withval" in
+	    yes)
+		AC_DEFINE(USE_IPV6)
+		AC_MSG_RESULT(yes)
+		cons_with_ipv6="YES"
+		;;
+	    *)
+		AC_MSG_RESULT(no)
+		;;
+	esac],[AC_MSG_RESULT(no)])
+
+
+dnl Checks for pty allocation...
+dnl According to the xemacs distribution:
+dnl   getpt()  is the preferred pty allocation method on glibc systems.
+dnl   _getpty() is the preferred pty allocation method on SGI systems.
+dnl   grantpt(), unlockpt(), ptsname() are defined by Unix98.
+dnl   openpty() is the preferred pty allocation method on BSD and Tru64 systems.
+dnl   openpty() might be declared in:
+dnl   - pty.h (Tru64 or Linux)
+dnl   - libutil.h (FreeBSD)
+dnl   - util.h (NetBSD)
+dnl Conserver doesn't support getpt() or _getpt() yet.
+AC_CHECK_HEADERS(pty.h libutil.h util.h)
+AC_CHECK_LIB(util, openpty)
+AC_CHECK_FUNCS(openpty)
+
+AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt sigaction setsockopt getdtablesize putenv memset memcpy memcmp memmove sysconf getlogin inet_aton setproctitle gettimeofday strlcpy closefrom nanosleep)
+AC_CHECK_FUNC(strcasecmp,
+	[AC_DEFINE(HAVE_STRCASECMP, 1, [Define if strcasecmp is available])],
+	[AC_CHECK_FUNC(stricmp,
+		[AC_DEFINE(HAVE_STRICMP, 1, [Define if stricmp is available])],
+		[AC_MSG_ERROR([strcasecmp or stricmp must be available])])])
+
+dnl    Checks for libbsm functions
+AC_CHECK_HEADERS(bsm/audit.h)
+AC_CHECK_LIB(bsm, getaudit)
+AC_CHECK_FUNCS(getaudit getaudit_addr)
+
+
+dnl ### Create output files. #######################################
+AC_CONFIG_FILES([Makefile conserver/Makefile conserver.cf/Makefile console/Makefile autologin/Makefile contrib/chat/Makefile])
+AC_CONFIG_FILES([conserver/conserver.rc], [chmod +x conserver/conserver.rc])
+AC_CONFIG_FILES([conserver.cf/conserver.cf.man conserver.cf/conserver.passwd.man conserver/conserver.man console/console.man])
+AC_OUTPUT
+
+[
+echo "=============================================================="
+echo "                      Feature Summary"
+echo ""
+echo "  Unix domain sockets (--with-uds)       : $cons_with_uds"
+echo "         TCP wrappers (--with-libwrap)   : $cons_with_libwrap"
+echo "              OpenSSL (--with-openssl)   : $cons_with_openssl"
+echo "              GSS-API (--with-gssapi)    : $cons_with_gssapi"
+echo "             FreeIPMI (--with-freeipmi)  : $cons_with_freeipmi"
+if [ $cons_with_gssapi = "YES" ]; then
+echo "         strip @REALM (--with-striprealm): $cons_strip_realm"
+fi
+echo "              dmalloc (--with-dmalloc)   : $cons_with_dmalloc"
+echo "          PAM support (--with-pam)       : $cons_with_pam"
+echo "         IPv6 support (--with-ipv6)      : $cons_with_ipv6"
+echo ""
+echo "=============================================================="
+]

configure.in

@@ -1,264 +0,0 @@
-dnl ### Normal initialization. ######################################
-AC_INIT
-AC_CONFIG_SRCDIR([conserver/main.c])
-AC_CONFIG_HEADER(config.h)
-
-AC_DEFINE_UNQUOTED(CONFIGINVOCATION, "$0 $@")
-
-dnl ### Set some option defaults. ###################################
-if test -z "$CFLAGS"; then
-  CFLAGS="-O"
-fi
-MKDIR="mkdir -p -m 755"
-AC_SUBST(MKDIR)
-
-
-dnl ### Custom settings. ############################################
-ac_cv_allow_64bit=no
-AC_MSG_CHECKING(whether to allow 64bit compilation)
-AC_ARG_WITH(64bit,
-	AC_HELP_STRING([--with-64bit],[Allow 64bit compilation]),
-	[if test "$withval" = yes; then
-		ac_cv_allow_64bit=yes
-	fi])
-AC_MSG_RESULT($ac_cv_allow_64bit)
-
-AC_MSG_CHECKING(for port number specification)
-AC_ARG_WITH(port,
-	AC_HELP_STRING([--with-port=PORT],[Specify port number @<:@conserver@:>@]),
-	[if test "$withval" != yes -a "$withval" != no; then
-		AC_DEFINE_UNQUOTED(DEFPORT, "$withval")
-		AC_MSG_RESULT(port '$withval')
-	else
-		AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
-		AC_MSG_RESULT(port 'conserver')
-	fi],
-	[AC_DEFINE_UNQUOTED(DEFPORT, "conserver")
-	AC_MSG_RESULT(port 'conserver')])
-
-AC_MSG_CHECKING(for secondary channel base port)
-AC_ARG_WITH(base,
-	AC_HELP_STRING([--with-base=PORT], [Base port for secondary channel @<:@0@:>@]),
-	[if test "$withval" != yes -a "$withval" != no; then
-		AC_DEFINE_UNQUOTED(DEFBASEPORT, "$withval")
-		AC_MSG_RESULT(port '$withval')
-	else
-		AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
-		AC_MSG_RESULT(port '0')
-	fi],
-	[AC_DEFINE_UNQUOTED(DEFBASEPORT, "0")
-	AC_MSG_RESULT(port '0')])
-
-AC_MSG_CHECKING(for master conserver hostname)
-AC_ARG_WITH(master,
-	AC_HELP_STRING([--with-master=MASTER],[Specify master server hostname @<:@console@:>@]),
-	[if test "$withval" != yes; then
-		AC_DEFINE_UNQUOTED(MASTERHOST, "$withval")
-		AC_MSG_RESULT('$withval')
-	else
-		AC_DEFINE_UNQUOTED(MASTERHOST, "console")
-		AC_MSG_RESULT('console')
-	fi],
-	[AC_DEFINE_UNQUOTED(MASTERHOST, "console")
-	AC_MSG_RESULT('console')])
-
-AC_MSG_CHECKING(for configuration filename)
-AC_ARG_WITH(cffile,
-	AC_HELP_STRING([--with-cffile=CFFILE],[Specify config filename @<:@conserver.cf@:>@]),
-	[if test "$withval" != yes; then
-		AC_DEFINE_UNQUOTED(CONFIGFILE, "$withval")
-		AC_MSG_RESULT('$sysconfdir/$withval')
-	else
-		AC_DEFINE_UNQUOTED(CONFIGFILE, "conserver.cf")
-		AC_MSG_RESULT('$sysconfdir/conserver.cf')
-	fi],
-	[AC_DEFINE_UNQUOTED(CONFIGFILE, "conserver.cf")
-	AC_MSG_RESULT('$sysconfdir/conserver.cf')])
-
-AC_MSG_CHECKING(for password filename)
-AC_ARG_WITH(pwdfile,
-	AC_HELP_STRING([--with-pwdfile=PWDFILE],[Specify password filename @<:@conserver.passwd@:>@]),
-	[if test "$withval" != yes; then
-		AC_DEFINE_UNQUOTED(PASSWDFILE, "$withval")
-		AC_MSG_RESULT('$sysconfdir/$withval')
-	else
-		AC_DEFINE_UNQUOTED(PASSWDFILE, "conserver.passwd")
-		AC_MSG_RESULT('$sysconfdir/conserver.passwd')
-	fi],
-	[AC_DEFINE_UNQUOTED(PASSWDFILE, "conserver.passwd")
-	AC_MSG_RESULT('$sysconfdir/conserver.passwd')])
-
-AC_MSG_CHECKING(for log filename)
-AC_ARG_WITH(logfile,
-	AC_HELP_STRING([--with-logfile=LOGFILE],[Specify log filename @<:@/var/log/conserver@:>@]),
-	[if test "$withval" != yes; then
-		AC_DEFINE_UNQUOTED(LOGFILEPATH, "$withval")
-		AC_MSG_RESULT('$withval')
-	else
-		AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
-		AC_MSG_RESULT('/var/log/conserver')
-	fi],
-	[AC_DEFINE_UNQUOTED(LOGFILEPATH, "/var/log/conserver")
-	AC_MSG_RESULT('/var/log/conserver')])
-
-AC_MSG_CHECKING(for PID filename)
-AC_ARG_WITH(pidfile,
-	AC_HELP_STRING([--with-pidfile=PIDFILE],[Specify PID filepath @<:@/var/run/conserver.pid@:>@]),
-	[if test "$withval" != yes; then
-		AC_DEFINE_UNQUOTED(PIDFILE, "$withval")
-		AC_MSG_RESULT('$withval')
-	else
-		AC_DEFINE_UNQUOTED(PIDFILE, "/var/run/conserver.pid")
-		AC_MSG_RESULT('/var/run/conserver.pid')
-	fi],
-	[AC_DEFINE_UNQUOTED(PIDFILE, "/var/run/conserver.pid")
-	AC_MSG_RESULT('/var/run/conserver.pid')])
-
-AC_MSG_CHECKING(for MAXMEMB setting)
-AC_ARG_WITH(maxmemb,
-	AC_HELP_STRING([--with-maxmemb=MAXMEMB],[Specify maximum consoles per process @<:@16@:>@]),
-	[if test "$withval" != yes; then
-		AC_DEFINE_UNQUOTED(MAXMEMB, $withval)
-		AC_MSG_RESULT($withval)
-	else
-		AC_DEFINE_UNQUOTED(MAXMEMB, 16)
-		AC_MSG_RESULT(16)
-	fi],
-	[AC_DEFINE_UNQUOTED(MAXMEMB, 16)
-	AC_MSG_RESULT(16)])
-
-AC_MSG_CHECKING(for connect() timeout)
-AC_ARG_WITH(timeout,
-	AC_HELP_STRING([--with-timeout=TIMEOUT],[Specify connect() timeout in seconds @<:@10@:>@]),
-	[if test "$withval" -gt 0 -o "$withval" -lt 300; then
-		AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, $withval)
-		AC_MSG_RESULT($withval)
-	else
-		AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
-		AC_MSG_RESULT(10)
-	fi],
-	[AC_DEFINE_UNQUOTED(CONNECTTIMEOUT, 10)
-	AC_MSG_RESULT(10)])
-
-dnl ### Check for compiler et al. ###################################
-AC_PROG_CC
-AC_PROG_INSTALL
-AC_PROG_LN_S
-AC_PROG_MAKE_SET
-dnl ### Compiler characteristics. ##################################
-AC_AIX
-AC_PROG_CC_STDC
-AC_C_CONST
-
-AC_CHECK_SIZEOF(long)
-if test "$ac_cv_sizeof_long" -gt 4; then
-    if test "$ac_cv_allow_64bit" != "yes"; then
-	AC_MSG_ERROR([cannot build on >32bit systems (to override use --with-64bit)])
-    else
-	AC_MSG_WARN([building a 64bit version of conserver - good luck!])
-    fi
-fi
-
-if test "$ac_cv_prog_cc_stdc" != "no"; then
-    AC_DEFINE_UNQUOTED(USE_ANSI_PROTO, 1)
-fi
-
-dnl ### Checks for header files. ###################################
-AC_HEADER_STDC
-AC_CHECK_HEADERS(sys/ioctl.h)
-
-dnl ### POSIX terminal I/O
-AC_CHECK_HEADERS(termios.h)
-if test "$ac_cv_header_termios_h" != "yes"; then
-  dnl ### SysV terminal I/O
-  AC_CHECK_HEADERS(termio.h)
-  if test "$ac_cv_header_termio_h" != "yes"; then
-    dnl ### BSD terminal I/O
-    AC_CHECK_HEADERS(sgtty.h)
-    if test "$ac_cv_header_sgtty_h" != "yes"; then
-      AC_MSG_ERROR([no usable terminal interface detected])
-    fi
-  fi
-fi
-
-AC_CHECK_HEADERS(unistd.h getopt.h sys/vlimit.h sys/resource.h ttyent.h sys/ttold.h sys/uio.h sys/proc.h sys/ioctl_compat.h usersec.h sys/select.h stropts.h sys/audit.h shadow.h sys/time.h crypt.h sysexits.h types.h)
-AC_HEADER_TIME
-AC_HEADER_SYS_WAIT
-AC_TYPE_MODE_T
-AC_TYPE_SIGNAL
-
-AC_CACHE_CHECK([if sig_atomic_t is defined], ac_cv_type_sig_atomic_t,
-  AC_TRY_LINK([
-    #include <signal.h>
-  ], [
-    sig_atomic_t sigatom;
-    sigatom = 1;
-  ],
-    ac_cv_type_sig_atomic_t=yes,
-    ac_cv_type_sig_atomic_t=no
-  )
-)
-if test "$ac_cv_type_sig_atomic_t" != "yes"; then
-  AC_DEFINE(sig_atomic_t, volatile int, [Define if <signal.h> does not define sig_atomic_t])
-fi
-
-AC_CHECK_TYPES(in_addr_t,,,[$ac_includes_default
-#include <netinet/in.h>])
-
-
-dnl ### Check for libraries. #######################################
-AC_SEARCH_LIBS(socket,socket)
-AC_SEARCH_LIBS(gethostbyname,nsl)
-AC_SEARCH_LIBS(crypt,crypt)
-
-AC_SUBST(WRAPLIBS)
-AC_SUBST(WRAPINCS)
-AC_ARG_WITH(libwrap,
-    AC_HELP_STRING([--with-libwrap@<:@=PATH@:>@],
-	[Compile in libwrap (tcp_wrappers) support]),
-    [if test "$with_libwrap" != "no"; then
-	if test "$with_libwrap" != "yes"; then
-	    WRAPCPPFLAGS="-I$with_libwrap/include"
-	    WRAPLDFLAGS="-L$with_libwrap/lib"
-	else
-	    WRAPCPPFLAGS=""
-	    WRAPLDFLAGS=""
-	fi
-
-	oCPPFLAGS="$CPPFLAGS"
-	oLDFLAGS="$LDFLAGS"
-	oLIBS="$LIBS"
-
-	CPPFLAGS="$CPPFLAGS $WRAPCPPFLAGS"
-	LDFLAGS="$LDFLAGS $WRAPLDFLAGS"
-
-	AC_MSG_CHECKING(for TCP wrappers header tcpd.h)
-	AC_CHECK_HEADER(tcpd.h,
-	    [LIBS="$LIBS -lwrap"
-	    AC_MSG_CHECKING(for TCP wrappers library -lwrap)
-	    AC_TRY_LINK([#include <tcpd.h>
-		int allow_severity = 0;
-		int deny_severity  = 0;
-		],[hosts_access((void *)0)],
-		[AC_MSG_RESULT(yes)
-		AC_DEFINE(USE_LIBWRAP)
-		WRAPLIBS="$WRAPLDFLAGS -lwrap"
-		WRAPINCS="$WRAPCPPFLAGS"],
-		[AC_MSG_RESULT(no)])],)
-
-	LIBS="$oLIBS"
-	CPPFLAGS="$oCPPFLAGS"
-	LDFLAGS="$oLDFLAGS"
-    fi]
-)
-
-
-dnl ### Check for needed functions. ################################
-AC_CHECK_FUNCS(getopt strerror getrlimit getsid setsid getuserattr setgroups tcgetpgrp tcsetpgrp tcgetattr tcsetattr tcsendbreak setpgrp getutent setttyent getspnam setlinebuf setvbuf ptsname grantpt unlockpt flock sigaction setsockopt getdtablesize putenv memset memcpy memcmp sysconf getpassphrase getlogin)
-AC_FUNC_SETPGRP
-
-
-dnl ### Create output files. #######################################
-AC_SUBST(LIBOBJS)
-AC_CONFIG_FILES([Makefile conserver/Makefile conserver.cf/Makefile console/Makefile autologin/Makefile])
-AC_OUTPUT

conserver.cf/INSTALL

@@ -1,19 +1,7 @@
 The two files you need to set up are the conserver.cf and conserver.passwd
-files.  See the sample conserver.cf and conserver.passwd files
-for examples.  You can start with those and then modify extensively.
-The man page for conserver.cf should explain that file with enough detail
-to get you going.
-
-As for the conserver.passwd file, here are some instructions.  The file
-contains three fields seperated by colons: <username>:<passwd>:<hosts>.
-The <passwd> field should either be an encrypted password or the special
-string '*passwd*', which will cause the console server to do a getpwnam()
-call.  The <hosts> field can be a comma seperated list of console names
-(from conserver.cf) or the special string 'any'.  Access for the user
-is only granted to the hosts listed here (or all if 'any' is used).
+files.  See the sample conserver.cf and conserver.passwd files for examples
+(installed in <DATADIR>/examples/conserver).  You can start with those and
+then modify extensively.  The man page for conserver.cf and conserver.passwd
+should explain the files with enough detail to get you going.
 
 That's about it.  Good luck.
-
-#
-#  $Id: INSTALL,v 1.2 1999-08-24 13:45:00-07 bryan Exp $
-#

conserver.cf/Makefile.in

@@ -1,8 +1,11 @@
 ### Path settings
+datarootdir = @datarootdir@
 srcdir = @srcdir@
 prefix = @prefix@
 mandir = @mandir@
 sysconfdir = @sysconfdir@
+datadir = @datadir@
+exampledir = $(datadir)/examples/conserver
 
 ### Installation programs and flags
 INSTALL = @INSTALL@
@@ -22,7 +25,10 @@ distclean: clean
 
 install:
 	$(MKDIR) $(DESTDIR)$(mandir)/man5
-	$(INSTALL) conserver.cf.man $(DESTDIR)$(mandir)/man5/conserver.cf.5
-	$(INSTALL) conserver.passwd.man $(DESTDIR)$(mandir)/man5/conserver.passwd.5
+	$(INSTALL) -m 0644 conserver.cf.man $(DESTDIR)$(mandir)/man5/conserver.cf.5
+	$(INSTALL) -m 0644 conserver.passwd.man $(DESTDIR)$(mandir)/man5/conserver.passwd.5
+	$(MKDIR) $(DESTDIR)$(exampledir)
+	$(INSTALL) -m 0644 conserver.cf $(DESTDIR)$(exampledir)
+	$(INSTALL) -m 0644 conserver.passwd $(DESTDIR)$(exampledir)
 
 .PHONY: clean distclean install

conserver.cf/conserver.cf

@@ -1,26 +1,114 @@
 #
-# $Id: conserver.cf,v 1.4 2001-06-28 10:24:01-07 bryan Exp $
+# Sample conserver.cf file, to give you ideas of what you can do with
+# the various configuration items.
 #
-# The character '&' in logfile names are substituted with the console
-# name.  Any logfile name that doesn't begin with a '/' has LOGDIR
-# prepended to it.  So, most consoles will just have a '&' as the logfile
-# name which causes /var/consoles/<consolename> to be used.
-#
-LOGDIR=/var/consoles
-#
-# list of consoles we serve
-#    name : tty[@host] : baud[parity] : logfile : [mark-interval(m|h|d|l)][+]
-#    name : !host : port : logfile : [mark-interval(m|h|d|l)][+]
-#    name : |command : : logfile : [mark-interval(m|h|d|l)][+]
-#
-tweety:!ts1:2002:&:
-bambam:!ts1:2003:&:
-shell:|::/dev/null:
-telnet:|telnet host::/dev/null:
-ttya:/dev/ttya:9600p:&:
-%%
-#
-# list of clients we allow
-# {trusted|allowed|rejected} : machines
-#
-allowed: 127.0.0.1 gnac.com
+
+### set up global access
+default full	{ rw *; }
+
+### define some terminal server specifics
+# we set portbase and portinc so we can reference the ports in a
+# physical representation and let conserver do the math to figure
+# out the actual socket address
+default cisco	{ type host; portbase 2000; portinc 1; }
+default xyplex	{ type host; portbase 2000; portinc 100; }
+default iolan	{ type host; portbase 10000; portinc 1; }
+
+### set up some custom break sequences
+break 4 { string "+\d+\d+"; delay 300; }
+break 5 { string "\033c"; }
+
+### set the defaults for all the consoles
+# these get applied before anything else
+default * {
+	# The '&' character is substituted with the console name
+	logfile /var/consoles/&;
+	# timestamps every hour with activity and break logging
+	timestamp 1hab;
+	# include the 'full' default
+	include full;
+	# master server is localhost
+	master localhost;
+}
+
+### define the first terminal server
+default ts1.conserver.com {
+	# use the xyplex defaults
+	include xyplex;
+	# host to connect to is ts1.conserver.com
+	host ts1.conserver.com;
+	# run login-xyplex when connecting to the term server
+	initcmd /usr/local/sbin/login-xyplex;
+}
+
+# now define the consoles on ts1.conserver.com
+# bryan isn't allowed on web1.conserver.com
+console web1.conserver.com { include ts1.conserver.com; port 2; rw !bryan; }
+console ns1.conserver.com { include ts1.conserver.com; port 10; }
+console ns2.conserver.com { include ts1.conserver.com; port 8; }
+
+### define the second terminal server
+# this one is a cisco, with simple socket connections
+default ts2.conserver.com { include cisco; host ts2.conserver.com; }
+
+# and the consoles on ts2.conserver.com
+console ldap1.conserver.com { include ts2.conserver.com; port 7; }
+
+### and now some one-off consoles
+# we still inherit the '*' default set
+# a simple ssh invocation
+console ssh {
+	type exec;
+	exec ssh localhost;
+	# provide a 'message-of-the-day'
+	motd "just a simple ssh to localhost";
+}
+
+# connect to /dev/ttya
+console ttya {
+	type device;
+	device /dev/ttya; parity none; baud 9600;
+	idlestring "#";
+	idletimeout 5m;		# send a '#' every 5 minutes of idle
+	timestamp "";		# no timestamps on this console
+}
+
+### define a group of users
+group sysadmin {
+    users bryan, todd;
+    users dave;
+}
+
+### reset the defaults for the next set of consoles
+# again, these get applied before anything else
+default * {
+	# The '&' character is substituted with the console name
+	logfile /var/consoles/&;
+	timestamp 5m;
+	rw sysadmin;  # use the group defined above
+	master localhost;
+}
+
+default cyclades {
+	# sets up /dev/ttyC0 through /dev/ttyC31, for a 32 port card
+	# referenced as ports 1 through 32
+	type device;
+	device /dev/ttyC.;
+	devicesubst .=Pd;
+	portbase -1;
+	portinc 1;
+	host none; # not really used, since devicesubst doesn't use it
+	baud 9600;
+	parity none;
+}
+
+console modem1.conserver.com { include cyclades; port 2; break 4; }
+# todd isn't allowed on modem2.conserver.com
+console modem2.conserver.com { include cyclades; port 6; rw !todd; }
+
+### list of clients we allow
+access * {
+	allowed 10.0.0.0/8 192.168.0.0/16;
+	allowed cs1.conserver.com cs2.conserver.com cs3.conserver.com;
+	trusted 127.0.0.1;
+}

conserver.cf/conserver.cf.man

@@ -1,235 +0,0 @@
-.\" $Id: conserver.cf.man,v 1.23 2002-01-20 21:14:43-08 bryan Exp $
-.\" @(#)constab.5 01/06/91 OSU CIS; Thomas A. Fine
-.TH CONSERVER.CF 5 "Local"
-.SH NAME
-conserver.cf \- console configuration file for conserver(8)
-.SH SYNOPSIS
-.br
-.BI \s-1LOGDIR\s0= logdirectory
-.br
-.BI \s-1TIMESTAMP\s0= timestamp-spec
-.br
-.BI \s-1BREAK\s0\fIn\fP= break-spec
-.br
-\fIname\fP:\fIdevice\fP[@\fIconserver\fP]:\fIbaud\fP:\fIlogfile\fP:\fItimestamp-spec\fP:\fIbreak\fP
-.br
-\fIname\fP:!\fItermserver\fP[@\fIconserver\fP]:\fIport\fP:\fIlogfile\fP:\fItimestamp-spec\fP:\fIbreak\fP
-.br
-\fIname\fP:|\fIcommand\fP[@\fIconserver\fP]::\fIlogfile\fP:\fItimestamp-spec\fP:\fIbreak\fP
-.br
-\fB%%\fP
-.br
-\fIaccess\fP: \fIhosts\fP
-.SH DESCRIPTION
-.B Conserver.cf
-is the configuration file for
-.BR conserver (8).
-It is read once upon startup;
-modifications to the file take effect only upon restarting \fBconserver\fP.
-.PP
-Blank lines and comment lines (those beginning with a ``#'' and
-optional leading whitespace) are ignored.  Non-ignored lines
-beginning with whitespace are considered continuations of the
-previous line.  This allows you to span one logical line over
-many physical lines and insert comments wherever appropriate.
-.PP
-The first section of the file has logical lines that are separated into
-five colon-separated fields.  Leading and trailing white space in each
-field is ignored.
-.TP
-.I name
-the unique name by which this connection is referred to
-when using the \fBconsole\fP program.
-This is typically the name of the host whose console is being monitored.
-.TP
-.I device
-the full path name of the device for this line.
-The \fIbaud\fP rate is the speed and parity for this console.
-Speed may be given as an integer,
-parity only requires the first letter of any of: even, odd, mark, space.
-For no parity, use the character `p'.
-.TP
-.BI ! termserver
-the hostname of the terminal server to connect to.
-A socket connection will be made to port \fIport\fP (an integer).
-.TP
-.BI | command
-the command to invoke on the console server.
-.PP
-\fIdevice\fP, !\fItermserver\fP, and |\fIcommand\fP may be followed by
-a remote console server name in the form ``\fB@\fP\fIconserver\fP'',
-in which case the conserver daemon will send connections for \fIname\fP
-to the conserver running on the host named \fIconserver\fP.
-When the ``\fB@\fP\fIconserver\fP'' notation is used,
-\fBconserver\fP recognizes consoles it should manage locally
-by comparing the IP address of \fIconserver\fP
-against the IP address of the name returned by gethostname().
-Thus, it will recognize host aliases, but not names that map to
-different IP addresses that may exist on the same host,
-so care must be used in specifying the hostname.
-Since \fBconserver\fP does recognize its own hostname,
-the same cf file may be used by all servers in a network
-if every console line includes a ``\fB@\fP\fIconserver\fP'' specification.
-.TP
-.I logfile
-the full path name of file where all output from
-this host is logged.  Any occurrence of `&' will be replaced with
-\fIname\fP.  Any path that doesn't begin with a `/' will
-have \fIlogdirectory\fP (as specified in the nearest preceding
-\fB\s-1LOGDIR=\s0\fP
-line) prepended to it.
-.TP
-.I timestamp-spec
-specifies the time between
-timestamps applied to the console log file and
-whether to log read/write connection actions.
-The format of the specification is
-[\fImark-interval\fP[\fBm\fP|\fBh\fP|\fBd\fP|\fBl\fP]][\fBa\fP].
-The timestamps look like `[-- MARK -- Mon Jan 25 14:46:56 1999]'.
-The `\fBm\fP', `\fBh\fP', and `\fBd\fP' tags specify
-`minutes' (the default), `hours', and `days'.  The `\fBl\fP' tag
-specifies `lines' and will cause timestamps of the form
-`[Mon Jan 25 14:46:56 PST 1999]' to
-be placed every \fImark-interval\fP lines (a newline character signifies
-a new line). So, `5h' specifies every five hours and `2l' specifies every
-two lines.
-An `\fBa\fP' can be specified to add logs of
-`attached', `detached', and `bumped' actions,
-including the user's name and the host from which the
-\fBconsole\fP connection was made,
-to the logfile.
-.IP
-A default \fItimestamp-spec\fP can be specified by using the
-\fB\s-1TIMESTAMP=\s0\fP syntax.
-All consoles below the \fB\s-1TIMESTAMP=\s0\fP line will use that
-\fItimestamp-spec\fP unless overridden on a per-line basis,
-and until superseded by another \fB\s-1TIMESTAMP=\s0\fP line.
-To turn off marks for a specific
-console, use a \fImark-interval\fP of zero.
-.TP
-.I break
-specifies which break sequence to use.  The default value is `1'.
-Values of `0' thru `9' are valid.  A value of `0' will unset the
-default break sequence, which will cause the \fB^Ecl0\fP sequence to do
-nothing.
-.PP
-The \fIbreak-spec\fP sequences are defined using
-the \fB\s-1BREAK\s0\fIn\fB=\fR
-syntax where \fIn\fP is a number from 1 to 9.
-There are three builtin defaults: ``\s-1BREAK1\s0=\\z'',
-``\s-1BREAK2\s0=\\r~^b'',
-and ``\s-1BREAK3\s0=#.reset -x\\r''.  The values of
-the \fB\s-1BREAK\s0\fIn\fR
-sequences are simple characters strings with the exception of `\\' and
-`^':
-.sp
-.PD 0
-.IP \\\\a
-alert
-.IP \\\\b
-backspace
-.IP \\\\f
-form-feed
-.IP \\\\n
-newline
-.IP \\\\r
-carriage-return
-.IP \\\\t
-tab
-.IP \\\\v
-vertical-tab
-.IP \\\\z
-serial break
-.IP \\\\\\\\
-backslash
-.IP \\\\^
-circumflex
-.IP \\\\\fIooo\fP
-octal representation of a character (where \fIooo\fP is one to three
-octal digits)
-.IP \\\\\fIc\fP
-character \fIc\fP
-.IP ^?
-delete
-.IP ^\fIc\fP
-control character (\fIc\fP is `and'ed with 0x1f)
-.PD
-.PP
-This section is terminated with a `\fB%%\fP' token on a line by itself.
-.PP
-The next section of the file contains a list of hosts and addresses
-which are allowed to connect to the console server.
-.B Conserver
-looks for the first match in the config file
-for a client's IP address (or network),
-or hostname (or domain) if it is able to do a reverse lookup on the IP address,
-to determine the level of access to be granted.
-Three levels of access may be specified: ``\fBtrust\fP'', ``\fBallow\fP'',
-and ``\fBrefuse\fP''.
-The access level is followed by a colon and a space-separated list of
-addresses or host names.
-Any number of any combination of these levels may be specified,
-bearing in mind that conserver uses the first match for each incoming
-client connection, so order is important.
-.PP
-Any complete suffix of a host name may be used to define access for all hosts
-in that subdomain.
-For example, `\fBcc.purdue.edu\fP' will allow `mentor.cc.purdue.edu'
-and `mace.cc.purdue.edu', but not `pucc.purdue.edu' or `hack.purdue.edu'.
-For IP addresses, optional netmask lengths may be specified
-in CIDR `/' notation.
-For example, `\fB192.168.1.0\fP' will allow the class C space of 192.168.1.0,
-but `\fB192.168.1.0/25\fP' will allow
-only the lower half of that same address space (192.168.1.0 thru 192.168.1.127).
-.SH EXAMPLE
-# name:path:baud:logfile:mark:break
-.nf
-LOGDIR=/tmp
-# overriding the builtin BREAK3 sequence
-BREAK3=#.reset\\r
-# adding another break sequence
-BREAK8=+++
-#
-# This logs to /tmp/treelog...using BREAK8
-tree:/dev/ttyj0:9600e:&log::8
-#
-# This logs to /tmp/fishlog...
-fish:/dev/ttyj1:4800e:fishlog:
-#
-# Now we're defaulting to /var/tmp for logfiles...
-LOGDIR=/var/tmp
-#
-# So, this is /var/tmp/birdlog with 1-hour timestamps
-bird:/dev/ttyj2:4800m:&log:1h
-#
-# And this is /var/tmp/solarlog, using BREAK4, no timestamps
-solar:|telnet solar::solarlog::4
-#
-# Now things are all in /var/consoles/<console name>
-LOGDIR=/var/consoles
-shell:|::&:
-#
-# These open connections to ports 2003 and 2004 of ts1
-# using BREAK2 and BREAK3
-tribe:!ts1:2003:&::2
-# This one also has 10-minute timestamps and activity logging
-reptile:!ts1:2004:&:10ma:3
-#
-# This opens /dev/ttyh0 if running on extra.cc.purdue.edu;
-# otherwise, clients are redirected to that host.
-mentor:/dev/ttyh0@extra.cc.purdue.edu:2400e:&:
-%%
-#
-# access restrictions
-# (note that the "badhost.cc.purdue.edu" entry must appear
-# before the "cc.purdue.edu" entry if connections from
-# "badhost" are to be rejected, since only the first match
-# is used)
-#
-trusted: console.cc.purdue.edu 128.210.7.90
-refuse: badhost.cc.purdue.edu
-allow: cc.purdue.edu stat.cc.purdue.edu
-.SH "SEE ALSO"
-.BR console (1),
-.BR conserver.passwd (5),
-.BR conserver (8)

conserver.cf/conserver.passwd

@@ -1,3 +1,3 @@
-bryan:td1AgneGE3RsU:any
-djs:*passwd*:any
-todd:*passwd*:server1
+bryan:td1AgneGE3RsU
+djs:*passwd*
+todd:*passwd*

conserver.cf/conserver.passwd.man

@@ -1,72 +0,0 @@
-.\" $Id: conserver.passwd.man,v 1.4 2001-08-04 20:54:25-07 bryan Exp $
-.TH CONSERVER.PASSWD 5 "Local"
-.SH NAME
-conserver.passwd \- user access information for conserver(8)
-.SH SYNOPSIS
-.br
-\fIusername\fB:\fIpassword\fB:\fIconsoles\fR
-.SH DESCRIPTION
-The \fBconserver.passwd\fP file
-is the user authentication and authorization file for
-.BR conserver (8).
-Upon each incoming client connection,
-\fBconserver\fP opens and reads the \fBconserver.passwd\fP file,
-so edits to the file take effect immediately.
-It reads only until the first \fIusername\fP match.
-.PP
-Blank lines and comment lines (those beginning with a ``#'' and
-optional leading whitespace) are ignored.  Non-ignored lines
-beginning with whitespace are considered continuations of the
-previous line.  This allows you to span one logical line over
-many physical lines and insert comments wherever appropriate.
-.PP
-Each logical line consists of three colon-separated fields.
-Leading and trailing white space in each
-field is ignored.
-.TP
-.I username
-the login name of the authorized user,
-or the string ``\fB*any*\fP'' to match any user.
-This is compared against the name sent by the \fBconsole\fP client,
-based either on the user's identity or on the \fB\-l\fP option.
-Since \fBconserver\fP only uses the first \fIusername\fP match,
-an ``\fB*any*\fP'' entry will apply to any user
-without an entry earlier in the file.
-.TP
-.I password
-the encrypted password,
-or the string ``\fB*passwd*\fP''
-to indicate that \fBconserver\fP should look up the user's password
-in the system \fBpasswd\fP (or \fBshadow\fP) database.
-If this field is empty, password checking is bypassed for this user.
-.TP
-.I consoles
-a comma- and/or space-separated list of consoles
-to which the user is permitted to connect,
-or the string ``\fBany\fP'' to allow access to any console.
-These names must match the console names in the \fBconserver.cf\fP file.
-.SH EXAMPLE
-.TP 30
-\fBmary:r71mXjfALB5Ak:any\fP
-Mary may connect to any console if her password matches;
-it does not matter whether she has a login on the conserver host.
-.TP
-\fBfred:*passwd*:foo.example.com,bar.example.com\fP
-Fred may connect only to the listed consoles,
-and only with his regular login password on the conserver host.
-.TP
-\fBbozo:*:\fP
-Bozo is not allowed access to any consoles.
-.TP
-\fB*any*:*passwd*:any\fP
-Anyone not listed above may access any console
-if they have a regular login and know the password.
-.SH "SEE ALSO"
-.BR console (1),
-.BR conserver.cf (5),
-.BR conserver (8)
-.SH BUGS
-.PP
-There is currently no way provided by the conserver package
-to generate the encrypted password strings
-besides copying them from the system \fBpasswd\fP database.

conserver.cf/conserver.passwd.man.in

@@ -0,0 +1,93 @@
+.TH CONSERVER.PASSWD 5 "@CONSERVER_DATE@" "conserver-@CONSERVER_VERSION@" "conserver"
+.SH NAME
+conserver.passwd \- user access information for
+.BR conserver (8)
+.SH SYNOPSIS
+.IB username : password
+.SH DESCRIPTION
+The
+.B conserver.passwd
+file is the user authentication and authorization file for
+.BR conserver (8).
+Upon each incoming client connection,
+.B conserver
+opens and reads the
+.B conserver.passwd
+file, so edits to the file take effect immediately.
+It reads only until the first
+.I username
+match.
+.PP
+Blank lines and comment lines (those beginning with a ``#'' and
+optional leading whitespace) are ignored.
+Non-ignored lines beginning with whitespace are considered
+continuations of the previous line.
+This allows you to span one logical line over
+many physical lines and insert comments wherever appropriate.
+.PP
+Each logical line consists of two colon-separated fields.
+Leading and trailing white space in each field is ignored.
+.TP
+.I username
+the login name of the authorized user,
+or the string
+.RB `` *any* ''
+to match any user.
+This is compared against the name sent by the
+.B console
+client, based either on the user's identity or on the
+.B \-l option.
+Since
+.B conserver
+only uses the first
+.I username
+match, a
+.RB `` *any* ''
+entry will apply to any user
+without an entry earlier in the file.
+.TP
+.I password
+the encrypted password,
+or the string
+.RB `` *passwd* ''
+to indicate that
+.B conserver
+should look up the user's password
+in the system
+.BR passwd " (or " shadow ") database."
+If PAM support has been enabled
+.RB ( --with-pam ),
+PAM lookups will be done instead of
+.BR passwd " (or " shadow ") lookups"
+(you may need to edit /etc/pam.conf or create /etc/pam.d/conserver).
+If this field is empty, password checking is bypassed for this user.
+.SH EXAMPLE
+.TP 24
+.B mary:r71mXjfALB5Ak
+Mary uses the password specified above;
+it does not matter whether she has a login on the conserver host.
+.TP
+.B fred:*passwd*
+Fred may connect only with his regular login password on the conserver host.
+.TP
+.B bozo:*
+Bozo is only allowed to access a console if his password isn't used (since
+it's invalid) which means he needs to come from a
+.B trusted
+host.
+.TP
+.B *any*:*passwd*
+Anyone not listed above uses their regular login and password.
+.SH "SEE ALSO"
+.BR console (1),
+.BR conserver.cf (5),
+.BR conserver (8)
+.SH BUGS
+.PP
+There is currently no way provided by the conserver package
+to generate the encrypted password strings
+besides copying them from the system
+.B passwd
+database or running
+.BR crypt (3)
+via C or perl or some other language that supports it.

conserver.cf/label.ps

@@ -1,5 +1,4 @@
 %!PS-Adobe-2.0 EPSF-1.2
-%%$Id: label.ps,v 1.8 94/01/21 09:37:42 ksb Exp $
 %%Title: RJ-11
 %%Creator: A Braunsdorf
 %%CreationDate: 

conserver.cf/samples/README

@@ -0,0 +1,21 @@
+I put together the sample configuration files in this directory in hopes
+that it would help folks see some of the possibilities of the
+configuration file format.  Each of the files are syntatically correct,
+but have never actually been used.
+
+Each file is basically built upon the previous...theoretically, if not
+actually.  Hopefully they'll help show some of the cool things you can
+do with the configuration file and help those trying to figure out how
+they should even start.
+
+    simple.cf - A very simple, one console config file
+
+    basic.cf - A config with a couple consoles, mostly using defaults
+
+    average.cf - A config for many consoles, using breaks, user lists,
+		 etc...bascially customizing each area
+
+    average-distributed.cf - Taking average.cf to multiple conserver
+			     hosts with overrides on those hosts
+
+Bryan Stansell

conserver.cf/samples/average-distributed.cf

@@ -0,0 +1,109 @@
+#
+# I took the average.cf file and expanded it to use a distributed
+# conserver setup...two conserver hosts (conserver1 and conserver2), but
+# the basic philosophy would hold for many more console and/or conserver
+# hosts.
+#
+
+# ------ define a user group ------
+group sysadmin {
+    users bryan, todd, dave;
+}
+# helpers is everyone but the sysadmin group
+group helpers {
+    users *, !sysadmin;
+}
+
+
+# ------ make sure breaks are the way we want --------
+break 1 { string "\z"; }
+break 2 { string "\r\d~\d^b"; delay 600; }
+break 3 { string "#."; }
+
+
+# ----- define some console types ------
+# yeah, just setting a break doesn't quite seem worth it, but perhaps,
+# some day, there will be more host-specific stuff.
+default sun-std { break 1; }
+default sun-alt { break 2; }
+default sun-lom { break 3; }
+
+
+# ------ defaults ------
+# we set a 'global' default so we can reuse the bits below.  we're going
+# to set the '*' default, then define consoles, reset the '*' default,
+# define more consoles, etc.
+default global {
+	logfile /var/consoles/&;	# '&' is replaced with console name
+	timestamp 1hab;			# write timestamps
+	rw sysadmin;			# allow sysadmins full access
+	ro helpers;			# allow helpers to watch
+	include sun-std;
+}
+
+
+# --------- define our terminal attributes ----------
+# simple tcp connections are "easy"
+default cisco { type host; portbase 2000; portinc 1; }
+default xyplex  { type host; portbase 2000; portinc 100; }
+
+# this is a cyclades card referenced with /dev/ttyC0 through /dev/ttyC31
+# (referenced as ports 1 through 32 in conserver.cf)
+# we set the various port calculation bits and pattern substitution to
+# come up with a generic definition
+default cyclades { type device; device /dev/ttyC&; baud 9600; parity none;
+		   devicesubst &=Pd; portbase -1; portinc 1; host unused; }
+
+## this is a term server accessed with an ssh command
+# it too uses pattern substitution and such to get the job done
+default ciscossh { type exec; portbase 2000; portinc 1;
+		   exec /usr/local/bin/ssh -p P -l tsuser H;
+		   execsubst H=hs,P=Pd; }
+
+
+# ------- set the global default for the first conserver host -------
+# the consoles below (until the default is reset) are managed
+# by conserver1.conserver.com
+default * { include global; master conserver1.conserver.com; }
+
+# ------- define the consoles on ts1.conserver.com --------
+default ts1.conserver.com { include cisco; host ts1.conserver.com; }
+console web1.conserver.com { include ts1.conserver.com; port 2; }
+console ns1.conserver.com { include ts1.conserver.com; port 10; }
+
+# ------- define the consoles on ts2.conserver.com --------
+default ts2.conserver.com { include xyplex; host ts2.conserver.com; }
+console web2.conserver.com { include ts2.conserver.com; port 4; }
+console ns2.conserver.com { include ts2.conserver.com; port 22; }
+
+# ------- set the global default for the second conserver host -------
+# the following consoles are managed by conserver2.conserver.com
+default * { include global; master conserver2.conserver.com; }
+
+# ------- define the consoles on ts3.conserver.com --------
+default ts3.conserver.com { include ciscossh; host ts3.conserver.com; }
+console ftp1.conserver.com { include ts3.conserver.com; include sun-lom;
+			     port 7; }
+
+# ------- set up the an access list to avoid the default -------
+# anything *not* matched here will fallback to the default access mode
+access * {
+	trusted 127.0.0.1;
+	allowed 10.0.0.0/8;
+}
+
+# conserver2 has an extra leg that is trusted
+access conserver2.conserver.com { trusted 192.168.0.0/16; }
+
+# ------- do some server configuration ---------
+# both conserver1.conserver.com and conserver2.conserver.com use the same
+# set of defaults
+config * {
+	defaultaccess rejected;
+	daemonmode on;
+	logfile /var/log/conserver;
+}
+
+# we're going to set the default access on conserver2 to allowed, because
+# it's in a higher-trust network
+config conserver2.conserver.com { defaultaccess allowed; }

conserver.cf/samples/average.cf

@@ -0,0 +1,91 @@
+#
+# This would be what i'd expect a more common configuration file would
+# look like.  There are consoles attached to multiple devices, simple
+# access lists, etc.
+#
+
+# ------ define a user group ------
+group sysadmin {
+    users bryan, todd, dave;
+}
+# helpers is everyone but the sysadmin group
+group helpers {
+    users *, !sysadmin;
+}
+
+
+# ------ make sure breaks are the way we want --------
+break 1 { string "\z"; }
+break 2 { string "\r\d~\d^b"; delay 600; }
+break 3 { string "#."; }
+
+
+# ----- define some console types ------
+# yeah, just setting a break doesn't quite seem worth it, but perhaps,
+# some day, there will be more host-specific stuff.
+default sun-std { break 1; }
+default sun-alt { break 2; }
+default sun-lom { break 3; }
+
+
+# ------ defaults ------
+# now for some generic console defaults so that we don't have to
+# duplicate them for each console.
+default * {
+	logfile /var/consoles/&;	# '&' is replaced with console name
+	timestamp 1hab;			# write timestamps
+	rw sysadmin;			# allow sysadmins full access
+	ro helpers;			# allow helpers to watch
+	master localhost;
+	include sun-std;
+}
+
+
+# --------- define our terminal attributes ----------
+# simple tcp connections are "easy"
+default cisco { type host; portbase 2000; portinc 1; }
+default xyplex  { type host; portbase 2000; portinc 100; }
+
+# this is a cyclades card referenced with /dev/ttyC0 through /dev/ttyC31
+# (referenced as ports 1 through 32 in conserver.cf)
+# we set the various port calculation bits and pattern substitution to
+# come up with a generic definition
+default cyclades { type device; device /dev/ttyC&; baud 9600; parity none;
+		   devicesubst &=Pd; portbase -1; portinc 1; host unused; }
+
+## this is a term server accessed with an ssh command
+# it too uses pattern substitution and such to get the job done
+default ciscossh { type exec; portbase 2000; portinc 1;
+		   exec /usr/local/bin/ssh -p P -l tsuser H;
+		   execsubst H=hs,P=Pd; }
+
+
+# ------- define the consoles on ts1.conserver.com --------
+default ts1.conserver.com { include cisco; host ts1.conserver.com; }
+console web1.conserver.com { include ts1.conserver.com; port 2; }
+console ns1.conserver.com { include ts1.conserver.com; port 10; }
+
+# ------- define the consoles on ts2.conserver.com --------
+default ts2.conserver.com { include xyplex; host ts2.conserver.com; }
+console web2.conserver.com { include ts2.conserver.com; port 4; }
+console ns2.conserver.com { include ts2.conserver.com; port 22; }
+
+# ------- define the consoles on ts3.conserver.com --------
+default ts3.conserver.com { include ciscossh; host ts3.conserver.com; }
+console ftp1.conserver.com { include ts3.conserver.com; include sun-lom;
+			     port 7; }
+
+
+# ------- set up the an access list to avoid the default -------
+# anything *not* matched here will fallback to the default access mode
+access * {
+	trusted 127.0.0.1;
+	allowed 10.0.0.0/8;
+}
+
+# ------- do some server configuration ---------
+config * {
+	defaultaccess rejected;
+	daemonmode on;
+	logfile /var/log/conserver;
+}

conserver.cf/samples/basic.cf

@@ -0,0 +1,28 @@
+#
+# This is a fairly basic configuration file that interacts with one
+# terminal server.
+#
+
+# first, we're going to set some generic console defaults so that we
+# don't have to duplicate them for each console.
+default * {
+	logfile /var/consoles/&;	# '&' is replaced with console name
+	timestamp 1hab;			# write timestamps
+	rw *;				# allow all users
+	master localhost;
+	type host;
+	host ts1.conserver.com;		# consoles on ts1.conserver.co
+	portbase 2000;			# port numbers start at 2001 and
+	portinc 1;			# go up by 1 (port #1 == 2001, etc)
+}
+
+# define two consoles on the terminal server
+console web1.conserver.com { port 2; }	# calculates to tcp port 2002
+console ns1.conserver.com { port 10; }	# calculates to tcp port 2010
+
+# set up the an access list to avoid the default
+# anything *not* matched here will fallback to the default access (-a)
+# mode
+access * {
+	trusted 127.0.0.1;
+}

conserver.cf/samples/simple.cf

@@ -0,0 +1,11 @@
+#
+# I believe this is the smallest configuration file that is also fully
+# functional.  You have to be happy with the default access type (-a)
+# as well as the default access list that gets used.
+# 
+
+console simple {
+    master localhost;
+    type exec;
+    rw *;
+}

conserver.cf/test.cf

@@ -1,30 +1,43 @@
 # dummy conserver config file
 #
-# $Id: dummy.cf,v 4.3 92/07/27 12:23:59 ksb Exp $
-#
-# 1. change the `/dev/ttya' to any tty device you can put a serial device on
-#    that you could talk to with kermit/cu.  Put in the baud rate and parity.
-#
-# 2. change the `cc.purdue.edu' to your local domain.
-#
-# 3. !! do not leave this up, as it can give local users a root shell (login)
-#    !! for extended testing change the `|' to `|su - tst' where tst is a
-#    !! vanilla test acount, or comment out the `login' console.
-#
+default full {
+	rw *;
+}
+default * {
+	logfile /tmp/&;
+	timestamp "";
+	include full;
+}
+break 5 {
+	string "\rtest\r";
+}
 # list of consoles we serve
-# name : tty[@host] : baud[parity] : device : group
-DOMAINHACK=
-LOGDIR=/tmp
-BREAK5=\rtest\r
-shell:|:9600p:&:5
-bash:|/usr/local/bin/bash::&:2
-web:!www.conserver.com:80:&:
-b:/dev/ttyb:9600p:&:
-#ts6-10:!ts6:10010:&:
-#ts6-11:!ts6:10011:&:
-#ts6-12:!ts6:10012:&:
-#ts6-13:!ts6:10013:&:
-%%
+console shell {
+	master localhost;
+	timestamp 5;
+	type exec;
+	exec "";
+}
+console bash {
+	master localhost;
+	timestamp 2;
+	type exec;
+	exec /usr/local/bin/bash;
+}
+console web {
+	master localhost;
+	type host;
+	host www.conserver.com;
+	port 80;
+}
+console b {
+	master localhost;
+	type device;
+	device /dev/ttyb;
+	baud 9600;
+	parity none;
+}
 # list of clients we allow
-# type machines
-trusted: 127.0.0.1
+access * {
+	trusted 127.0.0.1;
+}

conserver.html

@@ -1,268 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<HTML>
-  <HEAD>
-    <META name="generator" content="HTML Tidy, see www.w3.org">
-    <META name="keywords" content=
-    "conserver,serial,console,serial console,unix,tty,ttya,ttyb, rs-232,rs232,bryan stansell,stansell,console server,terminal server,headless">
-    <META name="author" content=
-    "Bryan Stansell &lt;bryan@conserver.com&gt;">
-    <LINK rel="SHORTCUT ICON" href=
-    "http://www.conserver.com/conserver.ico">
-
-    <TITLE>Conserver</TITLE>
-<STYLE type="text/css">
- body {
-  background-color: #EEEEEE;
-  color: black;
- }
-</STYLE>
-  </HEAD>
-
-  <BODY>
-    <TABLE summary="Logo" bgcolor="black" width="100%" align=
-    "CENTER">
-      <TR>
-        <TD align="CENTER"><BR>
-        <IMG src="conserver.gif" alt="Conserver"><BR>
-        <BR>
-        </TD>
-      </TR>
-    </TABLE>
-    <BR>
-     
-
-    <TABLE summary="Conserver Page" width="80%" align="CENTER">
-      <TR>
-        <TD>
-        <!-- empty cell here, then search box on right spans two rows,
-             then we have the text that appears on the left, so things
-             appear in the right order so they look right in lynx
-        -->
-        </TD>
-
-        <TD rowspan="2" align="RIGHT">
-          <FORM method="POST" action=
-          "http://www.conserver.com/cgi-bin/htsearch">
-            <INPUT type="HIDDEN" name="method" value="and"> <INPUT
-            type="HIDDEN" name="format" value="builtin-long">
-            <INPUT type="HIDDEN" name="sort" value="score"> <INPUT
-            type="HIDDEN" name="config" value="htdig"> <INPUT type=
-            "HIDDEN" name="restrict" value=""> <INPUT type="HIDDEN"
-            name="exclude" value=""> <INPUT type="TEXT" size="20"
-            name="words" value=""> <INPUT type="SUBMIT" value=
-            "Search">
-          </FORM>
-        </TD>
-      </TR>
-
-      <TR>
-        <TD>
-          <H3>What is conserver?</H3>
-        </TD>
-      </TR>
-
-      <TR>
-        <TD colspan="2">
-          <P>From an email I once sent...</P>
-
-          <P>Conserver is an application that allows multiple users
-          to watch a serial console at the same time. It can log
-          the data, allows users to take write-access of a console
-          (one at a time), and has a variety of bells and whistles
-          to accentuate that basic functionality. The idea is that
-          conserver will log all your serial traffic so you can go
-          back and review why something crashed, look at changes
-          (if done on the console), or tie the console logs into a
-          monitoring system (just watch the logfiles it creates).
-          With multi-user capabilities you can work on equipment
-          with others, mentor, train, etc. It also does all that
-          client-server stuff so that, assuming you have a network
-          connection, you can interact with any of the equipment
-          from home or wherever.</P>
-
-          <H3>The FAQ</H3>
-          Here's the conserver <A href=
-          "http://www.conserver.com/FAQ">FAQ</A>. Got any
-          additions? Let me know. 
-
-          <H3>Mailing Lists</H3>
-
-          <P>There are currently two mailing lists available. <A
-          href=
-          "mailto:announce@conserver.com">announce@conserver.com</A>
-          is an announcement-only mailing list for informing of new
-          versions, major developments, etc. <A href=
-          "mailto:users@conserver.com">users@conserver.com</A> is
-          for general Q&amp;A, discussions, ideas, etc. for
-          conserver users. You can sign up by sending a message to
-          <A href=
-          "mailto:announce-request@conserver.com">announce-request@conserver.com</A>
-          or <A href=
-          "mailto:users-request@conserver.com">users-request@conserver.com</A>
-          with a subject of "subscribe" or head over to the online
-          <A href="https://www.conserver.com/mailman/listinfo">web
-          pages</A>.</P>
-
-          <H3>Origin</H3>
-
-          <P>The console server software found here is a heavily
-          modified version originally written by <A href=
-          "http://hea-www.harvard.edu/~fine/">Tom Fine</A> (<A
-          href=
-          "mailto:fine@head-cfa.harvard.edu">fine@head-cfa.harvard.edu</A>)
-          at Ohio State and then Kevin S Braunsdorf (<A href=
-          "mailto:ksb+conserver@sa.fedex.com">ksb+conserver@sa.fedex.com</A>).
-          Patches from Robert Olson (<A href=
-          "mailto:olson@mcs.anl.gov">olson@mcs.anl.gov</A>) were
-          then applied to get network console support.</P>
-
-          <P>Arnold de Leon (<A href=
-          "mailto:arnold@corp.webtv.net">arnold@corp.webtv.net</A>)
-          then fixed various bugs and added enhancements while at
-          <A href="http://www.synopsys.com/">Synopsys</A>. I then
-          took the result, continued fixing things, and added
-          features we found useful.</P>
-
-          <P><A href="http://www.gnac.com/">GNAC</A> (Global
-          Networking and Computing - currently <A href=
-          "http://www.certaintysolutions.com/">Certainty
-          Solutions</A>) has been supporting my coding efforts (in
-          too many ways to list) since 1996.</P>
-
-          <H3>The conserver.com Distribution</H3>
-
-          <P>The result is a combination of many people's work.
-          This version is being released in hopes that it will help
-          others. There is no warranty or support implied by the
-          distribution of the software.</P>
-
-          <P>So, what the heck is up with all the different
-          conserver versions? Well, the original authors are
-          continuing to distribute their own threads of the
-          software so you have three main threads (as far as I
-          know). First, there's Tom Fine's thread at <A href=
-          "http://hea-www.harvard.edu/~fine/Tech/console-server.html">
-          http://hea-www.harvard.edu/~fine/Tech/console-server.html</A>.
-          He isn't actively developing it, however, according to
-          the website. Next, there's Kevin Braunsdorf's version at
-          <A href=
-          "ftp://ftp.physics.purdue.edu/pub/pundits/">ftp://ftp.physics.purdue.edu/pub/pundits/</A>.
-          Kevin is semi-actively working on his thread. Doesn't
-          look like any new versions have been out since August
-          2000 (version 8.5), but maybe this info will be out of
-          date by the time you read this. Lastly, the conserver.com
-          version is based on Kevin's "5.21-Beta" distribution, but
-          since <B>HEAVILY</B> modified and enhanced (more details
-          in the "Origin" section above).</P>
-
-          <P>If I were looking for a conserver package I would
-          either use Kevin's latest distribution or the
-          conserver.com distribution. Which one? Well, obviously
-          I'm biased and believe the conserver.com distribution
-          should be your choice, but Kevin's does have UPS (serial
-          port line toggling bits) that the conserver.com version
-          doesn't have. What does the conserver.com distribution
-          have? Well, in reality, too many things to list. You'll
-          have to look at the <A href=
-          "http://www.conserver.com/CHANGES">CHANGES</A> file and
-          see the enhancements, bug fixes, and general development
-          since the original. Don't let the version numbers fool
-          you - you'll have to compare and contrast for
-          yourself.</P>
-
-          <H3>Downloading</H3>
-
-          <P>The current version, released on Mar 12, 2002, is <A
-          href=
-          "http://www.conserver.com/7.2.0.tar.gz">7.2.0.tar.gz</A>.
-          You can get it via <A href=
-          "ftp://ftp.conserver.com/conserver/7.2.0.tar.gz">FTP</A>
-          or <A href=
-          "http://www.conserver.com/7.2.0.tar.gz">HTTP</A>. See the
-          <A href="http://www.conserver.com/CHANGES">CHANGES</A>
-          file for information on the latest updates.</P>
-
-          <P>As of version 6.1.7, the packaging and numbering
-          scheme has changed. I used to package conserver as
-          conserver-GNAC-v.vv. Since <A href=
-          "http://www.gnac.com/">GNAC</A> (now <A href=
-          "http://www.certaintysolutions.com/">Certainty
-          Solutions</A>) has changed its name I've decided to drop
-          the GNAC portion and use a three-digit version number
-          (conserver-v.v.v). Why change the version numbering? I
-          need to differentiate this thread of the code from the
-          original authors' and I couldn't come up with a good
-          replacement for the GNAC name - sad, but true.</P>
-
-          <H3>Installation</H3>
-
-          <P>Check the <A href=
-          "http://www.conserver.com/INSTALL">INSTALL</A> file for
-          instructions.</P>
-
-          <H3>Postcard</H3>
-
-          <P>I always like to hear from people who use conserver -
-          it's exciting to see how many people all over the world
-          are using the package. If you'd like to give me a real
-          thrill, send me a postcard of your site, town, or area!
-          Even if you're right around the corner, it would be a
-          blast to hear from you.</P>
-<PRE>
-        Bryan Stansell
-        P.O. Box 984
-        Redwood City, CA 94064-0984
-        USA
-</PRE>
-
-          <H3>Systems Tested</H3>
-
-          <P>Here's a list of systems that I've been told can
-          successfully compile conserver. If anyone has more to add
-          to this list, please let me know.</P>
-
-          <UL>
-            <LI>Solaris 2.5.1 thru 8 (sparc/x86), gcc</LI>
-
-            <LI>BSDI BSD/OS 3.X, gcc</LI>
-
-            <LI>MacOS X</LI>
-
-            <LI>Linux 2.2.18 (x86), gcc</LI>
-
-            <LI>Linux 2.4.2 (x86), gcc</LI>
-
-            <LI>FreeBSD 4.2 (x86), gcc</LI>
-
-            <LI>cygwin (w2k),gcc 2.95.3</LI>
-
-            <LI>DEC Tru64 4.0, gcc</LI>
-
-            <LI>DEC Tru64 4.0/5.1, DEC cc</LI>
-
-            <LI>HP-UX 10.20, gcc</LI>
-
-            <LI>AIX 4.3.3, AIX cc</LI>
-          </UL>
-
-          <H3>Other Good Information</H3>
-
-          <P>Zonker Harris has fabulous documents regarding the
-          hookup of consoles to terminal servers and other such
-          devices. His <A href=
-          "http://www.conserver.com/consoles/">Greater Scroll of
-          Console Knowledge</A> is a great place to start.</P>
-          <HR noshade>
-
-          <ADDRESS>
-            Bryan Stansell (<A href=
-            "mailto:bryan@conserver.com">bryan@conserver.com</A>)<BR>
-
-          </ADDRESS>
-        </TD>
-      </TR>
-    </TABLE>
-  </BODY>
-</HTML>
-

conserver/Makefile.in

@@ -1,11 +1,17 @@
 ### Path settings
+datarootdir = @datarootdir@
 srcdir = @srcdir@
+VPATH = @srcdir@
 top_srcdir = @top_srcdir@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
 sbindir = @sbindir@
 sysconfdir = @sysconfdir@
 mandir = @mandir@
+datadir = @datadir@
+libdir = @libdir@
+pkglibdir = $(libdir)/conserver
+exampledir = $(datadir)/examples/conserver
 
 ### Installation programs and flags
 INSTALL = @INSTALL@
@@ -15,30 +21,36 @@ MKDIR = @MKDIR@
 
 ### Compiler and link options
 CC	= @CC@
-CFLAGS	= @CFLAGS@ # -DPUCC -DSUN5
+CFLAGS	= @CFLAGS@
 DEFS	= @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)\"
-CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@ @WRAPINCS@
-LDFLAGS	= @LDFLAGS@
-LIBS	= @LIBS@ @WRAPLIBS@
+CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@ @CONSCPPFLAGS@
+LDFLAGS	= @LDFLAGS@ @CONSLDFLAGS@
+LIBS	= @LIBS@ @CONSLIBS@
 @SET_MAKE@
 
 
 ### Makefile rules - no user-servicable parts below
 
 CONSERVER_OBJS = access.o client.o consent.o group.o main.o master.o \
-		 readcfg.o fallback.o util.o
+		 readcfg.o fallback.o cutil.o
 CONSERVER_HDRS = ../config.h $(top_srcdir)/compat.h $(srcdir)/access.h \
-		 $(srcdir)/client.h $(srcdir)/consent.h $(srcdir)/group.h \
-		 $(srcdir)/main.h $(srcdir)/master.h $(srcdir)/readcfg.h \
-		 $(srcdir)/util.h
-ALL = conserver
+		 $(srcdir)/client.h $(srcdir)/consent.h $(srcdir)/cutil.h \
+		 $(srcdir)/group.h $(srcdir)/main.h $(srcdir)/master.h \
+		 $(srcdir)/readcfg.h $(srcdir)/version.h
+
+ALL = conserver convert
 
 
 all: $(ALL)
 
+$(CONSERVER_OBJS): $(CONSERVER_HDRS)
+
 conserver: $(CONSERVER_OBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o conserver $(CONSERVER_OBJS) $(LIBS)
 
+convert: convert.o cutil.o
+	$(CC) $(CFLAGS) $(LDFLAGS) -o convert convert.o cutil.o $(LIBS)
+
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
 
@@ -46,14 +58,16 @@ clean:
 	rm -f *~ *.o $(ALL) core
 
 distclean: clean
-	rm -f Makefile
+	rm -f Makefile conserver.rc
 
 install: conserver
 	$(MKDIR) $(DESTDIR)$(sbindir)
 	$(INSTALL_PROGRAM) conserver $(DESTDIR)$(sbindir)
 	$(MKDIR) $(DESTDIR)$(mandir)/man8
-	$(INSTALL) conserver.man $(DESTDIR)$(mandir)/man8/conserver.8
-	$(MKDIR) $(DESTDIR)$(sysconfdir)
-	[ -f $(DESTDIR)$(sysconfdir)/conserver.rc ] || $(INSTALL) conserver.rc $(DESTDIR)$(sysconfdir)
+	$(INSTALL) -m 0644 conserver.man $(DESTDIR)$(mandir)/man8/conserver.8
+	$(MKDIR) $(DESTDIR)$(exampledir)
+	$(INSTALL) conserver.rc $(DESTDIR)$(exampledir)
+	$(MKDIR) $(DESTDIR)$(pkglibdir)
+	$(INSTALL) convert $(DESTDIR)$(pkglibdir)/convert
 
 .PHONY: clean distclean install

conserver/Sun-serial

@@ -1,5 +1,3 @@
-# $Id: Sun-serial,v 2.1 93/02/09 11:45:12 ldv Exp $
-
 If you are going to be hooking Sun consoles to your console server, you
 will run into a problem:  The sun will halt whenever the cable is unplugged.
 It will also halt when the the console server is powered off and on.  To

conserver/access.c

@@ -1,6 +1,4 @@
 /*
- *  $Id: access.c,v 5.44 2002-02-26 16:12:49-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -34,25 +32,9 @@
  * 4. This notice may not be removed or altered.
  */
 
-#include <config.h>
-
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <signal.h>
-#include <pwd.h>
-
 #include <compat.h>
-#include <port.h>
-#include <util.h>
 
+#include <cutil.h>
 #include <access.h>
 #include <consent.h>
 #include <client.h>
@@ -60,7 +42,12 @@
 #include <readcfg.h>
 #include <main.h>
 
-
+#if USE_IPV6
+# include <net/if.h>
+# include <ifaddrs.h>
+# include <sys/socket.h>
+# include <netdb.h>
+#endif
 
 /* Compare an Internet address (IPv4 expected), with an address pattern
  * passed as a character string representing an address in the Internet
@@ -75,30 +62,35 @@
  * Returns 0 if the addresses match, else returns 1.
  */
 int
-#if USE_ANSI_PROTO
 AddrCmp(struct in_addr *addr, char *pattern)
-#else
-AddrCmp(addr, pattern)
-    struct in_addr *addr;
-    char *pattern;
-#endif
 {
     in_addr_t hostaddr, pattern_addr, netmask;
     char *p, *slash_posn;
-    static STRING buf = { (char *)0, 0, 0 };
+    static STRING *buf = (STRING *)0;
+#if HAVE_INET_ATON
+    struct in_addr inetaddr;
+#endif
 
+    if (buf == (STRING *)0)
+	buf = AllocString();
     slash_posn = strchr(pattern, '/');
     if (slash_posn != NULL) {
-	buildMyString((char *)0, &buf);
-	buildMyString(pattern, &buf);
-	buf.string[slash_posn - pattern] = '\0';	/* isolate the address */
-	p = buf.string;
+	BuildString((char *)0, buf);
+	BuildString(pattern, buf);
+	buf->string[slash_posn - pattern] = '\0';	/* isolate the address */
+	p = buf->string;
     } else
 	p = pattern;
 
+#if HAVE_INET_ATON
+    if (inet_aton(p, &inetaddr) == 0)
+	return 1;
+    pattern_addr = inetaddr.s_addr;
+#else
     pattern_addr = inet_addr(p);
     if (pattern_addr == (in_addr_t) (-1))
 	return 1;		/* malformed address */
+#endif
 
     if (slash_posn) {
 	/* convert explicit netmask */
@@ -122,144 +114,306 @@ AddrCmp(addr, pattern)
 	netmask = 0xffffffff;	/* compare entire addresses */
     hostaddr = addr->s_addr;
 
-    Debug(1, "Access check:       host=%lx(%lx/%lx)", hostaddr & netmask,
-	  hostaddr, netmask);
-    Debug(1, "Access check:        acl=%lx(%lx/%lx)",
-	  pattern_addr & netmask, pattern_addr, netmask);
+    CONDDEBUG((1, "AddrCmp(): host=%lx(%lx/%lx) acl=%lx(%lx/%lx)",
+	       hostaddr & netmask, hostaddr, netmask,
+	       pattern_addr & netmask, pattern_addr, netmask));
     return (hostaddr & netmask) != (pattern_addr & netmask);
 }
 
 /* return the access type for a given host entry			(ksb)
  */
 char
-#if USE_ANSI_PROTO
-AccType(struct in_addr *addr, char *hname)
-#else
-AccType(addr, hname)
-    struct in_addr *addr;
-    char *hname;
-#endif
+AccType(INADDR_STYPE *addr, char **peername)
 {
-    char *pcName;
-    int len;
     ACCESS *pACtmp;
+    socklen_t so;
+    char ret;
+#if USE_IPV6
+    int error;
+    char host[NI_MAXHOST];
+    char ipaddr[NI_MAXHOST];
+#else
+    struct hostent *he = (struct hostent *)0;
+    int a;
+# if TRUST_REVERSE_DNS
+    char **revNames = (char **)0;
+# endif
 
-    if (fDebug) {
-	if (hname)
-	    Debug(1, "Access check: hostname=%s, ip=%s", hname,
-		  inet_ntoa(*addr));
-	else
-	    Debug(1, "Access check: hostname=<unresolvable>, ip=%s",
-		  inet_ntoa(*addr));
+    CONDDEBUG((1, "AccType(): ip=%s", inet_ntoa(*addr)));
+#endif /* USE_IPV6 */
+
+    ret = config->defaultaccess;
+    so = sizeof(*addr);
+
+#if USE_IPV6
+    /*
+     * XXX where is the TRUST_REVERSE_DNS support for IPv6???
+     *
+     * XXX IPv4 should use getnameinfo() et al as well
+     * (if available, they are in IEEE Std 1003.1g-2000)
+     */
+    error =
+	getnameinfo((struct sockaddr *)addr, so, ipaddr, sizeof(ipaddr),
+		    NULL, 0, NI_NUMERICHOST);
+    if (error) {
+	Error("AccType(): getnameinfo failed: %s", gai_strerror(error));
+	goto common_ret;
     }
-    for (pACtmp = pACList; pACtmp != (ACCESS *) 0;
-	 pACtmp = pACtmp->pACnext) {
-	Debug(1, "Access check:    who=%s, trust=%c", pACtmp->pcwho,
-	      pACtmp->ctrust);
-	if (pACtmp->isCIDR != 0) {
-	    if (0 == AddrCmp(addr, pACtmp->pcwho)) {
-		return pACtmp->ctrust;
+    CONDDEBUG((1, "AccType(): ip=%s (%s)", ipaddr,
+	       addr->ss_family == AF_UNSPEC ? "AF_UNSPEC" : 
+	       addr->ss_family == AF_LOCAL ? "AF_LOCAL" : 
+	       addr->ss_family == AF_INET ? "AF_INET" : 
+	       addr->ss_family == AF_INET6 ? "AF_INET6" : "IF_???"));
+
+    error =
+	getnameinfo((struct sockaddr *)addr, so, host, sizeof(host), NULL,
+		    0, 0);
+    if (!error)
+	CONDDEBUG((1, "AccType(): host=%s", host));
+
+    for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
+	CONDDEBUG((1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
+		   pACtmp->ctrust));
+	if (addr->ss_family == AF_INET && pACtmp->isCIDR != 0) {
+	    if (AddrCmp
+		(&(((struct sockaddr_in *)addr)->sin_addr),
+		 pACtmp->pcwho) == 0) {
+		ret = pACtmp->ctrust;
+		goto common_ret;
 	    }
 	    continue;
 	}
-	if (hname && hname[0] != '\000') {
-	    pcName = hname;
-	    len = strlen(pcName);
-	    while (len >= pACtmp->ilen) {
-		Debug(1, "Access check:       name=%s", pcName);
-		if (0 == strcmp(pcName, pACtmp->pcwho)) {
-		    return pACtmp->ctrust;
+
+	if (strstr(ipaddr, pACtmp->pcwho) != NULL) {
+	    CONDDEBUG((1, "AccType(): match for ip=%s", ipaddr));
+	    ret = pACtmp->ctrust;
+	    goto common_ret;
+	}
+
+	if (!error && strstr(host, pACtmp->pcwho) != NULL) {
+	    CONDDEBUG((1, "AccType(): match for host=%s", host));
+	    ret = pACtmp->ctrust;
+	    goto common_ret;
+	}
+    }
+  common_ret:
+    if (config->loghostnames == FLAGTRUE && !error)
+	*peername = StrDup(host);
+#else  /* !USE_IPV6 */
+# if TRUST_REVERSE_DNS
+    /* if we trust reverse dns, we get the names associated with
+     * the address we're checking and then check each of those
+     * against the access list entries (below).
+     */
+    if ((he =
+	 gethostbyaddr((char *)addr, so,
+		       AF_INET)) == (struct hostent *)0) {
+	Error("AccType(): gethostbyaddr(%s): %s", inet_ntoa(*addr),
+	      hstrerror(h_errno));
+    } else {
+	char *hname;
+	if (he->h_name != (char *)0) {
+	    /* count up the number of names */
+	    for (a = 0, hname = he->h_aliases[a]; hname != (char *)0;
+		 hname = he->h_aliases[++a]);
+	    a += 2;		/* h_name + (char *)0 */
+	    /* now duplicate them */
+	    if ((revNames =
+		 (char **)calloc(a, sizeof(char *))) != (char **)0) {
+		for (hname = he->h_name, a = 0; hname != (char *)0;
+		     hname = he->h_aliases[a++]) {
+		    if ((revNames[a] = StrDup(hname)) == (char *)0)
+			break;
+		    CONDDEBUG((1, "AccType(): revNames[%d]='%s'", a,
+			       hname));
 		}
-		pcName = strchr(pcName, '.');
-		if ((char *)0 == pcName) {
-		    break;
-		}
-		++pcName;
-		len = strlen(pcName);
 	    }
 	}
     }
-    return chDefAcc;
+# endif
+
+    for (pACtmp = pACList; pACtmp != (ACCESS *)0; pACtmp = pACtmp->pACnext) {
+	CONDDEBUG((1, "AccType(): who=%s, trust=%c", pACtmp->pcwho,
+		   pACtmp->ctrust));
+	if (pACtmp->isCIDR != 0) {
+	    if (AddrCmp(addr, pACtmp->pcwho) == 0) {
+		ret = pACtmp->ctrust;
+		goto common_ret;
+	    }
+	    continue;
+	}
+
+	if ((he = gethostbyname(pACtmp->pcwho)) == (struct hostent *)0) {
+	    Error("AccType(): gethostbyname(%s): %s", pACtmp->pcwho,
+		  hstrerror(h_errno));
+	} else if (4 != he->h_length || AF_INET != he->h_addrtype) {
+	    Error
+		("AccType(): gethostbyname(%s): wrong address size (4 != %d) or address family (%d != %d)",
+		 pACtmp->pcwho, he->h_length, AF_INET, he->h_addrtype);
+	} else {
+	    for (a = 0; he->h_addr_list[a] != (char *)0; a++) {
+		CONDDEBUG((1, "AccType(): addr=%s",
+			   inet_ntoa(*(struct in_addr *)
+				     (he->h_addr_list[a]))));
+		if (
+# if HAVE_MEMCMP
+		       memcmp(&(addr->s_addr), he->h_addr_list[a],
+			      he->h_length)
+# else
+		       bcmp(&(addr->s_addr), he->h_addr_list[a],
+			    he->h_length)
+# endif
+		       == 0) {
+		    ret = pACtmp->ctrust;
+		    goto common_ret;
+		}
+	    }
+	}
+# if TRUST_REVERSE_DNS
+	/* we chop bits off client names so that we can put domain
+	 * names in access lists or even top-level domains.
+	 *    allowed conserver.com, net;
+	 * this allows anything from conserver.com and anything in
+	 * the .net top-level.  without TRUST_REVERSE_DNS, those names
+	 * better map to ip addresses for them to take effect.
+	 */
+	if (revNames != (char **)0) {
+	    char *pcName;
+	    int wlen;
+	    int len;
+	    wlen = strlen(pACtmp->pcwho);
+	    for (a = 0; revNames[a] != (char *)0; a++) {
+		for (pcName = revNames[a], len = strlen(pcName);
+		     len >= wlen; len = strlen(++pcName)) {
+		    CONDDEBUG((1, "AccType(): name=%s", pcName));
+		    if (strcasecmp(pcName, pACtmp->pcwho) == 0) {
+			if (peername != (char **)0)
+			    *peername = StrDup(revNames[a]);
+			ret = pACtmp->ctrust;
+			goto common_ret2;
+		    }
+		    pcName = strchr(pcName, '.');
+		    if (pcName == (char *)0)
+			break;
+		}
+	    }
+	}
+# endif
+    }
+
+  common_ret:
+    if (config->loghostnames == FLAGTRUE && peername != (char **)0) {
+# if TRUST_REVERSE_DNS
+	if (revNames != (char **)0 && revNames[0] != (char *)0)
+	    *peername = StrDup(revNames[0]);
+# else
+	if ((he =
+	     gethostbyaddr((char *)addr, so,
+			   AF_INET)) != (struct hostent *)0) {
+	    *peername = StrDup(he->h_name);
+	}
+# endif
+    }
+# if TRUST_REVERSE_DNS
+  common_ret2:
+    if (revNames != (char **)0) {
+	for (a = 0; revNames[a] != (char *)0; a++)
+	    free(revNames[a]);
+	free(revNames);
+    }
+# endif
+#endif /* USE_IPV6 */
+    return ret;
 }
 
 void
-#if USE_ANSI_PROTO
-SetDefAccess(struct in_addr *pAddr, char *pHost)
+SetDefAccess(
+#if USE_IPV6
+		void
 #else
-SetDefAccess(pAddr, pHost)
-    struct in_addr *pAddr;
-    char *pHost;
+		struct in_addr *pAddr, char *pHost
 #endif
+    )
 {
-    char *pcWho, *pcDomain;
-    int iLen;
-    char *addr;
+    ACCESS *a;
+#if USE_IPV6
+    int error;
+    char addr[NI_MAXHOST];
+    struct ifaddrs *myAddrs, *ifa;
+#endif /* USE_IPV6 */
 
-    addr = inet_ntoa(*pAddr);
-    iLen = strlen(addr);
-    if ((ACCESS *) 0 == (pACList = (ACCESS *) calloc(1, sizeof(ACCESS)))) {
-	OutOfMem();
+    while (pACList != (ACCESS *)0) {
+	a = pACList->pACnext;
+	DestroyAccessList(pACList);
+	pACList = a;
     }
-    if ((char *)0 == (pcWho = malloc(iLen + 1))) {
-	OutOfMem();
-    }
-    pACList->ctrust = 'a';
-    pACList->ilen = iLen;
-    pACList->pcwho = strcpy(pcWho, addr);
 
-    Debug(1, "Access list prime: trust=%c, who=%s", pACList->ctrust,
-	  pACList->pcwho);
-
-    if ((char *)0 == (pcDomain = strchr(pHost, '.'))) {
+#if USE_IPV6
+    /* get list of all addresses on system */
+    error = getifaddrs(&myAddrs);
+    if (error) {
+	Error("SetDefAccess(): getifaddrs: %s", strerror(errno));
 	return;
     }
-    ++pcDomain;
-    iLen = strlen(pcDomain);
 
-    if ((ACCESS *) 0 ==
-	(pACList->pACnext = (ACCESS *) calloc(1, sizeof(ACCESS)))) {
-	OutOfMem();
+    for (ifa = myAddrs; ifa != NULL; ifa = ifa->ifa_next) {
+	/* skip interfaces without address or in down state */
+	if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP))
+	    continue;
+
+	error =
+	    getnameinfo(ifa->ifa_addr, sizeof(struct sockaddr_storage),
+			addr, sizeof(addr), NULL, 0, NI_NUMERICHOST);
+	if (error)
+	    continue;
+
+	if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
+	    OutOfMem();
+	if ((a->pcwho = StrDup(addr)) == (char *)0)
+	    OutOfMem();
+
+	a->ctrust = config->defaultaccess;
+	a->pACnext = pACList;
+	pACList = a;
+
+	CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+		   pACList->pcwho));
     }
-    if ((char *)0 == (pcWho = malloc(iLen + 1))) {
+    freeifaddrs(myAddrs);
+#elif USE_UNIX_DOMAIN_SOCKETS
+    if ((pACList = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
 	OutOfMem();
-    }
-    pACList->pACnext->ctrust = 'a';
-    pACList->pACnext->ilen = iLen;
-    pACList->pACnext->pcwho = strcpy(pcWho, pcDomain);
-
-    Debug(1, "Access list prime: trust=%c, who=%s",
-	  pACList->pACnext->ctrust, pACList->pACnext->pcwho);
-}
-
-/* thread ther list of uniq console server machines, aliases for	(ksb)
- * machines will screw us up
- */
-REMOTE *
-#if USE_ANSI_PROTO
-FindUniq(REMOTE * pRCAll)
+    if ((pACList->pcwho = StrDup("127.0.0.1")) == (char *)0)
+	OutOfMem();
+    pACList->ctrust = config->defaultaccess;
+    CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+	       pACList->pcwho));
 #else
-FindUniq(pRCAll)
-    REMOTE *pRCAll;
+    while (pAddr->s_addr != (in_addr_t) 0) {
+	char *addr;
+
+	addr = inet_ntoa(*pAddr);
+	if ((a = (ACCESS *)calloc(1, sizeof(ACCESS))) == (ACCESS *)0)
+	    OutOfMem();
+	if ((a->pcwho = StrDup(addr)) == (char *)0)
+	    OutOfMem();
+	a->ctrust = config->defaultaccess;
+	a->pACnext = pACList;
+	pACList = a;
+
+	CONDDEBUG((1, "SetDefAccess(): trust=%c, who=%s", pACList->ctrust,
+		   pACList->pcwho));
+	pAddr++;
+    }
 #endif
-{
-    REMOTE *pRC;
-
-    /* INV: tail of the list we are building always contains only
-     * uniq hosts, or the empty list.
-     */
-    if ((REMOTE *) 0 == pRCAll) {
-	return (REMOTE *) 0;
-    }
-
-    pRCAll->pRCuniq = FindUniq(pRCAll->pRCnext);
-
-    /* if it is in the returned list of uniq hosts, return that list
-     * else add us by returning our node
-     */
-    for (pRC = pRCAll->pRCuniq; (REMOTE *) 0 != pRC; pRC = pRC->pRCuniq) {
-	if (0 == strcmp(pRC->rhost.string, pRCAll->rhost.string)) {
-	    return pRCAll->pRCuniq;
-	}
-    }
-    return pRCAll;
+}
+
+void
+DestroyAccessList(ACCESS *pACList)
+{
+    if (pACList == (ACCESS *)0)
+	return;
+    if (pACList->pcwho != (char *)0)
+	free(pACList->pcwho);
+    free(pACList);
 }

conserver/access.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: access.h,v 5.17 2002-02-25 14:00:38-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -39,25 +37,17 @@
 
 typedef struct access {
     char ctrust;		/* how much do we trust the host        */
-    int ilen;			/* length (strlen) of pcwho             */
     char *pcwho;		/* what is the hosts name/ip number     */
     int isCIDR;			/* is this a CIDR addr (or hostname?)   */
     struct access *pACnext;	/* next access list                     */
 } ACCESS;
 
-typedef struct remote {		/* console at another host              */
-    struct remote *pRCnext;	/* next remote console we know about    */
-    struct remote *pRCuniq;	/* list of uniq remote servers          */
-    STRING rserver;		/* remote server name                   */
-    STRING rhost;		/* remote host to call to get it        */
-} REMOTE;
-
-#if USE_ANSI_PROTO
-extern REMOTE *FindUniq(REMOTE *);
-extern char AccType(struct in_addr *, char *);
-extern void SetDefAccess(struct in_addr *pAddr, char *pHost);
+extern char AccType(INADDR_STYPE *, char **);
+extern void SetDefAccess(
+#if USE_IPV6
+			    void
 #else
-extern REMOTE *FindUniq();
-extern char AccType();
-extern void SetDefAccess();
+			    struct in_addr *, char *
 #endif
+    );
+extern void DestroyAccessList(ACCESS *);

conserver/client.c

@@ -1,6 +1,4 @@
 /*
- *  $Id: client.c,v 5.48 2002-03-11 18:27:04-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -34,262 +32,196 @@
  * 4. This notice may not be removed or altered.
  */
 
-#include <config.h>
-
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <signal.h>
-#include <pwd.h>
-
 #include <compat.h>
-#include <port.h>
-#include <util.h>
 
+#include <cutil.h>
 #include <consent.h>
+#include <access.h>
 #include <client.h>
 #include <group.h>
+#include <readcfg.h>
+
+#if USE_IPV6
+# include <sys/socket.h>
+# include <netdb.h>
+#endif /* USE_IPV6 */
+
+#if defined(USE_LIBWRAP)
+# include <syslog.h>
+# include <tcpd.h>
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_WARNING;
+#endif
 
 
 /* find the next guy who wants to write on the console			(ksb)
  */
-CONSCLIENT *
-#if USE_ANSI_PROTO
-FindWrite(CONSCLIENT * pCL)
-#else
-FindWrite(pCL)
+void
+FindWrite(CONSENT *pCE)
+{
+    CONSCLIENT *pCLfound = (CONSCLIENT *)0;
     CONSCLIENT *pCL;
-#endif
-{
-    /* return the first guy to have the `want write' bit set
-     * (tell him of the promotion, too)  we could look for the
-     * most recent or some such... I guess it doesn't matter that
-     * much.
+
+    /* make the first guy (last on the list) to have the `want write' bit set
+     * the writer (tell him of the promotion, too)  we could look for the most
+     * recent or some such... I guess it doesn't matter that much.
      */
-    for ( /*passed in */ ; (CONSCLIENT *) 0 != pCL; pCL = pCL->pCLnext) {
-	if (!pCL->fwantwr)
-	    continue;
-	if (!pCL->pCEto->fup || pCL->pCEto->fronly)
-	    break;
-	pCL->fwantwr = 0;
-	pCL->fwr = 1;
-	if (pCL->pCEto->nolog) {
-	    fileWrite(pCL->fd, "\r\n[attached (nologging)]\r\n", -1);
+    if (pCE->pCLwr != (CONSCLIENT *)0 || pCE->fronly)
+	return;
+
+    for (pCL = pCE->pCLon; (CONSCLIENT *)0 != pCL; pCL = pCL->pCLnext) {
+	if (pCL->fwantwr && !pCL->fro)
+	    pCLfound = pCL;
+    }
+
+    if (pCLfound != (CONSCLIENT *)0) {
+	pCLfound->fwantwr = 0;
+	pCLfound->fwr = 1;
+	if (pCE->nolog) {
+	    FileWrite(pCLfound->fd, FLAGFALSE,
+		      "\r\n[attached (nologging)]\r\n", -1);
 	} else {
-	    fileWrite(pCL->fd, "\r\n[attached]\r\n", -1);
+	    FileWrite(pCLfound->fd, FLAGFALSE, "\r\n[attached]\r\n", -1);
 	}
-	tagLogfile(pCL->pCEto, "%s attached", pCL->acid.string);
-	return pCL;
+	TagLogfileAct(pCE, "%s attached", pCLfound->acid->string);
+	pCE->pCLwr = pCLfound;
     }
-    return (CONSCLIENT *) 0;
 }
 
-/* show a character as a string so the user cannot mistake it for	(ksb)
- * another
- * 
- * must pass us at least 16 characters to put fill with text
- */
-char *
-#if USE_ANSI_PROTO
-FmtCtl(int ci, STRING * pcIn)
-#else
-FmtCtl(ci, pcIn)
-    int ci;
-    STRING *pcIn;
-#endif
+void
+BumpClient(CONSENT *pCE, char *message)
 {
-    unsigned char c;
+    if ((CONSCLIENT *)0 == pCE->pCLwr)
+	return;
 
-    buildMyString((char *)0, pcIn);
-    c = ci & 0xff;
-    if (c > 127) {
-	c -= 128;
-	buildMyString("M-", pcIn);
-    }
-
-    if (c < ' ' || c == '\177') {
-	buildMyStringChar('^', pcIn);
-	buildMyStringChar(c ^ 0100, pcIn);
-    } else if (c == ' ') {
-	buildMyString("<space>", pcIn);
-    } else if (c == '^') {
-	buildMyString("<circumflex>", pcIn);
-    } else if (c == '\\') {
-	buildMyString("<backslash>", pcIn);
-    } else {
-	buildMyStringChar(c, pcIn);
-    }
-    return pcIn->string;
+    if ((char *)0 != message)
+	FileWrite(pCE->pCLwr->fd, FLAGFALSE, message, -1);
+    pCE->pCLwr->fwantwr = 0;
+    pCE->pCLwr->fwr = 0;
+    pCE->pCLwr = (CONSCLIENT *)0;
 }
 
-/* replay last iBack lines of the log file upon connect to console	(ksb)
+/* replay last 'back' lines of the log file upon connect to console	(ksb)
  *
  * NB: we know the console might be spewing when the replay happens,
  * we want to just output what is in the log file and get out,
  * so we don't drop chars...
  */
-void
-#if USE_ANSI_PROTO
-Replay(CONSFILE * fdLog, CONSFILE * fdOut, int iBack)
-#else
-Replay(fdLog, fdOut, iBack)
-    CONSFILE *fdLog;
-    CONSFILE *fdOut;
-    int iBack;
-#endif
-{
+#define REPLAYBUFFER 4096
 
+void
+Replay(CONSENT *pCE, CONSFILE *fdOut, unsigned short back)
+{
+    CONSFILE *fdLog = (CONSFILE *)0;
+    STRING *line = (STRING *)0;
     off_t file_pos;
     off_t buf_pos;
-    char *buf;
+    char *buf = (char *)0;
     char *bp = (char *)0;
-    char *s;
-    int r;
     int ch;
     struct stat stLog;
-    struct lines {
-	int is_mark;
-	STRING line;
-	STRING mark_end;
-    } *lines;
-    int n_lines;
     int ln;
-    int i;
-    int j;
-    int u;
-    int is_mark;
-    char dummy[4];
+    int was_mark = 0;
+#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
+    unsigned long dmallocMarkReplay = 0;
+#endif
 
-    if ((CONSFILE *) 0 == fdLog) {
-	fileWrite(fdOut, "[no log file on this console]\r\n", -1);
+    if (pCE != (CONSENT *)0 && pCE->logfile != (char *)0)
+	fdLog = FileOpen(pCE->logfile, O_RDONLY, 0644);
+
+    if (fdLog == (CONSFILE *)0) {
+	FileWrite(fdOut, FLAGFALSE, "[no log file on this console]\r\n",
+		  -1);
 	return;
     }
+#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
+    dmallocMarkReplay = dmalloc_mark();
+#endif
 
     /* find the size of the file
      */
-    if (0 != fileStat(fdLog, &stLog)) {
-	return;
-    }
-    file_pos = stLog.st_size - 1;
+    if (0 != FileStat(fdLog, &stLog))
+	goto common_exit;
+
+    file_pos = stLog.st_size - 1;	/* point at last byte */
     buf_pos = file_pos + 1;
 
-    /* get space for the line information and initialize it
-     *
-     * we allocate room for one more line than requested to be able to
-     * do the mark ranges
-     */
-    if ((char *)0 == (buf = malloc(BUFSIZ))) {
+    if ((char *)0 == (buf = malloc(REPLAYBUFFER)))
 	OutOfMem();
-    }
-    n_lines = iBack + 1;
-    lines = (struct lines *)calloc(n_lines, sizeof(*lines));
-    if ((struct lines *)0 == lines) {
-	OutOfMem();
-    }
-    ln = -1;
+    bp = buf + 1;		/* just give it something - it resets below */
+
+    line = AllocString();
 
     /* loop as long as there is data in the file or we have not found
      * the requested number of lines
      */
-    while (file_pos >= 0) {
+    ln = -1;
+    for (; file_pos >= 0; file_pos--, bp--) {
 	if (file_pos < buf_pos) {
+	    int r;
 
 	    /* read one buffer worth of data a buffer boundary
 	     *
 	     * the first read will probably not get a full buffer but
 	     * the rest (as we work our way back in the file) should be
 	     */
-	    buf_pos = (file_pos / BUFSIZ) * BUFSIZ;
-#if defined(SEEK_SET)
-	    /* PTX and maybe other Posix systems
-	     */
-	    if (fileSeek(fdLog, buf_pos, SEEK_SET) < 0) {
+	    buf_pos = (file_pos / REPLAYBUFFER) * REPLAYBUFFER;
+	    if (FileSeek(fdLog, buf_pos, SEEK_SET) < 0) {
 		goto common_exit;
 	    }
-#else
-	    if (fileSeek(fdLog, buf_pos, L_SET) < 0) {
+	    if ((r = FileRead(fdLog, buf, REPLAYBUFFER)) < 0) {
 		goto common_exit;
 	    }
-#endif
-	    if ((r = fileRead(fdLog, buf, BUFSIZ)) <= 0) {
-		goto common_exit;
-	    }
-	    bp = buf + r;
+	    bp = buf + r - 1;
 	}
 
 	/* process the next character
 	 */
-	--file_pos;
-	if ((ch = *--bp) == '\n') {
+	if ((ch = *bp) == '\n') {
 	    if (ln >= 0) {
+		int i;
+		int u;
+		int is_mark = 0;
 
 		/* reverse the text to put it in forward order
 		 */
-		u = lines[ln].line.used - 1;
+		u = line->used - 1;
 		for (i = 0; i < u / 2; i++) {
 		    int temp;
 
-		    temp = lines[ln].line.string[i];
-		    lines[ln].line.string[i]
-			= lines[ln].line.string[u - i - 1];
-		    lines[ln].line.string[u - i - 1] = temp;
+		    temp = line->string[i];
+		    line->string[i] = line->string[u - i - 1];
+		    line->string[u - i - 1] = temp;
 		}
 
 		/* see if this line is a MARK
 		 */
-		if (lines[ln].line.used > 0 &&
-		    lines[ln].line.string[0] == '[') {
-		    i = sscanf(lines[ln].line.string + 1,
+		if (line->used > 0 && line->string[0] == '[') {
+		    char dummy[4];
+		    int j;
+		    i = sscanf(line->string + 1,
 			       "-- MARK -- %3c %3c %d %d:%d:%d %d]\r\n",
 			       dummy, dummy, &j, &j, &j, &j, &j);
 		    is_mark = (i == 7);
-		} else {
-		    is_mark = 0;
 		}
 
 		/* process this line
 		 */
-		if (is_mark && ln > 0 && lines[ln - 1].is_mark) {
+		if (is_mark && was_mark) {
 		    /* this is a mark and the previous line is also
-		     * a mark, so make (or continue) that range
+		     * a mark, so reduce the line count 'cause it'll
+		     * go up by one and we're joining them on output.
 		     */
-		    if (0 == lines[ln - 1].mark_end.allocated) {
-			/* this is a new range - shuffle pointers
-			 *
-			 * remember that we are moving backward
-			 */
-			lines[ln - 1].mark_end = lines[ln - 1].line;
-			lines[ln - 1].line.string = (char *)0;
-			lines[ln - 1].line.used = 0;
-			lines[ln - 1].line.allocated = 0;
-		    }
-		    /* if unallocated, cheat and shuffle pointers */
-		    if (0 == lines[ln - 1].line.allocated) {
-			lines[ln - 1].line = lines[ln].line;
-			lines[ln].line.string = (char *)0;
-			lines[ln].line.used = 0;
-			lines[ln].line.allocated = 0;
-		    } else {
-			buildMyString((char *)0, &lines[ln - 1].line);
-			buildMyString(lines[ln].line.string,
-				      &lines[ln - 1].line);
-			buildMyString((char *)0, &lines[ln].line);
-		    }
 		    ln--;
 		}
-		lines[ln].is_mark = is_mark;
+		was_mark = is_mark;
 	    }
 
 	    /* advance to the next line and break if we have enough
 	     */
 	    ln++;
-	    if (ln >= n_lines - 1) {
+	    BuildString((char *)0, line);
+	    if (ln >= back) {
 		break;
 	    }
 	}
@@ -300,95 +232,126 @@ Replay(fdLog, fdOut, iBack)
 	if (ln < 0) {
 	    ln = 0;
 	}
-	(void)buildMyStringChar(ch, &lines[ln].line);
+	BuildStringChar(ch, line);
 
 	/* if we've processed "a lot" of data for a line, then bail
 	 * why?  there must be some very long non-newline terminated
 	 * strings and if we just keep going back, we could spew lots
 	 * of data and chew up lots of memory
 	 */
-	if (lines[ln].line.used > MAXREPLAYLINELEN) {
+	if (line->used > MAXREPLAYLINELEN) {
 	    break;
 	}
     }
-    free(buf);
-    buf = (char *)0;
 
-    /* if we got back to beginning of file but saw some data, include it
+    /* move forward.  either we hit the beginning of the file and we
+     * move to the first byte, or we hit a \n and we move past it
      */
-    if (ln >= 0 && lines[ln].line.used > 0) {
+    file_pos++;
 
-	/* reverse the text to put it in forward order
-	 */
-	u = lines[ln].line.used - 1;
-	for (i = 0; i < u / 2; i++) {
-	    int temp;
+    /* Now output the lines, starting from where we stopped */
+    if (FileSeek(fdLog, file_pos, SEEK_SET) >= 0) {
+	int eof = 0;
+	int i = 0;
+	int r = 0;
+	STRING *mark_beg = (STRING *)0;
+	STRING *mark_end = (STRING *)0;
 
-	    temp = lines[ln].line.string[i];
-	    lines[ln].line.string[i]
-		= lines[ln].line.string[u - i - 1];
-	    lines[ln].line.string[u - i - 1] = temp;
+	mark_beg = AllocString();
+	mark_end = AllocString();
+
+	ln = 0;			/* number of lines output */
+	BuildString((char *)0, line);
+
+	while (ln < back && !eof) {
+	    if (r <= 0) {
+		if ((r = FileRead(fdLog, buf, REPLAYBUFFER)) < 0)
+		    eof = 1;
+		i = 0;
+	    }
+
+	    if (!eof)
+		BuildStringChar(buf[i], line);
+
+	    if (buf[i] == '\n' || eof) {
+		int is_mark = 0;
+		if (line->used > 0 && line->string[0] == '[') {
+		    char dummy[4];
+		    int j;
+		    int i;
+		    i = sscanf(line->string + 1,
+			       "-- MARK -- %3c %3c %d %d:%d:%d %d]\r\n",
+			       dummy, dummy, &j, &j, &j, &j, &j);
+		    is_mark = (i == 7);
+		}
+		if (is_mark) {
+		    if (mark_beg->used > 1) {
+			BuildString((char *)0, mark_end);
+			BuildString(line->string, mark_end);
+		    } else
+			BuildString(line->string, mark_beg);
+		} else {
+		    if (mark_beg->used > 1) {
+			if (mark_end->used > 1) {
+			    char *s;
+
+			    /* output the start of the range, stopping at the ']' */
+			    s = strrchr(mark_beg->string, ']');
+			    if ((char *)0 != s)
+				*s = '\000';
+			    FileWrite(fdOut, FLAGTRUE, mark_beg->string,
+				      -1);
+			    FileWrite(fdOut, FLAGTRUE, " .. ", 4);
+
+			    /* build the end string by removing the leading "[-- MARK -- "
+			     * and replacing "]\r\n" on the end with " -- MARK --]\r\n"
+			     */
+			    s = strrchr(mark_end->string, ']');
+			    if ((char *)0 != s)
+				*s = '\000';
+			    FileWrite(fdOut, FLAGTRUE,
+				      mark_end->string +
+				      sizeof("[-- MARK -- ") - 1, -1);
+			    FileWrite(fdOut, FLAGFALSE, " -- MARK --]\r\n",
+				      -1);
+			} else {
+			    FileWrite(fdOut, FLAGFALSE, mark_beg->string,
+				      mark_beg->used - 1);
+			}
+			BuildString((char *)0, mark_beg);
+			BuildString((char *)0, mark_end);
+			ln++;
+			if (ln >= back)
+			    break;
+		    }
+		    FileWrite(fdOut, FLAGFALSE, line->string,
+			      line->used - 1);
+		    ln++;
+		}
+		BuildString((char *)0, line);
+	    }
+
+	    /* move the counters */
+	    i++;
+	    r--;
 	}
-	ln++;
-    }
-
-    /* copy the lines into the buffer and put them in order
-     */
-    for (i = ln - 1; i >= 0; i--) {
-	if (lines[i].is_mark && 0 != lines[i].mark_end.used) {
-	    int mark_len;
-
-	    /* output the start of the range, stopping at the ']'
-	     */
-	    s = strrchr(lines[i].line.string, ']');
-	    if ((char *)0 != s) {
-		*s = '\000';
-	    }
-	    (void)fileWrite(fdOut, lines[i].line.string, -1);
-	    (void)fileWrite(fdOut, " .. ", -1);
-
-	    /* build the end string by removing the leading "[-- MARK -- "
-	     * and replacing "]\r\n" on the end with " -- MARK --]\r\n"
-	     */
-	    mark_len = sizeof("[-- MARK -- ") - 1;
-
-	    s = strrchr(lines[i].mark_end.string + mark_len, ']');
-	    if ((char *)0 != s) {
-		*s = '\000';
-	    }
-	    (void)fileWrite(fdOut, lines[i].mark_end.string + mark_len,
-			    -1);
-	    (void)fileWrite(fdOut, " -- MARK --]\r\n", -1);
-	    u = lines[i].mark_end.used;
-	    s = lines[i].mark_end.string;
-	} else
-	    (void)fileWrite(fdOut, lines[i].line.string, -1);
+	DestroyString(mark_end);
+	DestroyString(mark_beg);
     }
 
   common_exit:
 
-    if ((struct lines *)0 != lines) {
-	for (i = 0; i < n_lines; i++) {
-	    if ((char *)0 != lines[i].mark_end.string) {
-		free(lines[i].mark_end.string);
-		lines[i].mark_end.string = (char *)0;
-		lines[i].mark_end.used = 0;
-		lines[i].mark_end.allocated = 0;
-	    }
-	    if ((char *)0 != lines[i].line.string) {
-		free(lines[i].line.string);
-		lines[i].line.string = (char *)0;
-		lines[i].line.used = 0;
-		lines[i].line.allocated = 0;
-	    }
-	}
-	free(lines);
-	lines = (struct lines *)0;
-    }
-    if ((char *)0 != buf) {
+    if (line != (STRING *)0)
+	DestroyString(line);
+    if (buf != (char *)0)
 	free(buf);
-	buf = (char *)0;
-    }
+    if (fdLog != (CONSFILE *)0)
+	FileClose(&fdLog);
+
+#if HAVE_DMALLOC && DMALLOC_MARK_REPLAY
+    CONDDEBUG((1, "Replay(): dmalloc / MarkReplay"));
+    dmalloc_log_changed(dmallocMarkReplay, 1, 0, 1);
+#endif
 }
 
 
@@ -396,9 +359,9 @@ Replay(fdLog, fdOut, iBack)
  */
 #define WHEN_SPY	0x01
 #define WHEN_ATTACH	0x02
-#define WHEN_VT100	0x04
-#define WHEN_EXPERT	0x08	/* ZZZ no way to set his yet    */
+#define WHEN_EXPERT	0x04	/* ZZZ no way to set his yet    */
 #define WHEN_ALWAYS	0x40
+#define IS_LIMITED	0x100
 
 #define HALFLINE	40
 
@@ -408,101 +371,219 @@ typedef struct HLnode {
 } HELP;
 
 static HELP aHLTable[] = {
-    {WHEN_ALWAYS, ".    disconnect"},
-    {WHEN_ALWAYS, "a    attach read/write"},
-    {WHEN_ALWAYS, "b    send broadcast message"},
-    {WHEN_ATTACH, "c    toggle flow control"},
-    {WHEN_ATTACH, "d    down a console"},
-    {WHEN_ALWAYS, "e    change escape sequence"},
-    {WHEN_ALWAYS, "f    force attach read/write"},
-    {WHEN_ALWAYS, "g    group info"},
-    {WHEN_ALWAYS, "i    information dump"},
-    {WHEN_ATTACH, "L    toggle logging on/off"},
-    {WHEN_ATTACH, "l?   break sequence list"},
-    {WHEN_ATTACH, "l0   send break per config file"},
-    {WHEN_ATTACH, "l1-9 send specific break sequence"},
-    {WHEN_ALWAYS, "o    (re)open the tty and log file"},
-    {WHEN_ALWAYS, "p    replay the last 60 lines"},
-    {WHEN_ALWAYS, "r    replay the last 20 lines"},
-    {WHEN_ATTACH, "s    spy read only"},
-    {WHEN_ALWAYS, "u    show host status"},
-    {WHEN_ALWAYS, "v    show version info"},
-    {WHEN_ALWAYS, "w    who is on this console"},
-    {WHEN_ALWAYS, "x    show console baud info"},
-    {WHEN_ALWAYS, "z    suspend the connection"},
-    {WHEN_ALWAYS, "<cr> ignore/abort command"},
-    {WHEN_ALWAYS, "?    print this message"},
-    {WHEN_ALWAYS, "^R   replay the last line"},
-    {WHEN_ATTACH, "\\ooo send character by octal code"},
-    {WHEN_EXPERT, "^I   toggle tab expansion"},
-    {WHEN_EXPERT, ";    change to another console"},
-    {WHEN_EXPERT, "+(-) do (not) drop line"},
-    {WHEN_VT100, "PF1  print this message"},
-    {WHEN_VT100, "PF2  disconnect"},
-    {WHEN_VT100, "PF3  replay the last 20 lines"},
-    {WHEN_VT100, "PF4  spy read only"}
+    {WHEN_ALWAYS, ".       disconnect"},
+    {WHEN_ALWAYS | IS_LIMITED, ";       move to another console"},
+    {WHEN_ALWAYS, "a       attach read/write"},
+    {WHEN_ALWAYS, "b       send broadcast message"},
+    {WHEN_ATTACH, "c       toggle flow control"},
+    {WHEN_ATTACH, "d       down a console"},
+    {WHEN_ALWAYS, "e       change escape sequence"},
+    {WHEN_ALWAYS, "f       force attach read/write"},
+    {WHEN_ALWAYS, "g       group info"},
+    {WHEN_ALWAYS, "i       information dump"},
+    {WHEN_ATTACH, "L       toggle logging on/off"},
+    {WHEN_ATTACH, "l?      break sequence list"},
+    {WHEN_ATTACH, "l0      send break per config file"},
+    {WHEN_ATTACH, "l1-9a-z send specific break sequence"},
+    {WHEN_ALWAYS, "m       display message of the day"},
+    {WHEN_ALWAYS, "n       write a note to the logfile"},
+    {WHEN_ALWAYS, "o       (re)open the tty and log file"},
+    {WHEN_ALWAYS, "p       playback the last %hu lines"},
+    {WHEN_ALWAYS, "P       set number of playback lines"},
+    {WHEN_ALWAYS, "r       replay the last %hu lines"},
+    {WHEN_ALWAYS, "R       set number of replay lines"},
+    {WHEN_ATTACH, "s       spy mode (read only)"},
+    {WHEN_ALWAYS, "u       show host status"},
+    {WHEN_ALWAYS, "v       show version info"},
+    {WHEN_ALWAYS, "w       who is on this console"},
+    {WHEN_ALWAYS, "x       show console baud info"},
+    {WHEN_ALWAYS | IS_LIMITED, "z       suspend the connection"},
+    {WHEN_ATTACH, "!       invoke task"},
+    {WHEN_ATTACH | IS_LIMITED, "|       attach local command"},
+    {WHEN_ALWAYS, "?       print this message"},
+    {WHEN_ALWAYS, "<cr>    ignore/abort command"},
+    {WHEN_ALWAYS, "^R      replay the last line"},
+    {WHEN_ATTACH, "\\ooo    send character by octal code"},
 };
 
 /* list the commands we know for the user				(ksb)
  */
 void
-#if USE_ANSI_PROTO
-HelpUser(CONSCLIENT * pCL)
-#else
-HelpUser(pCL)
-    CONSCLIENT *pCL;
-#endif
+HelpUser(CONSCLIENT *pCL)
 {
     int i, j, iCmp;
     static char
       acH1[] = "help]\r\n", acH2[] = "help spy mode]\r\n", acEoln[] =
 	"\r\n";
-    static STRING acLine = { (char *)0, 0, 0 };
+    static STRING *acLine = (STRING *)0;
+
+    if (acLine == (STRING *)0)
+	acLine = AllocString();
 
     iCmp = WHEN_ALWAYS | WHEN_SPY;
     if (pCL->fwr) {
-	(void)fileWrite(pCL->fd, acH1, sizeof(acH1) - 1);
+	FileWrite(pCL->fd, FLAGTRUE, acH1, sizeof(acH1) - 1);
 	iCmp |= WHEN_ATTACH;
     } else {
-	(void)fileWrite(pCL->fd, acH2, sizeof(acH2) - 1);
-    }
-    if ('\033' == pCL->ic[0] && 'O' == pCL->ic[1]) {
-	iCmp |= WHEN_VT100;
+	FileWrite(pCL->fd, FLAGTRUE, acH2, sizeof(acH2) - 1);
     }
 
-    buildMyString((char *)0, &acLine);
+    BuildString((char *)0, acLine);
     for (i = 0; i < sizeof(aHLTable) / sizeof(HELP); ++i) {
-	if (0 == (aHLTable[i].iwhen & iCmp)) {
+	char *text;
+
+	if (aHLTable[i].iwhen & IS_LIMITED &&
+	    ConsentUserOk(pLUList, pCL->username->string) == 1)
 	    continue;
+
+	if (0 == (aHLTable[i].iwhen & iCmp))
+	    continue;
+
+	text = aHLTable[i].actext;
+	if (text[0] == 'p') {
+	    BuildTmpString((char *)0);
+	    text = BuildTmpStringPrint(text, pCL->playback);
+	} else if (text[0] == 'r') {
+	    BuildTmpString((char *)0);
+	    text = BuildTmpStringPrint(text, pCL->replay);
 	}
-	if (acLine.used != 0) {	/* second part of line */
-	    if (strlen(aHLTable[i].actext) < HALFLINE) {
-		for (j = acLine.used; j <= HALFLINE; ++j) {
-		    buildMyStringChar(' ', &acLine);
+
+	if (acLine->used != 0) {	/* second part of line */
+	    if (strlen(text) < HALFLINE) {
+		for (j = acLine->used; j <= HALFLINE; ++j) {
+		    BuildStringChar(' ', acLine);
 		}
-		buildMyString(aHLTable[i].actext, &acLine);
-		buildMyString(acEoln, &acLine);
-		(void)fileWrite(pCL->fd, acLine.string, -1);
-		buildMyString((char *)0, &acLine);
+		BuildString(text, acLine);
+		BuildString(acEoln, acLine);
+		FileWrite(pCL->fd, FLAGTRUE, acLine->string,
+			  acLine->used - 1);
+		BuildString((char *)0, acLine);
 		continue;
 	    } else {
-		buildMyString(acEoln, &acLine);
-		(void)fileWrite(pCL->fd, acLine.string, -1);
-		buildMyString((char *)0, &acLine);
+		BuildString(acEoln, acLine);
+		FileWrite(pCL->fd, FLAGTRUE, acLine->string,
+			  acLine->used - 1);
+		BuildString((char *)0, acLine);
 	    }
 	}
-	if (acLine.used == 0) {	/* at new line */
-	    buildMyStringChar(' ', &acLine);
-	    buildMyString(aHLTable[i].actext, &acLine);
-	    if (acLine.used > HALFLINE) {
-		buildMyString(acEoln, &acLine);
-		(void)fileWrite(pCL->fd, acLine.string, -1);
-		buildMyString((char *)0, &acLine);
+	if (acLine->used == 0) {	/* at new line */
+	    BuildStringChar(' ', acLine);
+	    BuildString(text, acLine);
+	    if (acLine->used > HALFLINE) {
+		BuildString(acEoln, acLine);
+		FileWrite(pCL->fd, FLAGTRUE, acLine->string,
+			  acLine->used - 1);
+		BuildString((char *)0, acLine);
 	    }
 	}
     }
-    if (acLine.used != 0) {
-	buildMyString(acEoln, &acLine);
-	(void)fileWrite(pCL->fd, acLine.string, -1);
+    if (acLine->used != 0) {
+	BuildString(acEoln, acLine);
+	FileWrite(pCL->fd, FLAGTRUE, acLine->string, acLine->used - 1);
     }
+    FileWrite(pCL->fd, FLAGFALSE, (char *)0, 0);
+}
+
+int
+ClientAccessOk(CONSCLIENT *pCL)
+{
+    char *peername = (char *)0;
+    int retval = 1;
+
+#if USE_IPV6 || !USE_UNIX_DOMAIN_SOCKETS
+    socklen_t so;
+    int cfd;
+# if USE_IPV6
+    int error;
+    char addr[NI_MAXHOST];
+# endif
+    SOCKADDR_STYPE in_port;
+    int getpeer = -1;
+
+    cfd = FileFDNum(pCL->fd);
+    pCL->caccess = 'r';
+# if defined(USE_LIBWRAP)
+    {
+	struct request_info request;
+	CONDDEBUG((1, "ClientAccessOk(): doing tcpwrappers check"));
+	request_init(&request, RQ_DAEMON, progname, RQ_FILE, cfd, 0);
+	fromhost(&request);
+	if (!hosts_access(&request)) {
+	    FileWrite(pCL->fd, FLAGFALSE,
+		      "access from your host refused\r\n", -1);
+	    retval = 0;
+	    goto setpeer;
+	}
+    }
+# endif
+
+    so = sizeof(in_port);
+    if (-1 ==
+	(getpeer = getpeername(cfd, (struct sockaddr *)&in_port, &so))) {
+	FileWrite(pCL->fd, FLAGFALSE, "getpeername failed\r\n", -1);
+	retval = 0;
+	goto setpeer;
+    }
+    pCL->caccess = AccType(
+# if USE_IPV6
+			      &in_port,
+# else
+			      &in_port.sin_addr,
+# endif
+			      &peername);
+    if (pCL->caccess == 'r') {
+	FileWrite(pCL->fd, FLAGFALSE, "access from your host refused\r\n",
+		  -1);
+	retval = 0;
+    }
+  setpeer:
+#else
+    struct in_addr addr;
+
+# if HAVE_INET_ATON
+    inet_aton("127.0.0.1", &addr);
+# else
+    addr.s_addr = inet_addr("127.0.0.1");
+# endif
+    pCL->caccess = AccType(&addr, &peername);
+    if (pCL->caccess == 'r') {
+	FileWrite(pCL->fd, FLAGFALSE, "access from your host refused\r\n",
+		  -1);
+	retval = 0;
+    }
+#endif
+
+    if (pCL->peername != (STRING *)0) {
+	BuildString((char *)0, pCL->peername);
+	if (peername != (char *)0)
+	    BuildString(peername, pCL->peername);
+#if USE_IPV6
+	else if (getpeer != -1) {
+	    error =
+		getnameinfo((struct sockaddr *)&in_port, so, addr,
+			    sizeof(addr), NULL, 0, NI_NUMERICHOST);
+	    if (error) {
+		FileWrite(pCL->fd, FLAGFALSE, "getnameinfo failed\r\n",
+			  -1);
+		Error("ClientAccessOk(): gatenameinfo: %s",
+		      gai_strerror(error));
+		retval = 0;
+	    }
+
+	    BuildString(addr, pCL->peername);
+	} else
+	    BuildString("<unknown>", pCL->peername);
+#elif USE_UNIX_DOMAIN_SOCKETS
+	else
+	    BuildString("127.0.0.1", pCL->peername);
+#else
+	else if (getpeer != -1)
+	    BuildString(inet_ntoa(in_port.sin_addr), pCL->peername);
+	else
+	    BuildString("<unknown>", pCL->peername);
+#endif
+    }
+    if (peername != (char *)0)
+	free(peername);
+    return retval;
 }

conserver/client.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: client.h,v 5.25 2002-02-25 14:00:38-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -35,32 +33,42 @@
  */
 /* states for a server fsm
  */
-#define S_NORMAL 0		/* just pass character                          */
-#define S_ESC1	 1		/* first escape character received              */
-#define S_CMD	 2		/* second interrupt character received          */
-#define S_CATTN	 3		/* change 1 escape character to next input char */
-#define S_CESC	 4		/* change 2 escape character to next input char */
-#define S_HALT1	 5		/* we have a halt sequence in progress          */
-#define S_SUSP	 6		/* we are suspened, first char wakes us up      */
-#define S_IDENT	 7		/* probational connection (who is this)         */
-#define S_HOST	 8		/* still needs a host name to connect           */
-#define S_PASSWD 9		/* still needs a passwd to connect              */
-#define S_QUOTE 10		/* send any character we can spell              */
-#define S_BCAST 11		/* send a broadcast message to all connections  */
+typedef enum clientState {
+    S_NORMAL,			/* just pass character                     */
+    S_ESC1,			/* first escape character received         */
+    S_CMD,			/* second interrupt character received     */
+    S_CATTN,			/* change 1 escape char to next input char */
+    S_CESC,			/* change 2 escape char to next input char */
+    S_HALT1,			/* we have a halt sequence in progress     */
+    S_SUSP,			/* we are suspened, first char wakes us up */
+    S_IDENT,			/* probational connection (who is this)    */
+    S_PASSWD,			/* still needs a passwd to connect         */
+    S_QUOTE,			/* send any character we can spell         */
+    S_BCAST,			/* send a broadcast message to all clients */
+    S_CWAIT,			/* wait for client                         */
+    S_CEXEC,			/* client execing a program                */
+    S_REPLAY,			/* set replay length for 'r'               */
+    S_PLAYBACK,			/* set replay length for 'p'               */
+    S_NOTE,			/* send a note to the logfile              */
+    S_TASK,			/* invoke a task on the server side        */
+    S_CONFIRM			/* confirm input                           */
+} CLIENTSTATE;
 
 typedef struct client {		/* Connection Information:              */
     CONSFILE *fd;		/* file descriptor                      */
     short fcon;			/* currently connect or not             */
     short fwr;			/* (client) write enable flag           */
     short fwantwr;		/* (client) wants to write              */
+    short fro;			/* read-only permission                 */
     short fecho;		/* echo commands (not set by machines)  */
-    STRING acid;		/* login and location of client         */
-    STRING peername;		/* location of client                   */
+    short fiwait;		/* client wanting for console init      */
+    STRING *acid;		/* login and location of client         */
+    STRING *peername;		/* location of client                   */
+    STRING *username;		/* login of client                      */
     time_t tym;			/* time of connect                      */
     time_t typetym;		/* time of last keystroke               */
     char actym[32];		/* pre-formatted time                   */
     struct consent
-     *pCEwant,			/* what machine we would like to be on  */
      *pCEto;			/* host a client gets output from       */
     struct client
     **ppCLbscan,		/* back link for scan ptr               */
@@ -70,22 +78,22 @@ typedef struct client {		/* Connection Information:              */
      *pCLnext;			/* next person on this list             */
     /* next lists link clients on a console */
     char ic[2];			/* two character escape sequence        */
-    char iState;		/* state for fsm in server              */
+    unsigned short replay;	/* lines to replay for 'r'              */
+    unsigned short playback;	/* lines to replay for 'p'              */
+    CLIENTSTATE iState;		/* state for fsm in server              */
     char caccess;		/* did we trust the remote machine      */
-    STRING accmd;		/* the command the user issued          */
-    STRING msg;			/* the broadcast message                */
-    struct sockaddr_in
-      cnct_port;		/* where from                           */
+    IOSTATE ioState;		/* state of the socket                  */
+    time_t stateTimer;		/* timer for various ioState states */
+    STRING *accmd;		/* the command the user issued          */
+    INADDR_STYPE cnct_port;	/* where from                           */
+    FLAG confirmed;		/* confirm state                        */
+    CLIENTSTATE cState;		/* state needing confirmation           */
+    char cOption;		/* option initiating the confirmation   */
+    size_t tokenSize;		/* buffer size for GSSAPI token         */
 } CONSCLIENT;
 
-#if USE_ANSI_PROTO
-extern char *FmtCtl(int, STRING *);
-extern void Replay(CONSFILE *, CONSFILE *, int);
+extern void Replay(CONSENT *, CONSFILE *, unsigned short);
 extern void HelpUser(CONSCLIENT *);
-extern CONSCLIENT *FindWrite(CONSCLIENT *);
-#else
-extern char *FmtCtl();
-extern void Replay();
-extern void HelpUser();
-extern CONSCLIENT *FindWrite();
-#endif
+extern void FindWrite(CONSENT *);
+extern int ClientAccessOk(CONSCLIENT *);
+extern void BumpClient(CONSENT *, char *);

conserver/consent.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: consent.h,v 5.29 2002-02-25 14:00:38-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -46,69 +44,176 @@ typedef struct baud {		/* a baud rate table                    */
 } BAUD;
 
 typedef struct parity {		/* a parity bits table                  */
-    char ckey;
+    char *key;
     int iset;
     int iclr;
 } PARITY;
 
-#define ALARMTIME	60	/* time between chimes                  */
+typedef enum consType {
+    UNKNOWNTYPE = 0,
+    DEVICE,
+    EXEC,
+    HOST,
+    NOOP,
+    UDS,
+#if HAVE_FREEIPMI
+    IPMI,
+#endif
+} CONSTYPE;
 
+#if HAVE_FREEIPMI
+# define IPMIL_UNKNOWN  (0)
+# define IPMIL_USER     (IPMICONSOLE_PRIVILEGE_USER+1)
+# define IPMIL_OPERATOR (IPMICONSOLE_PRIVILEGE_OPERATOR+1)
+# define IPMIL_ADMIN    (IPMICONSOLE_PRIVILEGE_ADMIN+1)
+#endif
+
+typedef struct names {
+    char *name;
+    struct names *next;
+} NAMES;
+
+typedef struct consentUsers {
+    NAMES *user;
+    short not;
+    struct consentUsers *next;
+} CONSENTUSERS;
+
+/* we calloc() these things, so we're trying to make everything be
+ * "empty" when it's got a zero value
+ */
 typedef struct consent {	/* console information                  */
-    STRING server;		/* server name                          */
-    STRING dfile;		/* device file                          */
-    STRING lfile;		/* log file                             */
-    BAUD *pbaud;		/* the baud on this console port        */
-    PARITY *pparity;		/* the parity on this line              */
+    /*** config file settings ***/
+    char *server;		/* server name                          */
+    CONSTYPE type;		/* console type                         */
+    NAMES *aliases;		/* aliases for server name              */
+    /* type == DEVICE */
+    char *device;		/* device file                          */
+    char *devicesubst;		/* device substitution pattern          */
+    BAUD *baud;			/* the baud on this console port        */
+    PARITY *parity;		/* the parity on this line              */
+    FLAG hupcl;			/* use HUPCL                            */
+    FLAG cstopb;		/* use two stop bits                    */
+    FLAG ixon;			/* XON/XOFF flow control on output      */
+    FLAG ixany;			/* any character to restart output      */
+    FLAG ixoff;			/* XON/XOFF flow control on input       */
+#if defined(CRTSCTS)
+    FLAG crtscts;		/* use hardware flow control            */
+#endif
+#if HAVE_FREEIPMI
+    /* type == IPMI */
+    int ipmiprivlevel;		/* IPMI authentication level            */
+    ipmiconsole_ctx_t ipmictx;	/* IPMI ctx                             */
+    unsigned int ipmiworkaround;	/* IPMI workaround flags                */
+    short ipmiwrkset;		/* workaround flags set in config       */
+    int ipmiciphersuite;	/* IPMI cipher suite                    */
+    char *username;		/* Username to log as                   */
+    char *password;		/* Login Password                       */
+    STRING *ipmikg;		/* IPMI k_g auth key                    */
+#endif
+    /* type == HOST */
+    char *host;			/* hostname                             */
+    unsigned short netport;	/* final port    | netport = portbase + */
+    unsigned short port;	/* port number   |      portinc * port  */
+    unsigned short portbase;	/* port base                            */
+    unsigned short portinc;	/* port increment                       */
+    FLAG raw;			/* raw or telnet protocol?              */
+    /* type == EXEC */
+    char *exec;			/* exec command                         */
+    char *execsubst;		/* exec substitution pattern            */
+    uid_t execuid;		/* user to run exec as                  */
+    gid_t execgid;		/* group to run exec as                 */
+    /* type == UDS */
+    char *uds;			/* socket file                          */
+    char *udssubst;		/* socket file substitution pattern     */
+    /* global stuff */
+    char *master;		/* master hostname                      */
+    unsigned short breakNum;	/* break type [1-35]                    */
+    char *logfile;		/* logfile                              */
+    off_t logfilemax;		/* size limit for rolling logfile       */
+    char *initcmd;		/* initcmd command                      */
+    char *initsubst;		/* initcmd substitution pattern         */
+    uid_t inituid;		/* user to run initcmd as               */
+    gid_t initgid;		/* group to run initcmd as              */
+    char *motd;			/* motd                                 */
+    time_t idletimeout;		/* idle timeout                         */
+    char *idlestring;		/* string to print when idle            */
+    unsigned short spinmax;	/* initialization spin maximum          */
+    unsigned short spintimer;	/* initialization spin timer            */
+    char *replstring;		/* generic string for replacements      */
+    char *tasklist;		/* list of valid tasks                  */
+    char *breaklist;		/* list of valid break sequences        */
+    /* timestamp stuff */
     int mark;			/* Mark (chime) interval                */
     long nextMark;		/* Next mark (chime) time               */
-    short int breakType;	/* break type [1-9]                     */
-    int autoReUp;
+    FLAG activitylog;		/* log attach/detach/bump               */
+    FLAG breaklog;		/* log breaks sent                      */
+    FLAG tasklog;		/* log tasks invoked                    */
+    /* options */
+    FLAG ondemand;		/* bring up on-demand                   */
+    FLAG reinitoncc;		/* open if down on client connect       */
+    FLAG striphigh;		/* strip high-bit of console data       */
+    FLAG autoreinit;		/* auto-reinitialize if failed          */
+    FLAG unloved;		/* copy "unloved" data to stdout        */
+    FLAG login;			/* allow logins to the console          */
 
-    /* Used if network console */
-    int isNetworkConsole;
-    STRING networkConsoleHost;
-    int networkConsolePort;
-    int telnetState;
-
-    /* used if virtual console */
-    STRING acslave;		/* pseudo-device slave side             */
-    int fvirtual;		/* is a pty device we use as a console  */
-    STRING pccmd;		/* virtual console command              */
-    int ipid;			/* pid of virtual command               */
-
-    /* only used in child */
-    int nolog;			/* don't log output                     */
+    /*** runtime settings ***/
     CONSFILE *fdlog;		/* the local log file                   */
-    int fdtty;			/* the port to talk to machine on       */
-    int activitylog;		/* log attach/detach/bump               */
-    short int fup;		/* we setup this line?                  */
-    short int fronly;		/* we can only read this console        */
+    CONSFILE *cofile;		/* the port to talk to machine on       */
+    char *execSlave;		/* pseudo-device slave side             */
+    int execSlaveFD;		/* fd of slave side                     */
+    pid_t ipid;			/* pid of virtual command               */
+    pid_t initpid;		/* pid of initcmd command               */
+    CONSFILE *initfile;		/* the command run on init              */
+    pid_t taskpid;		/* pid of task running                  */
+    CONSFILE *taskfile;		/* the output from the task (read-only) */
+    STRING *wbuf;		/* write() buffer                       */
+    int wbufIAC;		/* next IAC location in wbuf            */
+    IOSTATE ioState;		/* state of the socket                  */
+    time_t stateTimer;		/* timer for ioState states             */
+    time_t lastWrite;		/* time of last data sent to console    */
+#if HAVE_GETTIMEOFDAY
+    struct timeval lastInit;	/* time of last initialization          */
+#else
+    time_t lastInit;		/* time of last initialization          */
+#endif
+    unsigned short spincount;	/* initialization spin counter          */
+
+    /*** state information ***/
+    char acline[132 * 2 + 2];	/* max chars we will call a line        */
+    int iend;			/* length of data stored in acline      */
+    int telnetState;		/* state for telnet negotiations        */
+    FLAG sentDoEcho;		/* have we sent telnet DO ECHO cmd?     */
+    FLAG sentDoSGA;		/* have we sent telnet DO SGA cmd?      */
+    unsigned short autoReUp;	/* is it coming back up automatically?  */
+    FLAG downHard;		/* did it go down unexpectedly?         */
+    unsigned short nolog;	/* don't log output                     */
+    unsigned short fup;		/* we setup this line?                  */
+    unsigned short fronly;	/* we can only read this console        */
+
+    /*** list management ***/
     struct client *pCLon;	/* clients on this console              */
     struct client *pCLwr;	/* client that is writting on console   */
-    char acline[132 * 2 + 2];	/* max chars we will call a line        */
-    short int iend;		/* length of data stored in acline      */
+    CONSENTUSERS *rw;		/* rw users                             */
+    CONSENTUSERS *ro;		/* ro users                             */
     struct consent *pCEnext;	/* next console entry                   */
 } CONSENT;
 
-struct hostcache {
-    STRING hostname;
-    struct hostcache *next;
-};
+typedef struct remote {		/* console at another host              */
+    struct remote *pRCnext;	/* next remote console we know about    */
+    struct remote *pRCuniq;	/* list of uniq remote servers          */
+    char *rserver;		/* remote server name                   */
+    char *rhost;		/* remote host to call to get it        */
+    NAMES *aliases;		/* aliases for remote server name       */
+} REMOTE;
 
-#if USE_ANSI_PROTO
 extern PARITY *FindParity(char *);
 extern BAUD *FindBaud(char *);
-extern void ConsInit(CONSENT *, fd_set *, int);
-extern void ConsDown(CONSENT *, fd_set *);
-extern int CheckHostCache(const char *);
-extern void AddHostCache(const char *);
-extern void ClearHostCache();
-#else
-extern PARITY *FindParity();
-extern BAUD *FindBaud();
-extern void ConsInit();
-extern void ConsDown();
-extern int CheckHostCache();
-extern void AddHostCache();
-extern void ClearHostCache();
-#endif
+extern void ConsInit(CONSENT *);
+extern void ConsDown(CONSENT *, FLAG, FLAG);
+extern REMOTE *FindUniq(REMOTE *);
+extern void DestroyRemoteConsole(REMOTE *);
+extern void StartInit(CONSENT *);
+extern void StopInit(CONSENT *);
+extern char *ConsState(CONSENT *);
+extern void SetupTty(CONSENT *, int);

conserver/conserver.man

@@ -1,254 +0,0 @@
-.\" @(#)conserver.8 01/06/91 OSU CIS; Thomas A. Fine
-.\" $Id: conserver.man,v 1.23 2002-02-25 13:58:45-08 bryan Exp $
-.TH CONSERVER 8 "Local"
-.SH NAME
-conserver \- console server daemon
-.SH SYNOPSIS
-\fBconserver\fP [\fB\-7dDhinouvV\fP] [\fB\-a\fP \fItype\fP]
-[\fB\-m\fP \fImax\fP]
-[\fB\-M\fP \fIaddr\fP] [\fB\-p\fP \fIport\fP] [\fB\-b\fP \fIport\fP]
-[\fB\-C\fP \fIconfig\fP] [\fB\-P\fP \fIpasswd\fP]
-[\fB\-L\fP \fIlogfile\fP] [\fB\-O\fP \fImin\fP]
-.SH DESCRIPTION
-.B Conserver
-is the daemon that manages
-remote access to system consoles by multiple users via the
-.BR console (1)
-client program
-and logs all console output.
-It can connect to consoles via local serial ports
-or terminal servers that allow network access,
-or to any external program.
-.PP
-When started,
-.B conserver
-reads its
-.BR conserver.cf (5)
-file for details of each console it should manage,
-including serial port or network parameters and logging options.
-(Also, in environments where multiple servers share a cf file,
-any server is able to refer clients to the particular server
-managing a requested console,
-so that the client need not have knowledge of the
-distribution of consoles among servers.)
-.B Conserver
-forks a child for each group of consoles it must manage
-and assigns each process a port number to listen on.
-The maximum number of consoles managed by each child process is set using
-\fB-m\fP option.
-The
-.BR console (1)
-client program communicates with the master console server process to find
-the port (and host, in a multi-server configuration)
-on which the appropriate child is listening.
-The master conserver process forks a new process to handle each
-incoming client connection (which should be very short-lived, since it's
-duty is to redirect the client to a child).
-.B Conserver
-restricts connections from clients based on the host access section of its
-.BR conserver.cf (5)
-and authenticates users against its
-.BR conserver.passwd (5)
-file.
-.B Conserver
-can also restrict clients using the tcp-wrappers package (enabled
-using \fB--with-libwrap\fP).  This authentication is done before consulting
-the
-.BR conserver.cf (5)
-access list.
-.PP
-.B Conserver
-completely controls any connection to a controlled host.
-All escape sequences given by the user to \fBconsole\fP
-are passed to the server without interpretation.
-The server recognizes and processes all escape sequences,
-except the suspend sequence, which is
-recognized by the server and
-sent as a TCP out-of-band command from the server to the client.
-.PP
-The \fBconserver\fP parent process will automatically respawn any child
-process that dies.  The following signals are propagated by the parent
-process to its children.
-.TP
-SIGTERM
-close all connections and exit.
-.TP
-SIGHUP
-reread the configuration file.  new consoles are managed by
-forking off new childen, deleted consoles (and their clients) are dropped,
-and changes to consoles are done "in place", resetting the console
-port (bringing it down and up) only when necessary.  the console name is
-used to determine when consoles have been added/removed/changed.  all 
-console logfiles are closed and reopened
-and, if in daemon mode (\fB\-d\fP option),
-the error logfile (see the \fB\-L\fP option).
-.TP
-SIGUSR1
-try to connect to any consoles marked as
-down.  This can come in handy if you had a terminal server (or more)
-that wasn't accepting connections at startup and you want
-\fBconserver\fP to try to reconnect to all those downed ports.
-.PP
-Slave hosts which have no current
-.BR console (1)
-connection might produce important error messages.
-With the \fB\-u\fP option, these unloved errors are labeled with a machine name
-and output on stdout (or, in daemon mode, to the logfile).
-This allows a live operator or an automated log scanner
-to find otherwise unseen errors by watching in a single location.
-.PP
-\fBConserver\fP must be run as root if it is to bind to a port under 1024
-or if it must read a shadow passwd file for authentication (see
-.BR conserver.passwd (5)).
-Otherwise, it may be run by any user, with \fB\-p\fP used to specify
-a port above 1024.
-.SH OPTIONS
-.PP
-Options may be given as separate arguments (e.g., \fB\-n -d\fP)
-or clustered (e.g., \fB\-nd\fP).
-Options and their arguments may be separated by optional white space.
-Option arguments containing spaces or other characters special to the shell
-must be quoted.
-.TP
-.B \-7
-Strip the high bit off of all data received,
-whether from the \fBconsole\fP client or from the console device,
-before any processing occurs.
-.TP
-.BI \-a type
-Set the default access type for incoming connections from
-\fBconsole\fP clients:
-.RB ` r '
-for refused (the default),
-.RB ` a '
-for allowed, or
-.RB ` t '
-for trusted.
-This applies to hosts for which no matching entry is found in
-the access section of
-.BR conserver.cf (5).
-.TP
-.BI \-b port
-Set the base port for children to listen on.
-Each child starts looking for free ports at \fIport\fP
-and working upward, trying a maximum number of ports
-equal to twice the maximum number of groups.
-If no free ports are available in that range,
-\fBconserver\fP exits.
-By default, \fBconserver\fP lets the operating system choose
-a free port.
-.TP
-.BI \-C config
-Read configuration information from the file \fIconfig\fP.
-The default \fIconfig\fP may be changed at compile time using the
-\fB--with-cffile\fP option.
-.TP
-.B \-d
-Become a daemon.  Disconnects from the controlling terminal and sends
-all output to the logfile (see \fB\-L\fP).
-.TP
-.B \-D
-Enable debugging output, sent to stderr.  Multiple \fB-D\fP options
-increases debug output.
-.TP
-.B \-h
-Output a brief help message.
-.TP
-.B \-i
-Initiate console connections on demand (and close them when not used).
-.TP
-.BI \-L logfile
-Log errors and informational messages to \fIlogfile\fP
-after startup in daemon mode (\fB\-d\fP).
-This option does not apply when not running in daemon mode.
-The default \fIlogfile\fP may be changed at compile time using the
-\fB--with-logfile\fP option.
-.TP
-.BI \-m max
-Set the maximum consoles managed per process.
-The default \fImax\fP may be changed at compile time using the
-\fB--with-maxmemb\fP option.
-.TP
-.BI \-M addr
-Set the address to listen on.  This allows conserver to bind to a
-particular IP address (like `127.0.0.1') instead of all interfaces.
-The default is to bind to all addresses.
-.TP
-.B \-n
-Obsolete (now a no-op); see \fB\-u\fP.
-.TP
-.B \-o
-Normally, a client connecting to a ``downed'' console does just that.
-Using this flag, the server will automatically attempt to open
-(``bring up'') the console when the client connects.
-.TP
-.BI \-O min
-Enable periodic attempts (every \fImin\fP minutes) to open (``bring up'')
-all downed consoles (similar to sending a SIGUSR1).
-.TP
-.BI \-p port
-Set the TCP port for the master process to listen on.
-This may be either a port number or a service name.
-The default \fIport\fP, ``conserver'' (typically 782),
-may be changed at compile time using the \fB--with-port\fP option.
-.TP
-.BI \-P passwd
-Read the table of authorized user data from the file \fIpasswd\fP.
-The default \fIpasswd\fP may be changed at compile time using the
-\fB--with-pwdfile\fP option.
-.TP
-.B \-u
-Send unloved console output to \fBconserver\fP's stdout
-(which, in daemon mode, is redirected to the logfile).
-This applies to all consoles to which no user is attached,
-independent of whether logging of individual consoles is enabled
-via \fBconserver.cf\fP entries.
-.TP
-.B \-v
-Echo the configuration as it is being read (be verbose).
-.TP
-.B \-V
-Output the version number and settings of the \fBconserver\fP
-program and then exit.
-.SH FILES
-.PP
-The following default file locations may be overridden
-at compile time or by the command-line options described above.
-Run \fBconserver \-V\fP (with no other options) to see
-the defaults set at compile time.
-.PP
-.PD 0
-.TP 25
-.B /etc/conserver.cf
-description of console terminal lines and client host access levels;
-see
-.BR conserver.cf (5).
-.TP
-.B /etc/conserver.passwd
-users allowed to access consoles; see
-.BR conserver.passwd (5).
-.TP
-.B /var/run/conserver.pid
-the master conserver process ID
-.TP
-.B /var/log/conserver
-log of errors and informational messages
-.PD
-.PP
-Additionally, output from individual consoles may be logged
-to separate files specified in
-.BR conserver.cf (5).
-.SH BUGS
-All client/server traffic (including root and user passwords) is
-passed ``in the clear''.  Extreme care should be taken to insure no one
-is ``snooping'' this private data.  One day the traffic will be encrypted.
-.SH AUTHORS
-Thomas A. Fine, Ohio State Computer Science
-.br
-Kevin S Braunsdorf, Purdue University Computing Center
-.br
-Bryan Stansell, conserver.com
-.SH "SEE ALSO"
-.BR console (1),
-.BR conserver.cf (5),
-.BR conserver.passwd (5)

conserver/conserver.man.in

@@ -0,0 +1,514 @@
+.TH CONSERVER 8 "@CONSERVER_DATE@" "conserver-@CONSERVER_VERSION@" "conserver"
+.SH NAME
+conserver \- console server daemon
+.SH SYNOPSIS
+.B conserver
+.RB [ \-7dDEFhinoRSuvV ]
+.RB [ \-a
+.IR type ]
+.RB [ \-m
+.IR max ]
+.RB [ \-M
+.IR master ]
+.RB [ \-p
+.IR port ]
+.RB [ \-b
+.IR port ]
+.RB [ \-c
+.IR cred ]
+.RB [ \-C
+.IR config ]
+.RB [ \-P
+.IR passwd ]
+.RB [ \-L
+.IR logfile ]
+.RB [ \-O
+.IR min ]
+.RB [ \-U
+.IR logfile ]
+.SH DESCRIPTION
+.B Conserver
+is the daemon that manages
+remote access to system consoles by multiple users via the
+.BR console (1)
+client program and (optionally) log the console output.
+It can connect to consoles via local serial ports, Unix domain sockets, TCP
+sockets (for terminal servers and the like), or any external program.
+.PP
+When started,
+.B conserver
+reads the
+.BR conserver.cf (5)
+file for details of each console.
+The console type, logging options, serial or network parameters, and user access
+levels are just a few of the things that can be specified.
+Command-line options are then applied, possibly overriding
+.BR conserver.cf (5)
+settings.
+.B Conserver
+categorizes consoles into two types: those it should actively manage, and
+those it should just know about, so it can refer clients to other
+.B conserver
+instances.
+If the
+.B master
+value of a console matches the hostname or ip address of the local machine,
+.B conserver
+will actively manage the console.
+Otherwise, it's considered a ``remote'' console and managed by a different
+server.
+.B Conserver
+forks a child for each group of consoles it must manage
+and assigns each process a port number to listen on.
+The maximum number of consoles managed by each child process is set using the
+.B \-m
+option.
+The
+.BR console (1)
+client program communicates with the master console server process to find
+the port (and host, in a multi-server configuration)
+on which the appropriate child is listening.
+.B Conserver
+restricts connections from clients based on the host access section of its
+.BR conserver.cf (5)
+file, restricts users based on the console access lists of the
+.BR conserver.cf (5)
+file, and authenticates
+users against its
+.BR conserver.passwd (5)
+file.
+.B Conserver
+can also restrict clients using the tcp-wrappers package (enabled
+using
+.BR --with-libwrap ).
+This authentication is done before consulting
+the
+.BR conserver.cf (5)
+access list.
+.PP
+When Unix domain sockets are used between the client and
+server (enabled using
+.BR --with-uds ),
+authentication checks are done on the hardcoded address ``127.0.0.1''.
+Automatic client redirection is also disabled (as if the
+.B \-R
+option was used) since the client cannot communicate with remote servers.
+The directory used to hold the sockets is checked to make sure it's empty
+when the server starts.
+The server will
+.B not
+remove any files in the directory itself, just in case the directory is
+accidentally specified as ``/etc'' or some other critical location.
+The server will do its best to remove all the sockets when it shuts down,
+but it could stop ungracefully (crash, ``kill -9'', etc)
+and leave files behind.
+It would then be up to the admin (or a creative startup script) to clean
+up the directory before the server will start again.
+.PP
+.B Conserver
+completely controls any connection to a console.
+All escape sequences given by the user to
+.B console
+are passed to the server without interpretation.
+The server recognizes and processes all escape sequences.
+.PP
+The
+.B conserver
+parent process will automatically respawn any child process that dies.
+The following signals are propagated by the parent process to its children.
+.TP 10
+SIGTERM
+Close all connections and exit.
+.TP
+SIGHUP
+Reread the configuration file.
+New consoles are managed by forking off new children, deleted
+consoles (and their clients) are dropped,
+and changes to consoles are done "in place", resetting the console
+port (bringing it down and up) only when necessary.
+The console name is used to determine when consoles
+have been added/removed/changed.
+All actions performed by SIGUSR2 are also performed.
+.TP
+SIGUSR1
+Try to connect to any consoles marked as down.
+This can come in handy if you had a terminal server (or more)
+that wasn't accepting connections at startup and you want
+.B conserver
+to try to reconnect to all those downed ports.
+.TP
+SIGUSR2
+Close and reopen all console logfiles
+and, if in daemon mode
+.RB ( \-d
+option), the error logfile (see the
+.BR \-L
+option).
+All actions performed by SIGUSR1 are also performed.
+.PP
+Consoles which have no current client
+connection might produce important error messages.
+With the
+.B \-u
+option, these ``unloved'' errors are labeled with a machine name
+and output on stdout (or, in daemon mode, to the logfile).
+This allows a live operator or an automated log scanner
+to find otherwise unseen errors by watching in a single location.
+.PP
+.B Conserver
+must be run as root if it is to bind to a port under 1024 or if it
+must read protected password files (like shadow passwords)
+for authentication (see
+.BR conserver.passwd (5)).
+Otherwise, it may be run by any user, with
+.B \-p
+used to specify a port above 1024.
+.PP
+If encryption has been built into the code
+.RB ( --with-openssl ),
+encrypted client connections (without certificate exchanges) happen
+by default.
+To add certificate exchanges, use the
+.B \-c
+option with the client and server.
+For authentication of the certificates to work,
+the signing certificate must be properly trusted, which usually means
+the public portion is in
+.IB OPENSSL_ROOT /ssl/certs
+(on both the client and server sides).
+See the sample self-signing certificate making script
+.B contrib/maketestcerts
+for further clues.
+To allow
+non-encrypted client connections (in addition to encrypted client
+connections), use the
+.B \-E
+option.
+.SH OPTIONS
+.PP
+Options may be given as separate arguments (e.g.,
+.B \-n
+.BR \-d )
+or clustered (e.g.,
+.BR \-nd ).
+Options and their arguments may be separated by optional white space.
+Option arguments containing spaces or other characters special to the shell
+must be quoted.
+.TP 12
+.B \-7
+Strip the high bit off of all data received,
+whether from the
+.B console
+client or from the console device, before any processing occurs.
+.TP
+.BI \-a type
+Set the default access type for incoming connections from
+.B console
+clients:
+.RB ` r '
+for refused (the default),
+.RB ` a '
+for allowed, or
+.RB ` t '
+for trusted.
+This applies to hosts for which no matching entry is found in
+the access section of
+.BR conserver.cf (5).
+.TP
+.BI \-b port
+Set the base port for children to listen on.
+Each child starts looking for free ports at
+.I port
+and working upward, trying a maximum number of ports
+equal to twice the maximum number of groups.
+If no free ports are available in that range,
+.B conserver
+exits.
+By default,
+.B conserver
+lets the operating system choose a free port.
+.TP
+.BI \-c cred
+Load an SSL certificate and key from the PEM encoded file
+.IR cred .
+.TP
+.BI \-C config
+Read configuration information from the file
+.IR config .
+The default
+.I config
+may be changed at compile time using the
+.B --with-cffile
+option.
+.TP
+.B \-d
+Become a daemon.
+Disconnects from the controlling terminal and sends
+all output (including any debug output) to the logfile (see
+.BR \-L ).
+.TP
+.B \-D
+Enable debugging output, sent to stderr.
+Multiple
+.B \-D
+options increases debug output.
+.TP
+.B \-E
+If encryption has been built into the code
+.RB ( --with-openssl ),
+encrypted client connections are a requirement.
+This option allows non-encrypted clients (as well as encrypted clients) to
+connect to consoles.
+.TP
+.B \-F
+Do not automatically reinitialize failed (unexpectedly closed) consoles.
+If the console is a program (`|' syntax) and it closes with a zero
+exit status, the console is reinitialized regardless of this option.
+Without this option, a console is immediately reopened,
+and if that fails, retried every minute until successful.
+This option has no effect on the
+.B \-o
+and
+.B \-O
+options.
+.TP
+.B \-h
+Output a brief help message.
+.TP
+.B \-i
+Initiate console connections on demand (and close them when not used).
+.TP
+.BI \-L logfile
+Log errors and informational messages to
+.I logfile
+after startup in daemon mode
+.RB ( \-d ).
+This option does not apply when not running in daemon mode.
+The default
+.I logfile
+may be changed at compile time using the
+.B --with-logfile
+option.
+.TP
+.BI \-m max
+Set the maximum consoles managed per process.
+The default
+.I max
+may be changed at compile time using the
+.B --with-maxmemb
+option.
+.TP
+.BI \-M master
+Normally, this allows conserver to bind to a
+particular IP address (like `127.0.0.1') instead of all interfaces.
+The default is to bind to all addresses.
+However, if
+.B --with-uds
+was used to enable Unix domain sockets for client/server communication,
+this points conserver to the directory where it should store the sockets.
+The default
+.I master
+directory
+.RB (`` /tmp/conserver '')
+may be changed at compile time using the
+.B --with-uds
+option.
+.TP
+.B \-n
+Obsolete (now a no-op); see
+.BR \-u .
+.TP
+.B \-o
+Normally, a client connecting to a ``downed'' console does just that.
+Using this option, the server will automatically attempt to open
+(``bring up'') the console when the client connects.
+.TP
+.BI \-O min
+Enable periodic attempts (every
+.I min
+minutes) to open (``bring up'') all downed
+consoles (similar to sending a SIGUSR1).
+Without this option, or if
+.I min
+is zero, no periodic attempts occur.
+.TP
+.BI \-p port
+Set the TCP port for the master process to listen on.
+This may be either a port number or a service name.
+The default
+.IR port ,
+``conserver'' (typically 782),
+may be changed at compile time using the
+.B --with-port
+option.
+If the
+.B --with-uds
+option was used, this option is ignored.
+.TP
+.BI \-P passwd
+Read the table of authorized user data from the file
+.IR passwd .
+The default
+.I passwd
+may be changed at compile time using the
+.B --with-pwdfile
+option.
+.TP
+.B \-R
+Disable automatic client redirection to other conserver hosts.
+This
+means informational commands like
+.B \-w
+and
+.B \-i
+will only show the status of the local conserver host and attempts to
+connect to remote consoles will result in an informative message to the user.
+.TP
+.B \-S
+Do not run the server, just perform a syntax check of configuration file and
+exit with a non-zero value if there is an error.
+Using more than one
+.B \-S
+will cause conserver to output various information about each console in 5
+colon-separated fields, enclosed in curly-braces.
+The philosophy behind the output is to provide information to allow external
+detection of multiple consoles access the same physical port.
+Since this is
+.I highly
+environment-specific, conserver cannot do the check internally.
+.RS
+.TP 9
+.I name
+The name of the console.
+.TP
+.I master
+The hostname of the master conserver host for the console.
+.TP
+.I aliases
+The console aliases in a comma-separated list.
+.TP
+.I type
+The type of console.
+Values will be a `/' for a local device, `|' for
+a command, `!' for a remote port, `%' for a Unix domain socket,
+and `#' for a noop console.
+.TP
+.I details
+Multiple values are comma-separated and depend on the type of the console.
+Local devices will have the values of the device file and baud rate/parity.
+Commands will have string to invoke.
+Remote ports will have the values of the remote hostname and port number.
+Unix domain sockets will have the path to the socket.
+Noop consoles will have nothing.
+.RE
+.TP
+.B \-u
+Send unloved console output to
+.BR conserver 's
+stdout (which, in daemon mode, is redirected to the logfile).
+This applies to all consoles to which no user is attached,
+independent of whether logging of individual consoles is enabled via
+.B conserver.cf
+entries.
+.TP
+.BI \-U logfile
+Copy all console data to the ``unified''
+.IR logfile .
+The output is the same as the
+.B \-u
+output, but all consoles, not
+just those without a user, are logged.
+Each line of output is prefixed with the console name.
+If a user is attached read/write, a `*' is appended to the console name,
+to allow log watching utilities to ignore potential user-introduced alarms.
+.TP
+.B \-v
+Echo the configuration as it is being read (be verbose).
+.TP
+.B \-V
+Output the version number and settings of the
+.B conserver
+program and then exit.
+.SH PROTOCOL
+.PP
+The protocol used to interact with the
+.B conserver
+daemon has two basic styles.
+The first style is the initial line-based mode, which occurs before
+connecting to a console.
+The second style is the character-based, escape-sequence mode, while
+connected to a console.
+.PP
+The initial line-based mode begins the same for both the master process
+and its children.
+Upon a successful (non-rejected) client connection, an ``ok'' is sent.
+The client then issues a command and the server responds to it with a
+result string (``ok'' being the sign of success for most commands).
+The commands available are ``help'', ``ssl'' (if
+SSL was built into the code), ``login'', and ``exit''.
+Using the ``login'' command, the client authenticates and gains access to
+the extended command set.
+This is where the master process and its children differ.
+The master process gives the client access to global commands, and the
+child provides commands for interacting with the consoles it manages.
+The ``help'' command, in both cases, will provide a complete
+list of commands and a short description of what they do.
+.PP
+The second, character-based, style of interaction occurs when the client
+issues the ``call'' command with a child process.
+This command connects the client to a console and, at that point, relays
+all traffic between the client and the console.
+There is no more command-based interaction between the client and the server,
+any interaction with the server is done with the default escape sequence.
+.PP
+This is, by no means, a complete description of the entire client/server
+interaction.
+It is, however, a brief explanation in order to give a idea of
+what the program does.  See the
+.B \s-1PROTOCOL\s0
+file in the distribution for further details.
+.SH FILES
+.PP
+The following default file locations may be overridden
+at compile time or by the command-line options described above.
+Run
+.B conserver \-V
+to see the defaults set at compile time.
+.PP
+.PD 0
+.TP 25
+.B /etc/conserver.cf
+description of console terminal lines and client host access levels;
+see
+.BR conserver.cf (5).
+.TP
+.B /etc/conserver.passwd
+users allowed to access consoles; see
+.BR conserver.passwd (5).
+.TP
+.B /var/run/conserver.pid
+the master conserver process ID
+.TP
+.B /var/log/conserver
+log of errors and informational messages
+.TP
+.B /tmp/conserver
+directory to hold Unix domain sockets (if enabled)
+.PD
+.PP
+Additionally, output from individual consoles may be logged
+to separate files specified in
+.BR conserver.cf (5).
+.SH BUGS
+I'm sure there are bugs, I just don't know where they are.
+Please let me know if you find any.
+.SH AUTHORS
+Thomas A. Fine, Ohio State Computer Science
+.br
+Kevin S Braunsdorf, Purdue University Computing Center
+.br
+Bryan Stansell, conserver.com
+.SH "SEE ALSO"
+.BR console (1),
+.BR conserver.cf (5),
+.BR conserver.passwd (5)

conserver/conserver.passwd

@@ -1,4 +0,0 @@
-bryan:r71mXjfALB5Ak:any
-djs:r71mXjfALB5Ak:login
-chogan:*passwd*:foobar,login,shell
-hogan:*passwd*:any

conserver/conserver.rc

@@ -1,24 +0,0 @@
-#!/bin/sh
-#
-# Startup for conserver
-#
-
-PATH=/usr/bin:/usr/local/bin
-
-case "$1" in
-	'start')
-		echo "Starting console server daemon"
-		conserver -d
-		;;
-
-	'stop')
-		master=`ps -ef | grep conserver | awk '$3 == "1"{print $2}'`
-		[ "$master" ] && kill -TERM $master
-		;;
-
-	*)
-		echo "Usage: $0 { start | stop }"
-		;;
-
-esac
-exit 0

conserver/conserver.rc.in

@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Startup for conserver
+#
+
+PATH=/usr/bin:/bin:/usr/local/bin
+PIDFILE="@PIDFILE@"
+
+signalmaster() {
+    sig=$1
+    if [ -f "$PIDFILE" ]; then
+	master=`cat "$PIDFILE"`
+    else
+	master=`ps -ef | grep conserver | awk '$3 == "1"{print $2}'`
+    fi
+    [ "$master" ] && kill -$sig $master
+}
+
+case "$1" in
+	'start')
+		echo "Starting console server daemon"
+		conserver -d
+		;;
+
+	'stop')
+		echo "Stopping console server daemon"
+		signalmaster TERM
+		;;
+
+	'restart')
+		echo "Restarting console server daemon"
+		signalmaster HUP
+		;;
+
+	*)
+		echo "Usage: $0 { start | stop | restart }"
+		;;
+
+esac
+exit 0

conserver/convert.c

@@ -0,0 +1,490 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ *
+ *  Copyright GNAC, Inc., 1998
+ */
+
+/*
+ * Copyright (c) 1990 The Ohio State University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that: (1) source distributions retain this entire copyright
+ * notice and comment, and (2) distributions including binaries display
+ * the following acknowledgement:  ``This product includes software
+ * developed by The Ohio State University and its contributors''
+ * in the documentation or other materials provided with the distribution
+ * and in all advertising materials mentioning features or use of this
+ * software. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Network console modifications by Robert Olson, olson@mcs.anl.gov.
+ */
+
+#include <compat.h>
+
+#include <cutil.h>
+#include <consent.h>
+#include <client.h>
+#include <group.h>
+#include <access.h>
+#include <readcfg.h>
+#include <master.h>
+#include <main.h>
+
+#if defined(USE_LIBWRAP)
+/* we don't use it...but we link to it */
+int allow_severity;
+int deny_severity;
+#endif
+
+
+SECTION sections[] = {
+    {(char *)0, (void *)0, (void *)0, (void *)0, (void *)0}
+};
+
+void
+DestroyDataStructures()
+{
+}
+
+char *
+ReadLine2(FILE *fp, STRING *save, int *iLine)
+{
+    static char buf[1024];
+    char *wholeline = (char *)0;
+    char *ret = (char *)0;
+    int i, buflen, peek, commentCheck = 1;
+    static STRING *bufstr = (STRING *)0;
+    static STRING *wholestr = (STRING *)0;
+
+    if (bufstr == (STRING *)0)
+	bufstr = AllocString();
+    if (wholestr == (STRING *)0)
+	wholestr = AllocString();
+    peek = 0;
+    wholeline = (char *)0;
+    BuildString((char *)0, bufstr);
+    BuildString((char *)0, wholestr);
+    while (save->used || ((ret = fgets(buf, sizeof(buf), fp)) != (char *)0)
+	   || peek) {
+	/* If we have a previously saved line, use it instead */
+	if (save->used) {
+	    StrCpy(buf, save->string, sizeof(buf));
+	    BuildString((char *)0, save);
+	}
+
+	if (peek) {
+	    /* End of file?  Never mind. */
+	    if (ret == (char *)0)
+		break;
+
+	    /* If we don't have a line continuation and we've seen
+	     * some worthy data
+	     */
+	    if (!isspace((int)buf[0]) && (wholeline != (char *)0)) {
+		BuildString((char *)0, save);
+		BuildString(buf, save);
+		break;
+	    }
+
+	    peek = 0;
+	}
+
+	if (commentCheck) {
+	    for (i = 0; buf[i] != '\000'; i++)
+		if (!isspace((int)buf[i]))
+		    break;
+	    if (buf[i] == '#') {
+		commentCheck = 0;
+	    } else if (buf[i] != '\000') {
+		commentCheck = 0;
+	    }
+	}
+
+	/* Check for EOL */
+	buflen = strlen(buf);
+	if ((buflen >= 1) && (buf[buflen - 1] == '\n')) {
+	    (*iLine)++;		/* Finally have a whole line */
+	    /* Finish off the chunk without the \n */
+	    buf[buflen - 1] = '\000';
+	    BuildString(buf, bufstr);
+	    wholeline = BuildString(bufstr->string, wholestr);
+	    peek = 1;
+	    commentCheck = 1;
+	    BuildString((char *)0, bufstr);
+	} else {
+	    /* Save off the partial chunk */
+	    BuildString(buf, bufstr);
+	}
+    }
+
+    /* If we hit the EOF and weren't peeking ahead
+     * and it's not a comment
+     */
+    if (!peek && (ret == (char *)0)) {
+	(*iLine)++;
+	wholeline = BuildString(bufstr->string, wholestr);
+	if (wholeline != (char *)0 && wholeline[0] == '\000')
+	    wholeline = (char *)0;
+    }
+
+    CONDDEBUG((1, "ReadLine2(): returning <%s>",
+	       (wholeline != (char *)0) ? wholeline : "<NULL>"));
+    return wholeline;
+}
+
+/* read in the configuration file, fill in all the structs we use	(ksb)
+ * to manage the consoles
+ */
+void
+ReadCfg(char *pcFile, FILE *fp)
+{
+    int iLine;
+    unsigned char *acIn;
+    static STRING *acInSave = (STRING *)0;
+    char *acStart;
+    static STRING *logDirectory = (STRING *)0;
+    static STRING *defMark = (STRING *)0;
+    int sawACL = 0;
+    int printedFull = 0;
+
+    if (defMark == (STRING *)0)
+	defMark = AllocString();
+    if (logDirectory == (STRING *)0)
+	logDirectory = AllocString();
+    if (acInSave == (STRING *)0)
+	acInSave = AllocString();
+    BuildString((char *)0, defMark);
+    BuildString((char *)0, acInSave);
+    BuildString((char *)0, logDirectory);
+
+    iLine = 0;
+    while ((acIn =
+	    (unsigned char *)ReadLine2(fp, acInSave,
+				       &iLine)) != (unsigned char *)0) {
+	char *pcLine, *pcMode, *pcLog, *pcRem, *pcStart, *pcMark, *pcBreak;
+	char *pcColon;
+
+	acStart = PruneSpace((char *)acIn);
+	if (acStart[0] == '#') {
+	    printf("%s\n", acStart);
+	    continue;
+	}
+	if (printedFull == 0) {
+	    printf("default full {\n\trw *;\n}\n");
+	    printedFull = 1;
+	}
+
+	if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
+	    break;
+	}
+	if ((char *)0 != (pcLine = strchr(acStart, '=')) &&
+	    ((char *)0 == (pcColon = strchr(acStart, ':')) ||
+	     pcColon > pcLine)) {
+	    *pcLine++ = '\000';
+	    acStart = PruneSpace(acStart);
+	    pcLine = PruneSpace(pcLine);
+	    if (0 == strcmp(acStart, "LOGDIR")) {
+		BuildString((char *)0, logDirectory);
+		BuildString(pcLine, logDirectory);
+		printf("default * {\n");
+		if (logDirectory->used > 1)
+		    printf("\tlogfile %s/&;\n", logDirectory->string);
+		else
+		    printf("\tlogfile \"\";\n");
+		if (defMark->used > 1)
+		    printf("\ttimestamp %s;\n", defMark->string);
+		else
+		    printf("\ttimestamp \"\";\n");
+		printf("\tinclude full;\n}\n");
+	    } else if (0 == strcmp(acStart, "TIMESTAMP")) {
+		BuildString((char *)0, defMark);
+		BuildString(pcLine, defMark);
+		printf("default * {\n");
+		if (logDirectory->used > 1)
+		    printf("\tlogfile %s/&;\n", logDirectory->string);
+		else
+		    printf("\tlogfile \"\";\n");
+		if (defMark->used > 1)
+		    printf("\ttimestamp %s;\n", defMark->string);
+		else
+		    printf("\ttimestamp \"\";\n");
+		printf("\tinclude full;\n}\n");
+	    } else if (0 == strcmp(acStart, "DOMAINHACK")) {
+	    } else if (0 == strncmp(acStart, "BREAK", 5) &&
+		       acStart[5] >= '1' && acStart[5] <= '9' &&
+		       acStart[6] == '\000') {
+		CONDDEBUG((1, "ReadCfg(): BREAK%c found with `%s'",
+			   acStart[5], pcLine));
+		if (pcLine[0] == '\000') {
+		    printf("break %c {\n\tstring \"\";\n}\n", acStart[5]);
+		} else {
+		    char *q, *p;
+		    p = pcLine;
+		    BuildTmpString((char *)0);
+		    while ((q = strchr(p, '"')) != (char *)0) {
+			*q = '\000';
+			BuildTmpString(p);
+			BuildTmpString("\\\"");
+			p = q + 1;
+			*q = '"';
+		    }
+		    q = BuildTmpString(p);
+		    printf("break %c {\n\tstring \"%s\";\n}\n", acStart[5],
+			   q);
+		}
+	    } else {
+		Error("%s(%d) unknown variable `%s'", pcFile, iLine,
+		      acStart);
+	    }
+	    continue;
+	}
+	if ((char *)0 == (pcLine = strchr(acStart, ':')) ||
+	    (char *)0 == (pcMode = strchr(pcLine + 1, ':')) ||
+	    (char *)0 == (pcLog = strchr(pcMode + 1, ':'))) {
+	    Error("%s(%d) bad config line `%s'", pcFile, iLine, acIn);
+	    continue;
+	}
+	*pcLine++ = '\000';
+	*pcMode++ = '\000';
+	*pcLog++ = '\000';
+
+	acStart = PruneSpace(acStart);
+	pcLine = PruneSpace(pcLine);
+	pcMode = PruneSpace(pcMode);
+	pcLog = PruneSpace(pcLog);
+
+	if ((char *)0 != (pcMark = strchr(pcLog, ':'))) {
+	    *pcMark++ = '\000';
+	    pcLog = PruneSpace(pcLog);
+	    pcMark = PruneSpace(pcMark);
+	    /* Skip null intervals */
+	    if (pcMark[0] == '\000')
+		pcMark = (char *)0;
+	}
+
+	if ((char *)0 == pcMark) {
+	    pcBreak = (char *)0;
+	} else {
+	    if ((char *)0 != (pcBreak = strchr(pcMark, ':'))) {
+		*pcBreak++ = '\000';
+		pcMark = PruneSpace(pcMark);
+		pcBreak = PruneSpace(pcBreak);
+		/* Ignore null specs */
+		if (pcMark[0] == '\000')
+		    pcMark = (char *)0;
+		if (pcBreak[0] == '\000')
+		    pcBreak = (char *)0;
+	    }
+	}
+
+	if ((char *)0 != (pcRem = strchr(pcLine, '@'))) {
+	    *pcRem++ = '\000';
+	    pcLine = PruneSpace(pcLine);
+	    pcRem = PruneSpace(pcRem);
+	}
+
+	printf("console %s {\n", acStart);
+	if (pcRem == (char *)0) {
+	    printf("\tmaster localhost;\n");
+	} else {
+	    printf("\tmaster %s;\n", pcRem);
+	}
+
+	/*
+	 *  Here we substitute the console name for any '&' character in the
+	 *  logfile name.  That way you can just have something like
+	 *  "/var/console/&" for each of the conserver.cf entries.
+	 */
+	if (pcLog[0] == '&' && pcLog[1] == '\000' &&
+	    logDirectory->used > 1) {
+	    /* special case where logfile name is '&' and the LOGDIR was
+	     * seen above.  in this case we just allow inheritance to
+	     * work it's magic.
+	     */
+	} else if (pcLog[0] == '\000') {
+	    printf("\tlogfile \"\";\n");
+	} else {
+	    STRING *lfile;
+	    lfile = AllocString();
+	    BuildString((char *)0, lfile);
+	    pcStart = pcLog;
+	    BuildString(pcStart, lfile);
+	    if (logDirectory->used > 1 && lfile->used > 1 &&
+		lfile->string[0] != '/') {
+		char *p;
+		BuildTmpString((char *)0);
+		p = BuildTmpString(lfile->string);
+		BuildString((char *)0, lfile);
+		BuildString(logDirectory->string, lfile);
+		BuildStringChar('/', lfile);
+		BuildString(p, lfile);
+		BuildTmpString((char *)0);
+	    }
+	    printf("\tlogfile %s;\n", lfile->string);
+	    DestroyString(lfile);
+	}
+
+	if (pcMark) {
+	    printf("\ttimestamp %s;\n", pcMark);
+	}
+
+	if (pcBreak) {
+	    int bt;
+	    bt = atoi(pcBreak);
+	    if (bt > 9 || bt < 0) {
+		Error("%s(%d) bad break spec `%d'", pcFile, iLine, bt);
+	    } else {
+		printf("\tbreak %d;\n", bt);
+	    }
+	}
+
+	if (pcLine[0] == '!') {
+	    pcLine = PruneSpace(pcLine + 1);
+	    printf("\ttype host;\n");
+	    printf("\thost %s;\n", pcLine);
+	    printf("\tport %s;\n", pcMode);
+	} else if ('|' == pcLine[0]) {
+	    pcLine = PruneSpace(pcLine + 1);
+	    printf("\ttype exec;\n");
+	    if (pcLine == (char *)0 || pcLine[0] == '\000')
+		printf("\texec \"\";\n");
+	    else
+		printf("\texec %s;\n", pcLine);
+	} else {
+	    char p, *t;
+	    printf("\ttype device;\n");
+	    printf("\tdevice %s;\n", pcLine);
+	    t = pcMode;
+	    while (isdigit((int)(*t))) {
+		++t;
+	    }
+	    p = *t;
+	    *t = '\000';
+	    printf("\tbaud %s;\n", pcMode);
+	    switch (p) {
+		case 'E':
+		case 'e':
+		    t = "even";
+		    break;
+		case 'M':
+		case 'm':
+		    t = "mark";
+		    break;
+		case 'N':
+		case 'n':
+		case 'P':
+		case 'p':
+		    t = "none";
+		    break;
+		case 'O':
+		case 'o':
+		    t = "odd";
+		    break;
+		case 'S':
+		case 's':
+		    t = "space";
+		    break;
+		default:
+		    Error
+			("%s(%d) unknown parity type `%c' - assuming `none'",
+			 pcFile, iLine, p);
+		    t = "none";
+		    break;
+	    }
+	    printf("\tparity %s;\n", t);
+	}
+	printf("}\n");
+    }
+
+    while ((acIn =
+	    (unsigned char *)ReadLine2(fp, acInSave,
+				       &iLine)) != (unsigned char *)0) {
+	char *pcNext;
+
+	acStart = PruneSpace((char *)acIn);
+	if (acStart[0] == '#') {
+	    printf("%s\n", acStart);
+	    continue;
+	}
+
+	if ('%' == acStart[0] && '%' == acStart[1] && '\000' == acStart[2]) {
+	    break;
+	}
+	if ((char *)0 == (pcNext = strchr(acStart, ':'))) {
+	    Error("%s(%d) missing colon?", pcFile, iLine);
+	    continue;
+	}
+
+	do {
+	    *pcNext++ = '\000';
+	} while (isspace((int)(*pcNext)));
+
+	switch (acStart[0]) {
+	    case 'a':		/* allowed, allow, allows       */
+	    case 'A':
+		if (!sawACL) {
+		    sawACL = 1;
+		    printf("access * {\n");
+		}
+		printf("\tallowed %s;\n", pcNext);
+		break;
+	    case 'r':		/* rejected, refused, refuse    */
+	    case 'R':
+		if (!sawACL) {
+		    sawACL = 1;
+		    printf("access * {\n");
+		}
+		printf("\trejected %s;\n", pcNext);
+		break;
+	    case 't':		/* trust, trusted, trusts       */
+	    case 'T':
+		if (!sawACL) {
+		    sawACL = 1;
+		    printf("access * {\n");
+		}
+		printf("\ttrusted %s;\n", pcNext);
+		break;
+	    default:
+		Error("%s(%d) unknown access key `%s'", pcFile, iLine,
+		      acStart);
+		break;
+	}
+    }
+    if (sawACL) {
+	printf("}\n");
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    char *pcFile;
+    FILE *fp;
+
+    progname = "convert";
+    fDebug = 0;
+
+
+    if (argc != 2) {
+	Error("Usage: convert old-conserver.cf");
+	return 1;
+    }
+
+    pcFile = argv[1];
+    if ((fp = fopen(pcFile, "r")) == (FILE *)0) {
+	Error("fopen(%s): %s", pcFile, strerror(errno));
+	return 1;
+    }
+
+    ReadCfg(pcFile, fp);
+    return 0;
+}

conserver/cutil.h

@@ -0,0 +1,225 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+#include <stdarg.h>
+#if HAVE_OPENSSL
+# include <openssl/ssl.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/err.h>
+# if OPENSSL_VERSION_NUMBER < 0x10100000L
+#  define TLS_method SSLv23_method
+# endif/* OPENSSL_VERSION_NUMBER < 0x10100000L */
+# if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+#  define CIPHER_SEC0
+# else
+#  define CIPHER_SEC0 ":@SECLEVEL=0"
+# endif/* OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+#endif
+#if HAVE_GSSAPI
+# include <gssapi/gssapi.h>
+#endif
+
+/* communication constants
+ */
+#define OB_IAC		0xff	/* quote char                   */
+#define OB_EXEC		'E'	/* exec a command on the client */
+#define OB_GOTO		'G'	/* goto next console            */
+#define OB_SUSP		'Z'	/* suspended by server          */
+#define OB_ABRT		'.'	/* abort                        */
+
+/* Struct to wrap information about a "file"...
+ * This can be a socket, local file, whatever.  We do this so
+ * we can add encryption to sockets (and generalize I/O).
+ */
+enum consFileType {
+    simpleFile,
+    simpleSocket,
+    simplePipe,
+#if HAVE_OPENSSL
+    SSLSocket,
+#endif
+    nothing
+};
+
+typedef enum IOState {
+    ISDISCONNECTED = 0,
+    INCONNECT,
+    ISNORMAL,
+#if HAVE_OPENSSL
+    INSSLACCEPT,
+    INSSLSHUTDOWN,
+#endif
+#if HAVE_GSSAPI
+    INGSSACCEPT,
+#endif
+    ISFLUSHING
+} IOSTATE;
+
+typedef enum flag {
+    FLAGUNKNOWN = 0,
+    FLAGTRUE,
+    FLAGFALSE
+} FLAG;
+
+
+typedef struct dynamicString {
+    char *string;
+    int used;
+    int allocated;
+    struct dynamicString *next;
+    struct dynamicString *prev;
+} STRING;
+
+typedef struct consFile {
+    /* Standard socket type stuff */
+    enum consFileType ftype;
+    int fd;
+    int fdout;			/* only used when a simplePipe */
+    STRING *wbuf;
+    FLAG errored;
+    FLAG quoteiac;
+    FLAG sawiac;
+    FLAG sawiacsusp;
+    FLAG sawiacexec;
+    FLAG sawiacabrt;
+    FLAG sawiacgoto;
+#if HAVE_OPENSSL
+    /* SSL stuff */
+    SSL *ssl;
+    FLAG waitForWrite;
+    FLAG waitForRead;
+#endif
+    /* Add crypto stuff to suit */
+#if DEBUG_CONSFILE_IO
+    int debugrfd;
+    int debugwfd;
+#endif
+} CONSFILE;
+
+typedef struct item {
+    char *id;
+    void (*reg)(char *);
+} ITEM;
+
+typedef struct section {
+    char *id;
+    void (*begin)(char *);
+    void (*end)(void);
+    void (*abort)(void);
+    void (*destroy)(void);
+    ITEM *items;
+} SECTION;
+
+typedef enum substToken {
+    ISNOTHING = 0,
+    ISNUMBER,
+    ISSTRING
+} SUBSTTOKEN;
+
+typedef struct subst {
+    /* function to retrieve a token type based on a character
+     */
+    SUBSTTOKEN (*token)(char);
+    /* data for callback function
+     */
+    void *data;
+    /* function to retrieve a value (as a char* or int or both) for
+     * a substitution
+     */
+    int (*value)(char, char **, int *);
+} SUBST;
+
+extern int isMultiProc, fDebug, fVerbose, fErrorPrinted;
+extern char *progname;
+extern pid_t thepid;
+#define MAXHOSTNAME 1024
+extern char myHostname[];
+#if !USE_IPV6
+extern struct in_addr *myAddrs;
+#endif
+extern fd_set rinit;
+extern fd_set winit;
+extern int maxfd;
+extern int debugLineNo;
+extern char *debugFileName;
+extern int line;		/* used by ParseFile */
+extern char *file;		/* used by ParseFile */
+extern SECTION sections[];	/* used by ParseFile */
+extern int isMaster;
+
+extern const char *StrTime(time_t *);
+extern void Debug(int, char *, ...);
+extern void Error(char *, ...);
+extern void Msg(char *, ...);
+extern void Verbose(char *, ...);
+extern void SimpleSignal(int, RETSIGTYPE(*)(int));
+extern int GetMaxFiles();
+extern char *FmtCtl(int, STRING *);
+extern void FmtCtlStr(char *, int, STRING *);
+extern CONSFILE *FileOpenFD(int, enum consFileType);
+extern CONSFILE *FileOpenPipe(int, int);
+extern CONSFILE *FileOpen(const char *, int, int);
+extern int FileClose(CONSFILE **);
+extern int FileRead(CONSFILE *, void *, int);
+extern int FileWrite(CONSFILE *, FLAG, char *, int);
+extern void FileVWrite(CONSFILE *, FLAG, char *, va_list);
+extern void FilePrint(CONSFILE *, FLAG, char *, ...);
+extern int FileStat(CONSFILE *, struct stat *);
+extern int FileSeek(CONSFILE *, off_t, int);
+extern int FileSend(CONSFILE *, const void *, size_t, int);
+extern int FileFDNum(CONSFILE *);
+extern int FileFDOutNum(CONSFILE *);
+extern int FileUnopen(CONSFILE *);
+extern void OutOfMem();
+extern char *BuildTmpString(const char *);
+extern char *BuildTmpStringChar(const char);
+extern char *BuildTmpStringPrint(char *, ...);
+extern char *BuildString(const char *, STRING *);
+extern char *BuildStringChar(const char, STRING *);
+extern char *BuildStringPrint(STRING *, char *, ...);
+extern char *BuildStringN(const char *, int, STRING *);
+extern char *ShiftString(STRING *, int);
+extern void InitString(STRING *);
+extern void DestroyString(STRING *);
+extern void DestroyStrings(void);
+extern STRING *AllocString(void);
+extern char *ReadLine(FILE *, STRING *, int *);
+extern enum consFileType FileGetType(CONSFILE *);
+extern void FileSetType(CONSFILE *, enum consFileType);
+extern void FileSetQuoteIAC(CONSFILE *, FLAG);
+extern FLAG FileSawQuoteSusp(CONSFILE *);
+extern FLAG FileSawQuoteExec(CONSFILE *);
+extern FLAG FileSawQuoteAbrt(CONSFILE *);
+extern FLAG FileSawQuoteGoto(CONSFILE *);
+extern void Bye(int);
+extern void DestroyDataStructures(void);
+extern int IsMe(char *);
+extern char *PruneSpace(char *);
+extern int FileCanRead(CONSFILE *, fd_set *, fd_set *);
+extern int FileCanWrite(CONSFILE *, fd_set *, fd_set *);
+extern int FileBufEmpty(CONSFILE *);
+extern int SetFlags(int, int, int);
+extern char *StrDup(const char *);
+extern int ParseIACBuf(CONSFILE *, void *, int *);
+extern void *MemMove(void *, void *, size_t);
+extern char *StringChar(STRING *, int, char);
+extern void ParseFile(char *, FILE *, int);
+#if !USE_IPV6
+extern void ProbeInterfaces(in_addr_t);
+#endif
+extern void ProcessSubst(SUBST *, char **, char **, char *, char *);
+extern char *MyVersion(void);
+extern unsigned int AtoU(char *);
+extern void StrCpy(char *, const char *, unsigned int);
+extern void Sleep(useconds_t);
+#if HAVE_OPENSSL
+extern SSL *FileGetSSL(CONSFILE *);
+extern void FileSetSSL(CONSFILE *, SSL *);
+extern int SSLVerifyCallback(int, X509_STORE_CTX *);
+extern int FileSSLAccept(CONSFILE *);
+extern int FileCanSSLAccept(CONSFILE *, fd_set *, fd_set *);
+#endif

conserver/fallback.c

@@ -1,6 +1,4 @@
 /*
- *  $Id: fallback.c,v 5.44 2002-02-12 20:28:14-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -14,151 +12,167 @@
  * Mike Rowan (mtr@mace.cc.purdue.edu)
  */
 
-#include <config.h>
-
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <fcntl.h>
-#include <sys/socket.h>
-#include <sys/errno.h>
-#include <netinet/in.h>
-#include <syslog.h>
-#include <signal.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <ctype.h>
-
 #include <compat.h>
-#include <port.h>
-#include <util.h>
 
-#if defined(HAVE_PTSNAME) && defined(HAVE_GRANTPT) && defined(HAVE_UNLOCKPT)
-#if defined(linux)
-extern char *ptsname();
-extern int grantpt();
-extern int unlockpt();
-#endif
+#include <cutil.h>
 
-/* get a pty for the user -- emulate the neato sequent call under	(gregf)
- * DYNIX/ptx v4.0
+/*
+ * get a pty for the user
+ *
+ * this has been revamped rather heavily for 8.0.0.  i've taken ideas
+ * from the xemacs and openssh distributions to get code that *should*
+ * work on systems i have no access to.  thanks to those reference
+ * packages, i think things are ok...hopefully it's true!
  */
 static int
-#if USE_ANSI_PROTO
-getpseudotty(STRING * slave, STRING * master)
-#else
-getpseudotty(slave, master)
-    STRING *slave;
-    STRING *master;
-#endif
+GetPseudoTTY(STRING *slave, int *slaveFD)
 {
-    int fd;
+#if HAVE_OPENPTY
+    int fd = -1;
+    int sfd = -1;
+    int opty = 0;
     char *pcName;
-#if HAVE_SIGACTION
+# if HAVE_SIGACTION
     sigset_t oldmask, newmask;
-#else
-    extern RETSIGTYPE FlagReapVirt();
-#endif
+# else
+    extern RETSIGTYPE FlagReapVirt(int);
+# endif
 
-    if (0 > (fd = open("/dev/ptmx", O_RDWR, 0))) {
-	return -1;
-    }
-#if HAVE_SIGACTION
+# if HAVE_SIGACTION
     sigemptyset(&newmask);
     sigaddset(&newmask, SIGCHLD);
     if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
-	Error("sigprocmask(SIG_BLOCK): %s", strerror(errno));
-#else
-    simpleSignal(SIGCHLD, SIG_DFL);
-#endif
-
-    grantpt(fd);		/* change permission of slave */
-
-#if HAVE_SIGACTION
-    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
-	Error("sigprocmask(SIG_SETMASK): %s", strerror(errno));
-#else
-    simpleSignal(SIGCHLD, FlagReapVirt);
-#endif
-
-    unlockpt(fd);		/* unlock slave */
-    buildMyString((char *)0, master);
-    if ((char *)0 == (pcName = ttyname(fd))) {
-	buildMyString("/dev/ptmx", master);
-    } else {
-	buildMyString(pcName, master);
-    }
-
-    if ((char *)0 == (pcName = ptsname(fd))) {
-	return -1;
-    }
-
-    buildMyString((char *)0, slave);
-    buildMyString(pcName, slave);
-
-    return fd;
-}
-#else
-/*
- * Below is the string for finding /dev/ptyXX.  For each architecture we
- * leave some pty's world writable because we don't have source for
- * everything that uses pty's.  For the most part, we'll be trying to
- * make /dev/ptyq* the "free" pty's.
- */
-
-/* all the world's a vax ;-) */
-static char charone[] = "prstuvwxyzPQRSTUVWq";
-static char chartwo[] =
-    "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-
-# if defined(_AIX)
-/*
- * get a pty for the user (emulate the neato sequent call)		(mm)
- */
-static int
-#if USE_ANSI_PROTO
-getpseudotty(STRING * slave, STRING * master)
-#else
-getpseudotty(slave, master)
-    STRING *slave;
-    STRING *master;
-#endif
-{
-    int fd;
-    char *pcName;
-
-    if (0 > (fd = open("/dev/ptc", O_RDWR | O_NDELAY, 0))) {
-	return -1;
-    }
-    if ((char *)0 == (pcName = ttyname(fd))) {
-	return -1;
-    }
-    buildMyString((char *)0, slave);
-    buildMyString(pcName, slave);
-
-    buildMyString((char *)0, master);
-    buildMyString(pcName, master);
-    master->string[7] = 'c';
-
-    return fd;
-}
+	Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
+	      strerror(errno));
 # else
-/*
- * get a pty for the user (emulate the neato sequent call)		(ksb)
- */
-static int
-#if USE_ANSI_PROTO
-getpseudotty(STRING * slave, STRING * master)
+    SimpleSignal(SIGCHLD, SIG_DFL);
+# endif
+
+    opty = openpty(&fd, &sfd, NULL, NULL, NULL);
+
+# if HAVE_SIGACTION
+    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
+	      strerror(errno));
+# else
+    SimpleSignal(SIGCHLD, FlagReapVirt);
+# endif
+
+    if (opty != 0) {
+	if (fd >= 0)
+	    close(fd);
+	if (sfd >= 0)
+	    close(sfd);
+	return -1;
+    }
+    if ((char *)0 == (pcName = ttyname(sfd))) {
+	close(fd);
+	close(sfd);
+	return -1;
+    }
+    BuildString((char *)0, slave);
+    BuildString(pcName, slave);
+
+    *slaveFD = sfd;
+    return fd;
 #else
-getpseudotty(slave, master)
-    STRING *slave;
-    STRING *master;
-#endif
-{
+# if (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX)
+    int fd = -1;
+    int sfd = -1;
+    char *pcName;
+#  if HAVE_SIGACTION
+    sigset_t oldmask, newmask;
+#  else
+    extern RETSIGTYPE FlagReapVirt(int);
+#  endif
+    int c;
+    /* clone list and idea stolen from xemacs distribution */
+    static char *clones[] = {
+	"/dev/ptmx",		/* Various systems */
+	"/dev/ptm/clone",	/* HPUX */
+	"/dev/ptc",		/* AIX */
+	"/dev/ptmx_bsd",	/* Tru64 */
+	(char *)0
+    };
+
+    /* try to find the pty allocator */
+    for (c = 0; clones[c] != (char *)0; c++) {
+	if ((fd = open(clones[c], O_RDWR, 0)) >= 0)
+	    break;
+    }
+    if (fd < 0)
+	return -1;
+
+#  if HAVE_SIGACTION
+    sigemptyset(&newmask);
+    sigaddset(&newmask, SIGCHLD);
+    if (sigprocmask(SIG_BLOCK, &newmask, &oldmask) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_BLOCK): %s",
+	      strerror(errno));
+#  else
+    SimpleSignal(SIGCHLD, SIG_DFL);
+#  endif
+
+#  if HAVE_GRANTPT
+    grantpt(fd);		/* change permission of slave */
+#  endif
+
+#  if HAVE_SIGACTION
+    if (sigprocmask(SIG_SETMASK, &oldmask, NULL) < 0)
+	Error("GetPseudoTTY(): sigprocmask(SIG_SETMASK): %s",
+	      strerror(errno));
+#  else
+    SimpleSignal(SIGCHLD, FlagReapVirt);
+#  endif
+
+#  if HAVE_UNLOCKPT
+    unlockpt(fd);		/* unlock slave */
+#  endif
+
+#  if defined(_AIX)
+    if ((pcName = ttyname(fd)) == (char *)0) {
+	close(fd);
+	return -1;
+    }
+#  else
+#   if HAVE_PTSNAME
+    if ((pcName = ptsname(fd)) == (char *)0) {
+	close(fd);
+	return -1;
+    }
+#   else
+    close(fd);
+    return -1;
+#   endif
+#  endif
+
+    /* go ahead and open the slave */
+    if ((sfd = open(pcName, O_RDWR, 0)) < 0) {
+	Error("GetPseudoTTY(): open(%s): %s", pcName, strerror(errno));
+	close(fd);
+	return -1;
+    }
+
+    BuildString((char *)0, slave);
+    BuildString(pcName, slave);
+
+    *slaveFD = sfd;
+    return fd;
+# else
+    /*
+     * Below is the string for finding /dev/ptyXX.  For each architecture we
+     * leave some pty's world writable because we don't have source for
+     * everything that uses pty's.  For the most part, we'll be trying to
+     * make /dev/ptyq* the "free" pty's.
+     */
+    /* all the world's a vax ;-) */
+    static char charone[] = "prstuvwxyzPQRSTUVWq";
+    static char chartwo[] =
+	"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
     static char acMaster[] = "/dev/ptyXX";
     static char acSlave[] = "/dev/ttyXX";
     static char *pcOne = charone, *pcTwo = chartwo;
-    int fd, iLoop, iIndex = sizeof("/dev/pty") - 1;
+    int fd, sfd, iLoop, iIndex = sizeof("/dev/pty") - 1;
     char *pcOld1;
     struct stat statBuf;
 
@@ -188,48 +202,53 @@ getpseudotty(slave, master)
 	    continue;
 	}
 
-	if (0 > (fd = open(acMaster, O_RDWR | O_NDELAY, 0))) {
+	if (0 > (fd = open(acMaster, O_RDWR | O_NONBLOCK, 0))) {
 	    continue;
 	}
 	acSlave[iIndex] = *pcOne;
 	acSlave[iIndex + 1] = *pcTwo;
 	if (-1 == access(acSlave, F_OK)) {
-	    (void)close(fd);
+	    close(fd);
 	    continue;
 	}
 	break;
     }
 
-    buildMyString((char *)0, master);
-    buildMyString(acMaster, master);
-    buildMyString((char *)0, slave);
-    buildMyString(acSlave, slave);
-    return fd;
-}
-# endif	/* _AIX */
-#endif
-
-/*
- * get a Joe pty bacause the daemon is not with us, sadly.		(ksb)
- */
-int
-#if USE_ANSI_PROTO
-FallBack(STRING * pcSlave, STRING * pcMaster)
-#else
-FallBack(pcSlave, pcMaster)
-    STRING *pcSlave, *pcMaster;
-#endif
-{
-    int fd;
-    static STRING pcTSlave = { (char *)0, 0, 0 };
-    static STRING pcTMaster = { (char *)0, 0, 0 };
-
-    if (-1 == (fd = getpseudotty(&pcTSlave, &pcTMaster))) {
+    /* go ahead and open the slave */
+    if ((sfd = open(acSlave, O_RDWR, 0)) < 0) {
+	Error("GetPseudoTTY(): open(%s): %s", acSlave, strerror(errno));
+	close(fd);
 	return -1;
     }
-    buildMyString((char *)0, pcSlave);
-    buildMyString(pcTSlave.string, pcSlave);
-    buildMyString((char *)0, pcMaster);
-    buildMyString(pcTMaster.string, pcMaster);
+
+    BuildString((char *)0, slave);
+    BuildString(acSlave, slave);
+
+    *slaveFD = sfd;
+    return fd;
+# endif/* (HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT) || defined(_AIX) */
+#endif /* HAVE_OPENPTY */
+}
+
+/*
+ * get a pty using the GetPseudoTTY code above
+ */
+int
+FallBack(char **slave, int *sfd)
+{
+    int fd;
+    static STRING *pcTSlave = (STRING *)0;
+
+    if (pcTSlave == (STRING *)0)
+	pcTSlave = AllocString();
+
+    if ((fd = GetPseudoTTY(pcTSlave, sfd)) == -1) {
+	return -1;
+    }
+    if ((*slave) != (char *)0)
+	free(*slave);
+    if (((*slave) = StrDup(pcTSlave->string))
+	== (char *)0)
+	OutOfMem();
     return fd;
 }

conserver/group.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: group.h,v 5.23 2002-02-25 14:00:38-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -34,12 +32,27 @@
  * 4. This notice may not be removed or altered.
  */
 
+/* timers used to have various things happen */
+#define T_STATE		0
+#define T_CIDLE		1
+#define T_MARK		2
+#define T_REINIT	3
+#define T_AUTOUP	4
+#define T_ROLL		5
+#define T_INITDELAY	6
+#define T_MAX		7	/* T_MAX *must* be last */
+
+/* return values used by CheckPass()
+ */
+#define AUTH_SUCCESS	0	/* ok                                   */
+#define AUTH_NOUSER	1	/* no user                              */
+#define AUTH_INVALID	2	/* invalid password                     */
+
 typedef struct grpent {		/* group info                           */
     unsigned int id;		/* uniqueue group id                    */
     unsigned short port;	/* port group listens on                */
-    int pid;			/* pid of server for group              */
+    pid_t pid;			/* pid of server for group              */
     int imembers;		/* number of consoles in this group     */
-    fd_set rinit;		/* descriptor list                      */
     CONSENT *pCElist;		/* list of consoles in this group       */
     CONSENT *pCEctl;		/* our control `console'                */
     CONSCLIENT *pCLall;		/* all clients to scan after select     */
@@ -47,22 +60,29 @@ typedef struct grpent {		/* group info                           */
     struct grpent *pGEnext;	/* next group entry                     */
 } GRPENT;
 
-#if USE_ANSI_PROTO
-extern void Spawn(GRPENT *);
-extern int CheckPass(struct passwd *, char *);
-extern const char *strtime(time_t *);
-extern void tagLogfile(const CONSENT *, const char *, ...);
-extern void cleanupBreak(short int);
-extern void destroyGroup(GRPENT *);
-extern void destroyConsent(GRPENT *, CONSENT *);
+extern time_t timers[];
+
+extern void Spawn(GRPENT *, int);
+extern int CheckPass(char *, char *, FLAG);
+extern void TagLogfile(const CONSENT *, char *, ...);
+extern void TagLogfileAct(const CONSENT *, char *, ...);
+extern void DestroyGroup(GRPENT *);
+extern void DestroyConsent(GRPENT *, CONSENT *);
 extern void SendClientsMsg(CONSENT *, char *);
-#else
-extern void Spawn();
-extern int CheckPass();
-extern const char *strtime();
-extern void tagLogfile();
-extern void cleanupBreak();
-extern void destroyGroup();
-extern void destroyConsent();
-extern void SendClientsMsg();
+extern void ResetMark(void);
+extern void DestroyConsentUsers(CONSENTUSERS **);
+extern CONSENTUSERS *ConsentFindUser(CONSENTUSERS *, char *);
+extern int ConsentUserOk(CONSENTUSERS *, char *);
+extern void DisconnectClient(GRPENT *, CONSCLIENT *, char *, FLAG);
+extern int ClientAccess(CONSENT *, char *);
+extern void DestroyClient(CONSCLIENT *);
+extern int CheckPasswd(CONSCLIENT *, char *, FLAG);
+extern void DeUtmp(GRPENT *, int);
+extern void ClientWantsWrite(CONSCLIENT *);
+extern void SendIWaitClientsMsg(CONSENT *, char *);
+#if HAVE_OPENSSL
+extern int AttemptSSL(CONSCLIENT *);
+#endif
+#if HAVE_GSSAPI
+extern int AttemptGSSAPI(CONSCLIENT *);
 #endif

conserver/main.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: main.h,v 5.33 2002-02-26 16:12:49-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -36,25 +34,32 @@
 
 /* program options and stuff
  */
-extern char rcsid[];
-extern int fAll, fVerbose, fSoftcar, fNoinit, fInteractive, fStrip,
-    fDaemon, fReopen, fReopenall;
-extern char chDefAcc;
-extern in_addr_t bindAddr;
-extern unsigned int bindPort, bindBasePort;
-extern char *pcLogfile;
-extern char *pcConfig;
-extern char *pcPasswd;
-extern int cMaxMemb;
-extern struct sockaddr_in in_port;
-extern char acMyHost[];
-extern struct in_addr acMyAddr;
-extern int domainHack;
-extern int isMaster;
-#if USE_ANSI_PROTO
-extern void reopenLogfile();
-extern void dumpDataStructures();
+extern int fAll, fNoinit, fInteractive, fStrip, fDaemon, fReopen,
+    fNoautoreup, fSyntaxOnly;
+#if USE_IPV6
+extern struct addrinfo *bindAddr;
+extern struct addrinfo *bindBaseAddr;
 #else
-extern void reopenLogfile();
-extern void dumpDataStructures();
+extern in_addr_t bindAddr;
+extern struct sockaddr_in in_port;
 #endif
+extern unsigned short bindPort, bindBasePort;
+extern char *pcConfig;
+extern int cMaxMemb;
+extern CONFIG *optConf;
+extern CONFIG *config;
+extern CONFIG defConfig;
+extern CONSFILE *unifiedlog;
+#if USE_UNIX_DOMAIN_SOCKETS
+extern char *interface;
+#endif
+#if HAVE_OPENSSL
+extern SSL_CTX *ctx;
+#endif
+#if HAVE_GSSAPI
+extern gss_name_t gss_myname;
+extern gss_cred_id_t gss_mycreds;
+#endif
+extern void ReopenLogfile(void);
+extern void ReopenUnifiedlog(void);
+extern void DumpDataStructures(void);

conserver/master.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: master.h,v 5.14 2002-02-25 14:00:38-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -37,10 +35,7 @@
 /*
  * stuff the master process needs
  */
-#if USE_ANSI_PROTO
-extern void Master();
+extern CONSCLIENT *pCLmall;
+extern CONSCLIENT *pCLmfree;
+extern void Master(void);
 extern void SignalKids(int);
-#else
-extern void Master();
-extern void SignalKids();
-#endif

conserver/port.h

@@ -1,85 +0,0 @@
-/*
- *  $Id: port.h,v 1.31 2002-01-21 02:48:33-08 bryan Exp $
- *
- *  Copyright conserver.com, 2000
- *
- *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
- */
-
-#include <config.h>
-
-/*
- * Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
- * 47907.  All rights reserved.
- *
- * Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
- *
- * This software is not subject to any license of the American Telephone
- * and Telegraph Company or the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on
- * any computer system, and to alter it and redistribute it freely, subject
- * to the following restrictions:
- *
- * 1. Neither the authors nor Purdue University are responsible for any
- *    consequences of the use of this software.
- *
- * 2. The origin of this software must not be misrepresented, either by
- *    explicit claim or by omission.  Credit to the authors and Purdue
- *    University must appear in documentation and sources.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- *    misrepresented as being the original software.
- *
- * 4. This notice may not be removed or altered.
- */
-
-/* Wait for a part of a second before slapping console server.
- * Good for CISCO terminal servers that get upset when you
- * attack with intense socket connections
- */
-#if !defined(USLEEP_FOR_SLOW_PORTS)
-# define USLEEP_FOR_SLOW_PORTS 100000
-#endif
-
-/* If, when processing a logfile for replaying the last N lines,
- * we end up seeing more than MAXREPLAYLINELEN characters in a line,
- * abort processing and display the data.  Why?  There could be some
- * very large logfiles and very long lines and we'd chew up lots of
- * memory and send a LOT of data down to the client - all potentially
- * bad.  If there's a line over this in size, would you really want to
- * see the whole thing (and possibly others)?
- */
-#if !defined(MAXREPLAYLINELEN)
-# define MAXREPLAYLINELEN 10000
-#endif
-
-/* the default escape sequence used to give meta commands
- */
-#if !defined(DEFATTN)
-# define DEFATTN	'\005'
-#endif
-#if !defined(DEFESC)
-# define DEFESC		'c'
-#endif
-
-/* communication constants
- */
-#define OB_SUSP		'Z'	/* suspended by server          */
-#define OB_DROP		'.'	/* dropped by server            */
-
-/* For legacy compile-time setting of the port...
- */
-#if ! defined(DEFPORT)
-#  if defined(SERVICENAME)
-#    define DEFPORT SERVICENAME
-#  else
-#    if defined(PORTNUMBER)
-#      define DEFPORT PORTNUMBER
-#    else
-#      define DEFPORT "conserver"
-#    endif
-#  endif
-#endif

conserver/readcfg.h

@@ -1,55 +1,75 @@
 /*
- *  $Id: readcfg.h,v 5.19 2002-02-25 14:00:38-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- *
- *  Copyright GNAC, Inc., 1998
  */
 
-/*
- * Copyright 1992 Purdue Research Foundation, West Lafayette, Indiana
- * 47907.  All rights reserved.
- *
- * Written by Kevin S Braunsdorf, ksb@cc.purdue.edu, purdue!ksb
- *
- * This software is not subject to any license of the American Telephone
- * and Telegraph Company or the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on
- * any computer system, and to alter it and redistribute it freely, subject
- * to the following restrictions:
- *
- * 1. Neither the authors nor Purdue University are responsible for any
- *    consequences of the use of this software.
- *
- * 2. The origin of this software must not be misrepresented, either by
- *    explicit claim or by omission.  Credit to the authors and Purdue
- *    University must appear in documentation and sources.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- *    misrepresented as being the original software.
- *
- * 4. This notice may not be removed or altered.
- */
+#define BREAKDELAYDEFAULT 250
+#define BREAKLISTSIZE 35	/* ('z'-('a'-1))+('9'-('1'-1)) */
+#define BREAKALPHAOFFSET 39	/* ('a'-('9'+1)) */
 
-/* we read in which hosts to trust and which ones we proxy for
- * from a file, into these structures
- */
+typedef struct config {
+    STRING *name;
+    FLAG autocomplete;
+    char defaultaccess;
+    FLAG daemonmode;
+    char *logfile;
+    char *passwdfile;
+    char *primaryport;
+    FLAG redirect;
+    FLAG loghostnames;
+    int reinitcheck; /* stored in sec, configured in min or sec */
+    char *secondaryport;
+    char *unifiedlog;
+    int initdelay;
+#if HAVE_SETPROCTITLE
+    FLAG setproctitle;
+#endif
+#if HAVE_OPENSSL
+    char *sslcredentials;
+    FLAG sslrequired;
+    FLAG sslreqclientcert;
+    char *sslcacertificatefile;
+#endif
+} CONFIG;
 
-extern GRPENT *pGroups;		/* group info                   */
+typedef struct breaks {
+    STRING *seq;
+    int delay;
+    FLAG confirm;
+} BREAKS;
+
+typedef struct tasks {
+    char id;
+    STRING *cmd;
+    STRING *descr;
+    uid_t uid;
+    gid_t gid;
+    char *subst;
+    FLAG confirm;
+    struct tasks *next;
+} TASKS;
+
+extern NAMES *userList;		/* user list */
+extern GRPENT *pGroups;		/* group info */
 extern REMOTE *pRCList;		/* list of remote consoles we know about */
 extern REMOTE *pRCUniq;		/* list of uniq console servers */
-extern ACCESS *pACList;		/* `who do you love' (or trust)         */
-extern STRING *breakList;	/* list of break sequences              */
+extern ACCESS *pACList;		/* `who do you love' (or trust) */
+extern CONSENTUSERS *pADList;	/* list of admin users */
+extern CONSENTUSERS *pLUList;	/* list of limited users */
+extern BREAKS breakList[BREAKLISTSIZE];	/* list of break sequences */
+extern TASKS *taskList;		/* list of tasks */
+extern SUBST *taskSubst;	/* substitution function data for tasks */
+extern CONFIG *pConfig;		/* settings seen by config parser */
+extern SUBST *substData;	/* substitution function data */
 
-#if USE_ANSI_PROTO
 extern void ReadCfg(char *, FILE *);
-extern char *pruneSpace(char *);
-extern void ReReadCfg();
-#else
-extern void ReadCfg();
-extern char *pruneSpace();
-extern void ReReadCfg();
-#endif
+extern void ReReadCfg(int, int);
+extern void DestroyBreakList(void);
+extern void InitBreakList(void);
+extern void DestroyTaskList(void);
+extern void DestroyUserList(void);
+extern void DestroyConfig(CONFIG *);
+extern NAMES *FindUserList(char *);
+extern NAMES *AddUserList(char *);
+extern CONSENT *FindConsoleName(CONSENT *, char *);

conserver/util.c

@@ -1,904 +0,0 @@
-/*
- *  $Id: util.c,v 1.46 2002-03-11 18:26:51-08 bryan Exp $
- *
- *  Copyright conserver.com, 2000
- *
- *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- */
-#include <config.h>
-
-#include <stdio.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <ctype.h>
-
-#include <compat.h>
-#include <port.h>
-#include <util.h>
-
-int outputPid = 0;
-char *progname = "conserver package";
-int thepid = 0;
-int fDebug = 0;
-
-/* in the routines below (the init code) we can bomb if malloc fails	(ksb)
- */
-void
-#if USE_ANSI_PROTO
-OutOfMem()
-#else
-OutOfMem()
-#endif
-{
-    static char acNoMem[] = ": out of memory\n";
-
-    write(2, progname, strlen(progname));
-    write(2, acNoMem, sizeof(acNoMem) - 1);
-    exit(EX_UNAVAILABLE);
-}
-
-char *
-#if USE_ANSI_PROTO
-buildMyStringChar(const char ch, STRING * msg)
-#else
-buildMyStringChar(ch, msg)
-    const char ch;
-    STRING *msg;
-#endif
-{
-    if (msg->used + 1 >= msg->allocated) {
-	if (0 == msg->allocated) {
-	    msg->allocated = 1024 * sizeof(char);
-	    msg->string = (char *)calloc(1, msg->allocated);
-	} else {
-	    msg->allocated += 1024 * sizeof(char);
-	    msg->string = (char *)realloc(msg->string, msg->allocated);
-	}
-	Debug(2, "buildMyStringChar: tried allocating %lu bytes",
-	      msg->allocated);
-	if (msg->string == (char *)0)
-	    OutOfMem();
-    }
-    if (msg->used) {
-	msg->string[msg->used - 1] = ch;	/* overwrite NULL and */
-	msg->string[msg->used++] = '\000';	/* increment by one */
-	Debug(2, "buildMyStringChar: added 1 char (%d/%d now)", msg->used,
-	      msg->allocated);
-    } else {
-	msg->string[msg->used++] = ch;	/* no NULL, so store stuff */
-	msg->string[msg->used++] = '\000';	/* and increment by two */
-	Debug(2, "buildMyStringChar: added 2 chars (%d/%d now)", msg->used,
-	      msg->allocated);
-    }
-    return msg->string;
-}
-
-char *
-#if USE_ANSI_PROTO
-buildMyString(const char *str, STRING * msg)
-#else
-buildMyString(str, msg)
-    const char *str;
-    STRING *msg;
-#endif
-{
-    int len;
-
-    if ((char *)0 == str) {
-	msg->used = 0;
-	if (msg->string != (char *)0)
-	    msg->string[0] = '\000';
-	Debug(2, "buildMyString: reset");
-	return msg->string;
-    }
-    len = strlen(str) + 1;
-    if (msg->used + len >= msg->allocated) {
-	if (0 == msg->allocated) {
-	    msg->allocated = (len / 1024 + 1) * 1024 * sizeof(char);
-	    msg->string = (char *)calloc(1, msg->allocated);
-	} else {
-	    msg->allocated += (len / 1024 + 1) * 1024 * sizeof(char);
-	    msg->string = (char *)realloc(msg->string, msg->allocated);
-	}
-	Debug(2, "buildMyString: tried allocating %lu bytes",
-	      msg->allocated);
-	if (msg->string == (char *)0)
-	    OutOfMem();
-    }
-#if HAVE_MEMCPY
-    (void)memcpy(msg->string + (msg->used ? msg->used - 1 : 0), str, len);
-#else
-    (void)bcopy(str, msg->string + (msg->used ? msg->used - 1 : 0), len);
-#endif
-    if (msg->used)
-	len--;
-    msg->used += len;
-    Debug(2, "buildMyString: added %d chars (%d/%d now)", len, msg->used,
-	  msg->allocated);
-    return msg->string;
-}
-
-void
-#if USE_ANSI_PROTO
-initString(STRING * msg)
-#else
-initString(msg)
-    STRING *msg;
-#endif
-{
-    msg->string = (char *)0;
-    msg->used = msg->allocated = 0;
-}
-
-void
-#if USE_ANSI_PROTO
-destroyString(STRING * msg)
-#else
-destroyString(msg)
-    STRING *msg;
-#endif
-{
-    if (msg->allocated)
-	free(msg->string);
-    initString(msg);
-}
-
-static STRING mymsg = { (char *)0, 0, 0 };
-
-char *
-#if USE_ANSI_PROTO
-buildString(const char *str)
-#else
-buildString(str)
-    const char *str;
-#endif
-{
-    return buildMyString(str, &mymsg);
-}
-
-char *
-#if USE_ANSI_PROTO
-buildStringChar(const char c)
-#else
-buildStringChar(c)
-    const char c;
-#endif
-{
-    return buildMyStringChar(c, &mymsg);
-}
-
-char *
-#if USE_ANSI_PROTO
-readLine(FILE * fp, STRING * save, int *iLine)
-#else
-readLine(fp, save, iLine)
-    FILE *fp;
-    STRING *save;
-    int *iLine;
-#endif
-{
-    static char buf[1024];
-    char *wholeline = (char *)0;
-    char *ret = (char *)0;
-    int i, buflen, peek, commentCheck = 1, comment = 0;
-    static STRING bufstr = { (char *)0, 0, 0 };
-    static STRING wholestr = { (char *)0, 0, 0 };
-
-
-    peek = 0;
-    wholeline = (char *)0;
-    buildMyString((char *)0, &bufstr);
-    buildMyString((char *)0, &wholestr);
-    while (save->used || ((ret = fgets(buf, sizeof(buf), fp)) != (char *)0)
-	   || peek) {
-	/* If we have a previously saved line, use it instead */
-	if (save->used) {
-	    (void)strcpy(buf, save->string);
-	    buildMyString((char *)0, save);
-	}
-
-	if (peek) {
-	    /* End of file?  Never mind. */
-	    if (ret == (char *)0)
-		break;
-
-	    /* If we don't have a line continuation and we've seen
-	     * some worthy data
-	     */
-	    if (!isspace((int)buf[0]) && (wholeline != (char *)0)) {
-		buildMyString((char *)0, save);
-		buildMyString(buf, save);
-		break;
-	    }
-
-	    peek = 0;
-	}
-
-	if (commentCheck) {
-	    for (i = 0; buf[i] != '\000'; i++)
-		if (!isspace((int)buf[i]))
-		    break;
-	    if (buf[i] == '#') {
-		comment = 1;
-		commentCheck = 0;
-	    } else if (buf[i] != '\000') {
-		commentCheck = 0;
-	    }
-	}
-
-	/* Check for EOL */
-	buflen = strlen(buf);
-	if ((buflen >= 1) && (buf[buflen - 1] == '\n')) {
-	    (*iLine)++;		/* Finally have a whole line */
-	    if (comment == 0 && commentCheck == 0) {
-		/* Finish off the chunk without the \n */
-		buf[buflen - 1] = '\000';
-		buildMyString(buf, &bufstr);
-		wholeline = buildMyString(bufstr.string, &wholestr);
-	    }
-	    peek = 1;
-	    comment = 0;
-	    commentCheck = 1;
-	    buildMyString((char *)0, &bufstr);
-	} else {
-	    /* Save off the partial chunk */
-	    buildMyString(buf, &bufstr);
-	}
-    }
-
-    /* If we hit the EOF and weren't peeking ahead
-     * and it's not a comment
-     */
-    if (!peek && (ret == (char *)0) && (comment == 0) &&
-	(commentCheck == 0)) {
-	(*iLine)++;
-	wholeline = buildMyString(bufstr.string, &wholestr);
-    }
-
-    Debug(1, "readLine: returning <%s>",
-	  (wholeline != (char *)0) ? wholeline : "<NULL>");
-    return wholeline;
-}
-
-void
-#if USE_ANSI_PROTO
-FmtCtlStr(char *pcIn, STRING * pcOut)
-#else
-FmtCtlStr(pcIn, pcOut)
-    char *pcIn;
-    STRING *pcOut;
-#endif
-{
-    unsigned char c;
-
-    buildMyString((char *)0, pcOut);
-    for (; *pcIn != '\000'; pcIn++) {
-	c = *pcIn & 0xff;
-	if (c > 127) {
-	    c -= 128;
-	    buildMyString("M-", pcOut);
-	}
-
-	if (c < ' ' || c == '\177') {
-	    buildMyStringChar('^', pcOut);
-	    buildMyStringChar(c ^ 0100, pcOut);
-	} else {
-	    buildMyStringChar(c, pcOut);
-	}
-    }
-}
-
-void
-#if USE_ANSI_PROTO
-Debug(int level, char *fmt, ...)
-#else
-Debug(level, fmt, va_alist)
-    int level;
-    char *fmt;
-    va_dcl
-#endif
-{
-    va_list ap;
-#if USE_ANSI_PROTO
-    va_start(ap, fmt);
-#else
-    va_start(ap);
-#endif
-    if (fDebug < level)
-	return;
-    if (outputPid)
-	fprintf(stderr, "%s (%d): DEBUG: ", progname, thepid);
-    else
-	fprintf(stderr, "%s: DEBUG: ", progname);
-    vfprintf(stderr, fmt, ap);
-    fprintf(stderr, "\n");
-    va_end(ap);
-}
-
-void
-#if USE_ANSI_PROTO
-Error(char *fmt, ...)
-#else
-Error(fmt, va_alist)
-    char *fmt;
-    va_dcl
-#endif
-{
-    va_list ap;
-#if USE_ANSI_PROTO
-    va_start(ap, fmt);
-#else
-    va_start(ap);
-#endif
-    if (outputPid)
-	fprintf(stderr, "%s (%d): ", progname, thepid);
-    else
-	fprintf(stderr, "%s: ", progname);
-    vfprintf(stderr, fmt, ap);
-    fprintf(stderr, "\n");
-    va_end(ap);
-}
-
-void
-#if USE_ANSI_PROTO
-Info(char *fmt, ...)
-#else
-Info(fmt, va_alist)
-    char *fmt;
-    va_dcl
-#endif
-{
-    va_list ap;
-#if USE_ANSI_PROTO
-    va_start(ap, fmt);
-#else
-    va_start(ap);
-#endif
-    if (outputPid)
-	fprintf(stdout, "%s (%d): ", progname, thepid);
-    else
-	fprintf(stdout, "%s: ", progname);
-    vfprintf(stdout, fmt, ap);
-    fprintf(stdout, "\n");
-    va_end(ap);
-}
-
-void
-#if USE_ANSI_PROTO
-simpleSignal(int sig, RETSIGTYPE(*disp) (int))
-#else
-simpleSignal(sig, disp)
-    int sig;
-RETSIGTYPE(*disp) (int);
-#endif
-{
-#if HAVE_SIGACTION
-    struct sigaction sa;
-
-    sa.sa_handler = disp;
-    sa.sa_flags = 0;
-    sigemptyset(&sa.sa_mask);
-    sigaction(sig, &sa, NULL);
-#else
-    (void)signal(sig, disp);
-#endif
-}
-
-int
-#if USE_ANSI_PROTO
-cmaxfiles()
-#else
-cmaxfiles()
-#endif
-{
-    int mf;
-#ifdef HAVE_SYSCONF
-    mf = sysconf(_SC_OPEN_MAX);
-#else
-# ifdef HAVE_GETRLIMIT
-    struct rlimit rl;
-
-    (void)getrlimit(RLIMIT_NOFILE, &rl);
-    mf = rl.rlim_cur;
-# else
-#  ifdef HAVE_GETDTABLESIZE
-    mf = getdtablesize();
-#  else
-#   ifndef OPEN_MAX
-#    define OPEN_MAX 64
-#   endif /* !OPEN_MAX */
-    mf = OPEN_MAX;
-#  endif /* HAVE_GETDTABLESIZE */
-# endif	/* HAVE_GETRLIMIT */
-#endif /* HAVE_SYSCONF */
-#ifdef FD_SETSIZE
-    if (FD_SETSIZE <= mf) {
-	mf = (FD_SETSIZE - 1);
-    }
-#endif
-    Debug(1, "maxfiles=%d", mf);
-    return mf;
-}
-
-/* Routines for the generic I/O stuff for conserver.  This will handle
- * all open(), close(), read(), and write() calls.
- */
-
-/* This encapsulates a regular file descriptor in a CONSFILE
- * object.  Returns a CONSFILE pointer to that object.
- */
-CONSFILE *
-#if USE_ANSI_PROTO
-fileOpenFD(int fd, enum consFileType type)
-#else
-fileOpenFD(fd, type)
-    int fd;
-    enum consFileType type;
-#endif
-{
-    CONSFILE *cfp;
-
-    cfp = (CONSFILE *) calloc(1, sizeof(CONSFILE));
-    if ((CONSFILE *) 0 == cfp)
-	OutOfMem();
-    cfp->ftype = type;
-    cfp->fd = fd;
-
-    Debug(1, "File I/O: Encapsulated fd %d type %d", fd, type);
-    return cfp;
-}
-
-/* This is to "unencapsulate" the file descriptor */
-int
-#if USE_ANSI_PROTO
-fileUnopen(CONSFILE * cfp)
-#else
-fileUnopen(cfp)
-    CONSFILE *cfp;
-#endif
-{
-    int retval = 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	    retval = cfp->fd;
-	    break;
-	case simpleSocket:
-	    retval = cfp->fd;
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = cfp->sslfd;
-	    break;
-#endif
-    }
-    Debug(1, "File I/O: Unopened fd %d", cfp->fd);
-    free(cfp);
-
-    return retval;
-}
-
-/* This opens a file like open(2).  Returns a CONSFILE pointer
- * or a (CONSFILE *)0 on error
- */
-CONSFILE *
-#if USE_ANSI_PROTO
-fileOpen(const char *path, int flag, int mode)
-#else
-fileOpen(path, flag, mode)
-    const char *path;
-    int flag;
-    int mode;
-#endif
-{
-    CONSFILE *cfp;
-    int fd;
-
-    if (-1 == (fd = open(path, flag, mode))) {
-	Debug(1, "File I/O: Failed to open `%s'", path);
-	return (CONSFILE *) 0;
-    }
-    cfp = (CONSFILE *) calloc(1, sizeof(CONSFILE));
-    if ((CONSFILE *) 0 == cfp)
-	OutOfMem();
-    cfp->ftype = simpleFile;
-    cfp->fd = fd;
-
-    Debug(1, "File I/O: Opened `%s' as fd %d", path, fd);
-    return cfp;
-}
-
-/* Unless otherwise stated, returns the same values as close(2).
- * The CONSFILE object passed in *CANNOT* be used once calling
- * this function - even if there was an error.
- */
-int
-#if USE_ANSI_PROTO
-fileClose(CONSFILE ** pcfp)
-#else
-fileClose(cfp)
-    CONSFILE **pcfp;
-#endif
-{
-    CONSFILE *cfp;
-    int retval = 0;
-#if defined(__CYGWIN__)
-    int client_sock_flags;
-    struct linger lingeropt;
-#endif
-
-    cfp = *pcfp;
-    if (cfp == (CONSFILE *) 0)
-	return 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	    retval = close(cfp->fd);
-	    break;
-	case simpleSocket:
-#if defined(__CYGWIN__)
-	    /* flush out the client socket - set it to blocking,
-	     * then write to it
-	     */
-	    client_sock_flags = fcntl(cfp->fd, F_GETFL, 0);
-	    if (client_sock_flags != -1)
-		/* enable blocking */
-		fcntl(cfp->fd, F_SETFL, client_sock_flags & ~O_NONBLOCK);
-
-	    /* sent it a byte - guaranteed to block - ensure delivery
-	     * of prior data yeah - this is a bit paranoid - try
-	     * without this at first
-	     */
-	    /* write(cfp->fd, "\n", 1); */
-
-	    /* this is the guts of the workaround for Winsock close bug */
-	    shutdown(cfp->fd, 1);
-
-	    /* enable lingering */
-	    lingeropt.l_onoff = 1;
-	    lingeropt.l_linger = 15;
-	    setsockopt(cfp->fd, SOL_SOCKET, SO_LINGER, &lingeropt,
-		       sizeof(lingeropt));
-#endif
-	    retval = close(cfp->fd);
-
-
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = SSL_close(cfp->sslfd);
-	    break;
-#endif
-    }
-    Debug(1, "File I/O: Closed fd %d", cfp->fd);
-    free(cfp);
-    *pcfp = (CONSFILE *) 0;
-
-    return retval;
-}
-
-/* Unless otherwise stated, returns the same values as read(2) */
-int
-#if USE_ANSI_PROTO
-fileRead(CONSFILE * cfp, void *buf, int len)
-#else
-fileRead(cfp, buf, len)
-    CONSFILE *cfp;
-    void *buf;
-    int len;
-#endif
-{
-    int retval = 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	case simpleSocket:
-	    retval = read(cfp->fd, buf, len);
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = SSL_read(cfp->sslfd, buf, len);
-	    break;
-#endif
-    }
-
-    if (retval >= 0) {
-	Debug(1, "File I/O: Read %d byte%s from fd %d", retval,
-	      (retval == 1) ? "" : "s", cfp->fd);
-    } else {
-	Debug(1, "File I/O: Read of %d byte%s from fd %d: %s", len,
-	      (retval == 1) ? "" : "s", cfp->fd, strerror(errno));
-    }
-    return retval;
-}
-
-/* Unless otherwise stated, returns the same values as write(2) */
-int
-#if USE_ANSI_PROTO
-fileWrite(CONSFILE * cfp, const char *buf, int len)
-#else
-fileWrite(cfp, buf, len)
-    CONSFILE *cfp;
-    const char *buf;
-    int len;
-#endif
-{
-    int len_orig = len;
-    int len_out = 0;
-    int retval = 0;
-
-    if (buf == (char *)0)
-	return 0;
-
-    if (len < 0)
-	len = strlen(buf);
-
-    if (len == 0)
-	return 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	case simpleSocket:
-	    while (len > 0) {
-		if ((retval = write(cfp->fd, buf, len)) < 0) {
-		    break;
-		}
-		buf += retval;
-		len -= retval;
-		len_out += retval;
-	    }
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    len_out = retval = SSL_write(cfp->sslfd, buf, len);
-	    break;
-#endif
-    }
-
-    if (len_out >= 0) {
-	Debug(1, "File I/O: Wrote %d byte%s to fd %d", len_out,
-	      (len_out == 1) ? "" : "s", cfp->fd);
-    } else {
-	Debug(1, "File I/O: Write of %d byte%s to fd %d: %s", len_orig,
-	      (len_out == 1) ? "" : "s", cfp->fd, strerror(errno));
-    }
-    return len_out;
-}
-
-void
-#if USE_ANSI_PROTO
-fileVwrite(CONSFILE * cfp, const char *fmt, va_list ap)
-#else
-fileVwrite(cfp, fmt, ap)
-    CONSFILE *cfp;
-    const char *fmt;
-    va_list ap;
-#endif
-{
-    int s, l, e;
-    char c;
-    static STRING msg = { (char *)0, 0, 0 };
-    static short int flong, fneg;
-
-    if (fmt == (char *)0)
-	return;
-
-    fneg = flong = 0;
-    for (e = s = l = 0; (c = fmt[s + l]) != '\000'; l++) {
-	if (c == '%') {
-	    if (e) {
-		e = 0;
-		fileWrite(cfp, "%", 1);
-	    } else {
-		e = 1;
-		fileWrite(cfp, fmt + s, l);
-		s += l;
-		l = 0;
-	    }
-	    continue;
-	}
-	if (e) {
-	    unsigned long i;
-	    int u;
-	    char *p;
-	    char cc;
-	    switch (c) {
-		case 'l':
-		    flong = 1;
-		    continue;
-		case 'c':
-		    cc = (char)va_arg(ap, int);
-		    fileWrite(cfp, &cc, 1);
-		    break;
-		case 's':
-		    p = va_arg(ap, char *);
-		    fileWrite(cfp, p, -1);
-		    break;
-		case 'd':
-		    i = (flong ? va_arg(ap, long) : (long)va_arg(ap, int));
-		    if ((long)i < 0) {
-			fneg = 1;
-			i = -i;
-		    }
-		    goto number;
-		case 'u':
-		    i = (flong ? va_arg(ap, unsigned long)
-			 : (unsigned long)va_arg(ap, unsigned int));
-		  number:
-		    buildMyString((char *)0, &msg);
-		    while (i >= 10) {
-			buildMyStringChar((i % 10) + '0', &msg);
-			i /= 10;
-		    }
-		    buildMyStringChar(i + '0', &msg);
-		    /* reverse the text to put it in forward order
-		     */
-		    u = msg.used - 1;
-		    for (i = 0; i < u / 2; i++) {
-			char temp;
-
-			temp = msg.string[i];
-			msg.string[i]
-			    = msg.string[u - i - 1];
-			msg.string[u - i - 1] = temp;
-		    }
-		    if (fneg) {
-			fileWrite(cfp, "-", 1);
-			fneg = 0;
-		    }
-		    fileWrite(cfp, msg.string, msg.used - 1);
-		    break;
-		default:
-		    Error("unknown conversion character `%c' in `%s'", c,
-			  fmt);
-		    break;
-	    }
-	    s += l + 1;
-	    l = -1;
-	    e = flong = 0;
-	}
-    }
-    if (l)
-	fileWrite(cfp, fmt + s, l);
-}
-
-void
-#if USE_ANSI_PROTO
-filePrint(CONSFILE * cfp, const char *fmt, ...)
-#else
-filePrint(cfp, fmt, va_alist)
-    CONSFILE *cfp;
-    const char *fmt;
-    va_dcl
-#endif
-{
-    va_list ap;
-#if USE_ANSI_PROTO
-    va_start(ap, fmt);
-#else
-    va_start(ap);
-#endif
-    fileVwrite(cfp, fmt, ap);
-    va_end(ap);
-}
-
-/* Unless otherwise stated, returns the same values as fstat(2) */
-int
-#if USE_ANSI_PROTO
-fileStat(CONSFILE * cfp, struct stat *buf)
-#else
-fileStat(cfp, buf)
-    CONSFILE *cfp;
-    struct stat *buf;
-#endif
-{
-    int retval = 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	    retval = fstat(cfp->fd, buf);
-	    break;
-	case simpleSocket:
-	    retval = fstat(cfp->fd, buf);
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = -1;
-	    break;
-#endif
-    }
-
-    return retval;
-}
-
-/* Unless otherwise stated, returns the same values as lseek(2) */
-int
-#if USE_ANSI_PROTO
-fileSeek(CONSFILE * cfp, off_t offset, int whence)
-#else
-fileSeek(cfp, offset, whence)
-    CONSFILE *cfp;
-    off_t offset;
-    int whence;
-#endif
-{
-    int retval = 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	    retval = lseek(cfp->fd, offset, whence);
-	    break;
-	case simpleSocket:
-	    retval = lseek(cfp->fd, offset, whence);
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = -1;
-	    break;
-#endif
-    }
-
-    return retval;
-}
-
-/* Unless otherwise stated, returns the same values as lseek(2) */
-int
-#if USE_ANSI_PROTO
-fileFDNum(CONSFILE * cfp)
-#else
-fileFDNum(cfp)
-    CONSFILE *cfp;
-#endif
-{
-    int retval = 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	    retval = cfp->fd;
-	    break;
-	case simpleSocket:
-	    retval = cfp->fd;
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = -1;
-	    break;
-#endif
-    }
-
-    return retval;
-}
-
-/* Unless otherwise stated, returns the same values as send(2) */
-int
-#if USE_ANSI_PROTO
-fileSend(CONSFILE * cfp, const void *msg, size_t len, int flags)
-#else
-fileSend(cfp, msg, len, flags)
-    CONSFILE *cfp;
-    const void *msg;
-    size_t len;
-    int flags;
-#endif
-{
-    int retval = 0;
-
-    switch (cfp->ftype) {
-	case simpleFile:
-	    retval = send(cfp->fd, msg, len, flags);
-	    break;
-	case simpleSocket:
-	    retval = send(cfp->fd, msg, len, flags);
-	    break;
-#ifdef TLS_SUPPORT
-	case TLSSocket:
-	    retval = -1;
-	    break;
-#endif
-    }
-
-    return retval;
-}

conserver/util.h

@@ -1,103 +0,0 @@
-/*
- *  $Id: util.h,v 1.22 2002-02-25 14:00:38-08 bryan Exp $
- *
- *  Copyright conserver.com, 2000
- *
- *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
- */
-
-#if USE_ANSI_PROTO
-#include <stdarg.h>
-#else
-#include <varargs.h>
-#endif
-
-/* Struct to wrap information about a "file"...
- * This can be a socket, local file, whatever.  We do this so
- * we can add encryption to sockets (and generalize I/O).
- */
-enum consFileType {
-    simpleFile,
-    simpleSocket,
-#ifdef TLS_SUPPORT
-    TLSSocket,
-#endif
-};
-
-typedef struct dynamicString {
-    char *string;
-    int used;
-    int allocated;
-} STRING;
-
-typedef struct consFile {
-    /* Standard socket type stuff */
-    enum consFileType ftype;
-    int fd;
-#ifdef TLS_SUPPORT
-    /* TLS/SSL stuff */
-    SSL_CTX *ctx;
-    SSL *sslfd;
-    BIO *sbio;
-    int ctx_connections;
-#endif
-    /* Add crypto stuff to suit */
-} CONSFILE;
-
-extern int outputPid, fDebug;
-extern char *progname;
-extern int thepid;
-
-#if USE_ANSI_PROTO
-extern void Debug(int, char *, ...);
-extern void Error(char *, ...);
-extern void Info(char *, ...);
-extern void simpleSignal(int, RETSIGTYPE(*)(int));
-extern int cmaxfiles();
-extern void FmtCtlStr(char *, STRING *);
-extern CONSFILE *fileOpenFD(int, enum consFileType);
-extern CONSFILE *fileOpen(const char *, int, int);
-extern int fileClose(CONSFILE **);
-extern int fileRead(CONSFILE *, void *, int);
-extern int fileWrite(CONSFILE *, const char *, int);
-extern void fileVwrite(CONSFILE *, const char *, va_list);
-extern void filePrint(CONSFILE *, const char *, ...);
-extern int fileStat(CONSFILE *, struct stat *);
-extern int fileSeek(CONSFILE *, off_t, int);
-extern int fileSend(CONSFILE *, const void *, size_t, int);
-extern int fileFDNum(CONSFILE *);
-extern void OutOfMem();
-extern char *buildString(const char *);
-extern char *buildStringChar(const char);
-extern char *buildMyString(const char *, STRING *);
-extern char *buildMyStringChar(const char, STRING *);
-extern void initString(STRING *);
-extern void destroyString(STRING *);
-extern char *readLine(FILE *, STRING *, int *);
-#else
-extern void Debug();
-extern void Error();
-extern void Info();
-extern void simpleSignal();
-extern int cmaxfiles();
-extern void FmtCtlStr();
-extern CONSFILE *fileOpenFD();
-extern CONSFILE *fileOpen();
-extern int fileClose();
-extern int fileRead();
-extern int fileWrite();
-extern void fileVWrite();
-extern void filePrint();
-extern int fileStat();
-extern int fileSeek();
-extern int fileSend();
-extern int fileFDNum();
-extern void OutOfMem();
-extern char *buildString();
-extern char *buildStringChar();
-extern char *buildMyString();
-extern char *buildMyStringChar();
-extern void initString();
-extern void destroyString();
-extern char *readLine();
-#endif

conserver/version.h

@@ -1,6 +1,4 @@
 /*
- *  $Id: version.h,v 1.34 2002-03-11 18:11:36-08 bryan Exp $
- *
  *  Copyright conserver.com, 2000
  *
  *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
@@ -14,4 +12,9 @@
 @(#) Copyright 2000 conserver.com.\n\
 All rights reserved.\n"
 
-#define THIS_VERSION "conserver.com version 7.2.0"
+#define VERSION_DATE	"2022/07/07"
+#define VERSION_MAJOR	8
+#define VERSION_MINOR	2
+#define VERSION_REV	7
+#define VERSION_TEXT	"conserver.com version"
+#define VERSION_UINT	(VERSION_MAJOR * 1000000 + VERSION_MINOR * 1000 + VERSION_REV)

console/Makefile.in

@@ -1,5 +1,7 @@
 ### Path settings
+datarootdir = @datarootdir@
 srcdir = @srcdir@
+VPATH = @srcdir@
 top_srcdir = @top_srcdir@
 prefix = @prefix@
 exec_prefix = @exec_prefix@
@@ -15,7 +17,7 @@ MKDIR = @MKDIR@
 
 ### Compiler and link options
 CC	= @CC@
-CFLAGS	= @CFLAGS@ # -DPUCC -DSUN5
+CFLAGS	= @CFLAGS@
 DEFS	= @DEFS@ -DSYSCONFDIR=\"$(sysconfdir)\"
 CPPFLAGS = -I.. -I$(top_srcdir) -I$(srcdir) -I$(top_srcdir)/conserver $(DEFS) @CPPFLAGS@
 LDFLAGS	= @LDFLAGS@
@@ -25,18 +27,23 @@ LIBS	= @LIBS@
 
 ### Makefile rules - no user-servicable parts below
 
-CONSOLE_OBJS = console.o ../conserver/util.o
-CONSOLE_HDRS = ../config.h $(top_srcdir)/compat.h $(top_srcdir)/conserver/port.h
+CONSOLE_OBJS = console.o getpassword.o readconf.o ../conserver/cutil.o
+CONSOLE_HDRS = ../config.h $(top_srcdir)/compat.h \
+	       $(top_srcdir)/conserver/cutil.h \
+	       $(top_srcdir)/conserver/version.h \
+	       $(srcdir)/getpassword.h $(srcdir)/readconf.h
 ALL = console
 
 
 all: $(ALL)
 
+$(CONSOLE_OBJS): $(CONSOLE_HDRS)
+
 console: $(CONSOLE_OBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o console $(CONSOLE_OBJS) $(LIBS)
 
-../conserver/util.o:
-	( cd ../conserver && $(MAKE) $(MAKE_FLAGS) util.o ) || exit 1;
+../conserver/cutil.o:
+	( cd ../conserver && $(MAKE) $(MAKE_FLAGS) cutil.o ) || exit 1;
 
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
@@ -51,6 +58,6 @@ install: console
 	$(MKDIR) $(DESTDIR)$(bindir)
 	$(INSTALL_PROGRAM) console $(DESTDIR)$(bindir)
 	$(MKDIR) $(DESTDIR)$(mandir)/man1
-	$(INSTALL) console.man $(DESTDIR)$(mandir)/man1/console.1
+	$(INSTALL) -m 0644 console.man $(DESTDIR)$(mandir)/man1/console.1
 
 .PHONY: clean distclean install

console/console.man

@@ -1,362 +0,0 @@
-.\" $Id: console.man,v 1.20 2002-03-11 18:06:31-08 bryan Exp $
-.TH CONSOLE 1 "Local"
-.SH NAME
-console \- console server client program
-.SH SYNOPSIS
-\fBconsole\fP [\fB\-aAfFGsS\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
-[\fB\-p\fP \fIport\fP] [\fB\-e\fP \fIesc\fP] [\fB\-l\fP \fIuser\fP]
-\fIconsole\fP
-.br
-\fBconsole\fP [\fB\-hPrRuVwx\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
-[\fB\-p\fP \fIport\fP] [\fB\-b\fP \fImessage\fP]
-.br
-\fBconsole\fP [\fB\-qQ\fP] [\fB\-7Dv\fP] [\fB\-M\fP \fImach\fP]
-[\fB\-p\fP \fIport\fP]
-.SH DESCRIPTION
-.B Console
-is used to manipulate console terminals remotely or to poll running
-\fBconserver\fP(8) daemons for status information.
-.PP
-In the first form above,
-.B console
-asks the user's password before
-granting interactive access to a console (on a non-trusted system),
-since such a session may provide single-user access.
-Only as much of the console name as is required to
-identify it uniquely to the server is required.
-.PP
-For non-interactive options,
-.B console
-outputs only the requested information and exits.
-.PP
-.B Console
-knows only of a primary
-.B conserver
-host
-(see the \fB\-M\fP option below),
-to which it initially connects.
-In a multi-server environment, the primary server may refer
-the client to a different server handling the requested console,
-or it will provide a list of all servers if required
-(as when
-.B console
-is invoked with the
-.RB ` \-r '
-option).
-.B Console
-then opens connections to the appropriate server(s).
-It is not necessary for the user of
-.B console
-to know which server manages which consoles,
-as long as
-.B console
-knows a valid primary server
-and all available consoles are listed in the primary server's
-configuration file.
-.SH OPTIONS
-.PP
-Options may be given as separate arguments (e.g., \fB\-v -w\fP)
-or clustered (e.g., \fB\-vw\fP).
-Options and their arguments may be separated by optional white space.
-Option arguments containing spaces or other characters special to the shell
-must be quoted.
-.TP
-.B \-7
-Strip the high bit off of all data received,
-whether from user input or from the server,
-before any processing occurs.
-Disallows escape sequence characters with the high bit set.
-.TP
-.B \-a
-Access a console with a two-way (read-write) connection (this is the default).
-The connection is dropped to spy mode if someone else is attached read-write.
-.TP
-.BI \-b message
-Broadcast a \fImessage\fP to all users connected to the console server.
-.TP
-.B \-D
-Enable debugging output.
-.TP
-.BI \-e esc
-Set the initial two-character escape sequence to
-those represented by \fIesc\fP.
-Any of the forms output by \fBcat\fP(1)'s \-\fBv\fP option
-are accepted.  The default value is ``\fB^Ec\fP''.
-.TP
-.B \-f
-Same as \fB\-a\fP except it will force any existing connection into spy mode.
-.TP
-.B \-G
-Request a raw connection to the group control virtual console;
-this is only useful for learning the protocol used by the
-interactive sequence.
-.TP
-.B \-h
-Display a brief help message.
-.TP
-.B \-i
-Display information in a machine-parseable format (see below for the details).
-.TP
-.BI \-l user
-Set the login name used for authentication to \fIuser\fP.
-By default, \fBconsole\fP uses $USER if its uid matches the user's real uid,
-or $LOGNAME if its uid matches the user's real uid,
-or else the name associated with the user's real uid.
-.TP
-.BI \-M mach
-The \fBconsole\fP client program polls \fImach\fP as the primary server,
-rather than the default set at compile time (typically ``\fBconsole\fP'').
-The default \fImach\fP may be changed at compile time using the
-\fB--with-master\fP option.
-.TP
-.BI \-p port
-Set the port to connect to.  This may be either a port number
-or a service name.  The default \fIport\fP may be changed at compile time
-using the \fB--with-port\fP option.
-.TP
-.B \-P
-Display the pid of the master daemon process on each server.
-.TP
-.B \-q
-The \fBconsole\fP client connects to each server to request that the
-server daemon quit (shut down).  The root password of the host(s)
-running conserver is required unless the local host is listed as
-``trusted'' in the conserver.cf file; in that case, just
-press <return>.
-.TP
-.B \-Q
-Same as \fB\-q\fP but just acts on the primary server.
-.TP
-.B \-r
-Display daemon versions.  The \fBconsole\fP client connects to each
-server to request its version information.
-.TP
-.B \-R
-Same as \fB\-r\fP but just acts on the primary server.
-.TP
-.B \-s
-Request a read-only (spy mode) connection.
-In this mode all the escape sequences (below) work, or report errors,
-but all other keyboard input is discarded.
-.TP
-.B \-u
-Show a list of all consoles with status (`up' or `down')
-and attached users (\fIuser\fP@\fIhost\fP if attached read-write,
-`<spies>' if only users in spy mode, or `<none>').
-.TP
-.B \-v
-Be more verbose when building the connection(s).
-Use this option in combination with any of `show' options (below)
-for added benefit.
-.TP
-.B \-V
-Output the version and settings of the console client program
-and then exit.
-.TP
-.B \-w
-Show a list of all who are currently connected to consoles,
-including the hostnames where the \fBconsole\fP connections originate
-and the idle times.  This is useful to see if anybody is actively
-using the console system if it becomes necessary to shut down
-\fBconserver\fP.
-.TP
-.B \-x
-Show a list of consoles and devices.
-.PP
-The \fB\-A\fP, \fB\-F\fP, or \fB\-S\fP options have the same effect as
-their lower-case variants.
-In addition, they each request the last 20 lines of the console output after
-making the connection (as if `\fB^Ecr\fP' were typed).
-.PP
-The \fB-i\fP option outputs information regarding each console in 
-ten colon-separated fields.
-.TP
-.B name
-The name of the console.
-.TP
-.B hostname,pid,socket
-The hostname, pid, and socket number of the child process managing
-the console.
-.TP
-.B type
-The type of console.  Values will be a `/' for a local device, `|' for
-a command, or `!' for a remote port.
-.TP
-.B console-details
-The details regarding the console.  The values here (all comma seperated)
-depend on the type of the console.  Local devices will have values of
-the device file, baud rate, and file descriptor for the device.
-Commands will have values of the command, the command's pid, the
-pseudo-tty, and file descriptor for the pseudo-tty.
-Remote ports will have values of the remote hostname, remote port number,
-and file descriptor for the socket connection.
-.TP
-.B users-list
-The details of each user connected to the console.  The details for each
-user are an `@' seperated list of `w', `r', or `s' (for read-write, read-only,
-or suspended), username, hostname the user is on, and the user's idle time.
-Each user bundle is seperated by commas.
-.TP
-.B state
-The state of the console.  Values with either be ``up'' or ``down''.
-.TP
-.B perm
-This value will either be ``rw'' or ``ro''.  It will only be ``ro'' if
-the console is a local device (`/' type) and the permissions are such
-that the server can open the file for read, but not write.
-.TP
-.B logfile-details
-The details regarding the logging for the console.  The comma seperated
-values will be the logfile, ``log'' or ``nolog'' (if logging is on
-or not - toggled via ^EcL), ``act'' or ``noact'' (if activity logging is
-enabled or not - the `a' timestamp option), the timestamp interval, and
-the file descriptor of the logfile.
-.TP
-.B break
-The default break sequence used for the console.
-.TP
-.B reup
-If the console is currently down and the automatic reconnection code
-is at work, it will have the value of ``autoup'', otherwise it
-will be ``noautoup''.
-.SH "ESCAPE SEQUENCES"
-The connection can be controlled by a two-character escape sequence, followed
-by a command.  The default escape sequence is ``control-E c''
-(octal 005 143).
-(The escape sequences are actually processed by the server; see the
-.BR conserver (8)
-man page for more information.)
-Commands are:
-.sp
-.PD 0
-.IP a
-attach read-write if nobody already is
-.IP b
-send broadcast message to all users on this console
-.IP c
-toggle flow control (don't do this)
-.IP d
-down the current console
-.IP e\fIcc\fP
-change the escape sequence to the next two characters
-.IP f
-forcibly attach read-write
-.IP g
-group info
-.IP L
-toggle logging on/off
-.IP l?
-list the break sequences available
-.IP l0
-send the break sequence associated with this console
-.IP l1-9
-send the specific break sequence
-.IP o
-close (if open) and reopen the line (to clear errors (silo overflows))
-and the log file
-.IP p
-replay the last 60 lines of output
-.IP r
-replay the last 20 lines of output
-.IP s
-switch to spy mode (read-only)
-.IP u
-show status of hosts/users in this group
-.IP v
-show the version of the group server
-.IP w
-who is using this console
-.IP x
-examine this group's devices and modes
-.IP z
-suspend this connection
-.IP ?
-display list of commands
-.IP "^M (return)"
-continue, ignore the escape sequence
-.IP "^R (ctrl-R)"
-replay the last line only
-.IP \e\\fIooo\fP
-send character having octal code \fIooo\fP
-(must specify three octal digits)
-.IP \.
-disconnect
-.PD
-.PP
-If any other character is hit after the escape sequence, all three characters
-will be discarded.
-Note that a line break or a down command
-can only be sent from a full two-way attachment.
-To send the escape sequence through the connection one must redefine
-the outer escape sequence, or use \fB^Ec\\\fP\fIooo\fP to send the
-first escape character before typing the second character directly.
-.PP
-In the \fB\-u\fP output, the login ``<none>'' indicates no one is
-viewing that console, and the login ``<spies>'' indicates that
-no one has a full two-way attachment.  When no one is attached to
-a console its output is cloned to the stdout of the server process
-if \fBconserver\fP was started with the \fB\-u\fP option.
-.SH EXAMPLES
-.TP
-console \-u
-Outputs something like:
-.sp
-.RS
-.ta 18n 24n
-dumb	up	<none>
-.br
-expert	up	ksb@mentor
-.br
-tyro	up	<spies>
-.br
-mentor	up	<none>
-.br
-sage	up	fine@cis
-.DT
-.RE
-.IP
-The \fB<none>\fP indicates no one is viewing \fIdumb\fP or \fImentor\fP,
-the \fB<spies>\fP indicates only read-only connections exist for \fItyro\fP,
-and
-other \fIlogin\fP@\fIhost\fP entries indicate users attached read-write to
-\fIsage\fP and \fIexpert\fP.
-.TP
-console \-w
-Outputs something like:
-.sp
-.RS
-.ta 18n 26n 32n
-ksb@extra	attach	2days	expert
-.br
-file@cis	attach	21:46	sage
-.br
-dmr@alice	spy	\00:04	tyro
-.DT
-.RE
-.IP
-The third column is the idle time of the user.
-Either \fIhours\fP:\fIminutes\fP or number of days is displayed.
-.TP
-console \-e \*(lq^[1\*(rq lv426
-Requests a connection to the host ``lv426'' with the escape characters
-set to ``escape one''.
-.SH BUGS
-All client/server traffic (including root and user passwords) is
-passed ``in the clear''.  Extreme care should be taken to insure no one
-is ``snooping'' this private data.  One day the traffic will be encrypted.
-.PP
-It is possible to create a loop of console connections, with ugly results.
-Never run \fBconsole\fP from within a console connection (unless you set each
-escape sequence differently).
-.PP
-The \fB\-G\fP option doesn't help to explain how connections get built.
-.SH AUTHORS
-Thomas A. Fine, Ohio State Computer Science
-.br
-Kevin Braunsdorf, Purdue University Computing Center
-.br
-Bryan Stansell, conserver.com
-.SH "SEE ALSO"
-.BR conserver.cf (5),
-.BR conserver.passwd (5),
-.BR conserver (8)

console/getpassword.c

@@ -0,0 +1,138 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ *
+ *  Copyright GNAC, Inc., 1998
+ */
+
+#include <compat.h>
+
+#include <pwd.h>
+
+#include <cutil.h>
+#include <version.h>
+
+
+/* the next two routines assure that the users tty is in the
+ * correct mode for us to do our thing
+ */
+static int screwy = 0;
+static struct termios o_tios;
+/* this holds the password given to us by the user */
+static STRING *pass = (STRING *)0;
+
+
+/*
+ * show characters that are already tty processed,
+ * and read characters before cononical processing
+ * we really use cbreak at PUCC because we need even parity...
+ */
+static void
+C2Raw(int fd)
+{
+    struct termios n_tios;
+
+    if (!isatty(fd) || 0 != screwy)
+	return;
+
+    if (0 != tcgetattr(fd, &o_tios)) {
+	Error("tcgetattr(%d): %s", fd, strerror(errno));
+	Bye(EX_UNAVAILABLE);
+    }
+    n_tios = o_tios;
+    n_tios.c_iflag &= ~(IUCLC | IXON);
+    n_tios.c_oflag &= ~OPOST;
+    n_tios.c_lflag &= ~(ISIG | ECHO | IEXTEN);
+    n_tios.c_cc[VMIN] = 1;
+    n_tios.c_cc[VTIME] = 0;
+    if (0 != tcsetattr(fd, TCSANOW, &n_tios)) {
+	Error("tcsetattr(%d, TCSANOW): %s", fd, strerror(errno));
+	Bye(EX_UNAVAILABLE);
+    }
+    screwy = 1;
+}
+
+/*
+ * put the tty back as it was, however that was
+ */
+static void
+C2Normal(int fd)
+{
+    if (!screwy)
+	return;
+    tcsetattr(fd, TCSANOW, &o_tios);
+    screwy = 0;
+}
+
+char *
+GetPassword(char *prompt)
+{
+    int fd;
+    int nc;
+    char buf[BUFSIZ];
+    int done = 0;
+
+    if (prompt == (char *)0)
+	prompt = "";
+    if ((pass = AllocString()) == (STRING *)0)
+	OutOfMem();
+    BuildString((char *)0, pass);
+
+    if ((fd = open("/dev/tty", O_RDWR)) == -1) {
+	Error("could not open `/dev/tty': %s", strerror(errno));
+	return (char *)0;
+    }
+
+    C2Raw(fd);
+    write(fd, prompt, strlen(prompt));
+    while (!done) {
+	int i;
+	if ((nc = read(0, buf, sizeof(buf))) == 0)
+	    break;
+	for (i = 0; i < nc; ++i) {
+	    if (buf[i] == 0x0d || buf[i] == 0x0a) {
+		/* CR, NL */
+		done = 1;
+		break;
+	    } else
+		BuildStringChar(buf[i], pass);
+	}
+    }
+    C2Normal(fd);
+    /*
+       {
+       static STRING *c = (STRING *) 0;
+       if ((c = AllocString()) == (STRING *) 0)
+       OutOfMem();
+       write(fd, "\n'", 2);
+       if (pass->used) {
+       FmtCtlStr(pass->string, pass->used - 1, c);
+       write(fd, c->string, c->used - 1);
+       }
+       write(fd, "'\n", 2);
+       }
+     */
+    write(fd, "\n", 1);
+    close(fd);
+    /* this way a (char*)0 is only returned on error */
+    if (pass->string == (char *)0)
+	return "";
+    else
+	return pass->string;
+}
+
+void
+ClearPassword(void)
+{
+    if (pass == (STRING *)0 || pass->allocated == 0)
+	return;
+
+#if HAVE_MEMSET
+    memset((void *)(pass->string), '\000', pass->allocated);
+#else
+    bzero((char *)(pass->string), pass->allocated);
+#endif
+
+    BuildString((char *)0, pass);
+}

console/getpassword.h

@@ -0,0 +1,8 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+extern char *GetPassword(char *);
+extern void *ClearPassword(void);

console/readconf.c

@@ -0,0 +1,726 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+#include <compat.h>
+
+#include <cutil.h>
+#include <readconf.h>
+
+CONFIG *parserConfigTemp = (CONFIG *)0;
+CONFIG *parserConfigDefault = (CONFIG *)0;
+CONFIG *pConfig = (CONFIG *)0;
+TERM *parserTermTemp = (TERM *)0;
+TERM *parserTermDefault = (TERM *)0;
+TERM *pTerm = (TERM *)0;
+
+void
+DestroyConfig(CONFIG *c)
+{
+    if (c == (CONFIG *)0)
+	return;
+    if (c->username != (char *)0)
+	free(c->username);
+    if (c->master != (char *)0)
+	free(c->master);
+    if (c->port != (char *)0)
+	free(c->port);
+    if (c->escape != (char *)0)
+	free(c->escape);
+#if HAVE_OPENSSL
+    if (c->sslcredentials != (char *)0)
+	free(c->sslcredentials);
+    if (c->sslcacertificatefile != (char *)0)
+	free(c->sslcacertificatefile);
+    if (c->sslcacertificatepath != (char *)0)
+	free(c->sslcacertificatepath);
+#endif
+    free(c);
+}
+
+void
+ApplyConfigDefault(CONFIG *c)
+{
+    if (parserConfigDefault == (CONFIG *)0)
+	return;
+
+    if (parserConfigDefault->username != (char *)0) {
+	if (c->username != (char *)0)
+	    free(c->username);
+	if ((c->username =
+	     StrDup(parserConfigDefault->username)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->master != (char *)0) {
+	if (c->master != (char *)0)
+	    free(c->master);
+	if ((c->master = StrDup(parserConfigDefault->master)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->port != (char *)0) {
+	if (c->port != (char *)0)
+	    free(c->port);
+	if ((c->port = StrDup(parserConfigDefault->port)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->escape != (char *)0) {
+	if (c->escape != (char *)0)
+	    free(c->escape);
+	if ((c->escape = StrDup(parserConfigDefault->escape)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->striphigh != FLAGUNKNOWN)
+	c->striphigh = parserConfigDefault->striphigh;
+    if (parserConfigDefault->replay != FLAGUNKNOWN)
+	c->replay = parserConfigDefault->replay;
+    if (parserConfigDefault->playback != FLAGUNKNOWN)
+	c->playback = parserConfigDefault->playback;
+#if HAVE_OPENSSL
+    if (parserConfigDefault->sslcredentials != (char *)0) {
+	if (c->sslcredentials != (char *)0)
+	    free(c->sslcredentials);
+	if ((c->sslcredentials =
+	     StrDup(parserConfigDefault->sslcredentials)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->sslcacertificatefile != (char *)0) {
+	if (c->sslcacertificatefile != (char *)0)
+	    free(c->sslcacertificatefile);
+	if ((c->sslcacertificatefile =
+	     StrDup(parserConfigDefault->sslcacertificatefile)) ==
+	    (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->sslcacertificatepath != (char *)0) {
+	if (c->sslcacertificatepath != (char *)0)
+	    free(c->sslcacertificatepath);
+	if ((c->sslcacertificatepath =
+	     StrDup(parserConfigDefault->sslcacertificatepath)) ==
+	    (char *)0)
+	    OutOfMem();
+    }
+    if (parserConfigDefault->sslrequired != FLAGUNKNOWN)
+	c->sslrequired = parserConfigDefault->sslrequired;
+    if (parserConfigDefault->sslenabled != FLAGUNKNOWN)
+	c->sslenabled = parserConfigDefault->sslenabled;
+#endif
+}
+
+void
+ConfigBegin(char *id)
+{
+    CONDDEBUG((1, "ConfigBegin(%s) [%s:%d]", id, file, line));
+    if (id == (char *)0 || id[0] == '\000') {
+	Error("empty config name [%s:%d]", file, line);
+	return;
+    }
+    if (parserConfigTemp != (CONFIG *)0)
+	DestroyConfig(parserConfigTemp);
+    if ((parserConfigTemp = (CONFIG *)calloc(1, sizeof(CONFIG)))
+	== (CONFIG *)0)
+	OutOfMem();
+    ApplyConfigDefault(parserConfigTemp);
+    parserConfigTemp->name = AllocString();
+    BuildString(id, parserConfigTemp->name);
+}
+
+void
+ConfigEnd(void)
+{
+    CONDDEBUG((1, "ConfigEnd() [%s:%d]", file, line));
+
+    if (parserConfigTemp == (CONFIG *)0)
+	return;
+
+    if (parserConfigTemp->name->used > 1) {
+	if ((parserConfigTemp->name->string[0] == '*' &&
+	     parserConfigTemp->name->string[1] == '\000') ||
+	    IsMe(parserConfigTemp->name->string)) {
+	    DestroyConfig(parserConfigDefault);
+	    parserConfigDefault = parserConfigTemp;
+	    parserConfigTemp = (CONFIG *)0;
+	}
+    }
+
+    DestroyConfig(parserConfigTemp);
+    parserConfigTemp = (CONFIG *)0;
+}
+
+void
+ConfigAbort(void)
+{
+    CONDDEBUG((1, "ConfigAbort() [%s:%d]", file, line));
+    if (parserConfigTemp == (CONFIG *)0)
+	return;
+
+    DestroyConfig(parserConfigTemp);
+    parserConfigTemp = (CONFIG *)0;
+}
+
+void
+ConfigDestroy(void)
+{
+    CONDDEBUG((1, "ConfigDestroy() [%s:%d]", file, line));
+
+    if (parserConfigTemp != (CONFIG *)0) {
+	DestroyConfig(parserConfigTemp);
+	parserConfigTemp = (CONFIG *)0;
+    }
+
+    if (parserConfigDefault != (CONFIG *)0) {
+	DestroyConfig(pConfig);
+	pConfig = parserConfigDefault;
+	parserConfigDefault = (CONFIG *)0;
+    }
+}
+
+void
+DestroyTerminal(TERM *t)
+{
+    if (t == (TERM *)0)
+	return;
+    if (t->attach != (char *)0)
+	free(t->attach);
+    if (t->attachsubst != (char *)0)
+	free(t->attachsubst);
+    if (t->detach != (char *)0)
+	free(t->detach);
+    if (t->detachsubst != (char *)0)
+	free(t->detachsubst);
+    free(t);
+}
+
+void
+ApplyTermDefault(TERM *t)
+{
+    if (parserTermDefault == (TERM *)0)
+	return;
+
+    if (parserTermDefault->attach != (char *)0) {
+	if (t->attach != (char *)0)
+	    free(t->attach);
+	if ((t->attach = StrDup(parserTermDefault->attach)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserTermDefault->attachsubst != (char *)0) {
+	if (t->attachsubst != (char *)0)
+	    free(t->attachsubst);
+	if ((t->attachsubst =
+	     StrDup(parserTermDefault->attachsubst)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserTermDefault->detach != (char *)0) {
+	if (t->detach != (char *)0)
+	    free(t->detach);
+	if ((t->detach = StrDup(parserTermDefault->detach)) == (char *)0)
+	    OutOfMem();
+    }
+    if (parserTermDefault->detachsubst != (char *)0) {
+	if (t->detachsubst != (char *)0)
+	    free(t->detachsubst);
+	if ((t->detachsubst =
+	     StrDup(parserTermDefault->detachsubst)) == (char *)0)
+	    OutOfMem();
+    }
+}
+
+void
+TerminalBegin(char *id)
+{
+    CONDDEBUG((1, "TerminalBegin(%s) [%s:%d]", id, file, line));
+    if (id == (char *)0 || id[0] == '\000') {
+	Error("empty terminal name [%s:%d]", file, line);
+	return;
+    }
+    if (parserTermTemp != (TERM *)0)
+	DestroyTerminal(parserTermTemp);
+    if ((parserTermTemp = (TERM *)calloc(1, sizeof(TERM)))
+	== (TERM *)0)
+	OutOfMem();
+    ApplyTermDefault(parserTermTemp);
+    parserTermTemp->name = AllocString();
+    BuildString(id, parserTermTemp->name);
+}
+
+void
+TerminalEnd(void)
+{
+    static char *term = (char *)0;
+
+    CONDDEBUG((1, "TerminalEnd() [%s:%d]", file, line));
+
+    if (parserTermTemp == (TERM *)0)
+	return;
+
+    if (term == (char *)0) {
+	if ((term = getenv("TERM")) == (char *)0) {
+	    term = "";
+	}
+    }
+
+    if (parserTermTemp->name->used > 1) {
+	if ((parserTermTemp->name->string[0] == '*' &&
+	     parserTermTemp->name->string[1] == '\000') ||
+	    strcmp(parserTermTemp->name->string, term) == 0) {
+	    DestroyTerminal(parserTermDefault);
+	    parserTermDefault = parserTermTemp;
+	    parserTermTemp = (TERM *)0;
+	}
+    }
+
+    DestroyTerminal(parserTermTemp);
+    parserTermTemp = (TERM *)0;
+}
+
+void
+TerminalAbort(void)
+{
+    CONDDEBUG((1, "TerminalAbort() [%s:%d]", file, line));
+    if (parserTermTemp == (TERM *)0)
+	return;
+
+    DestroyTerminal(parserTermTemp);
+    parserTermTemp = (TERM *)0;
+}
+
+void
+TerminalDestroy(void)
+{
+    CONDDEBUG((1, "TerminalDestroy() [%s:%d]", file, line));
+
+    if (parserTermTemp != (TERM *)0) {
+	DestroyTerminal(parserTermTemp);
+	parserTermTemp = (TERM *)0;
+    }
+
+    if (parserTermDefault != (TERM *)0) {
+	DestroyTerminal(pTerm);
+	pTerm = parserTermDefault;
+	parserTermDefault = (TERM *)0;
+    }
+}
+
+void
+ProcessYesNo(char *id, FLAG *flag)
+{
+    if (id == (char *)0 || id[0] == '\000')
+	*flag = FLAGFALSE;
+    else if (strcasecmp("yes", id) == 0 || strcasecmp("true", id) == 0 ||
+	     strcasecmp("on", id) == 0)
+	*flag = FLAGTRUE;
+    else if (strcasecmp("no", id) == 0 || strcasecmp("false", id) == 0 ||
+	     strcasecmp("off", id) == 0)
+	*flag = FLAGFALSE;
+}
+
+void
+ConfigItemEscape(char *id)
+{
+    CONDDEBUG((1, "ConfigItemEscape(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->escape != (char *)0)
+	free(parserConfigTemp->escape);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->escape = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->escape = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+ConfigItemMaster(char *id)
+{
+    CONDDEBUG((1, "ConfigItemMaster(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->master != (char *)0)
+	free(parserConfigTemp->master);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->master = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->master = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+ConfigItemPlayback(char *id)
+{
+    int i;
+
+    CONDDEBUG((1, "ConfigItemPlayback(%s) [%s:%d]", id, file, line));
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->playback = 0;
+	return;
+    }
+    for (i = 0; id[i] != '\000'; i++) {
+	if (!isdigit((int)id[i])) {
+	    Error("invalid playback value [%s:%d]", file, line);
+	    return;
+	}
+    }
+    if (i > 4) {
+	Error("playback value too large [%s:%d]", file, line);
+	return;
+    }
+    parserConfigTemp->playback = (unsigned short)atoi(id) + 1;
+}
+
+void
+ConfigItemPort(char *id)
+{
+    CONDDEBUG((1, "ConfigItemPort(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->port != (char *)0)
+	free(parserConfigTemp->port);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->port = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->port = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+ConfigItemReplay(char *id)
+{
+    int i;
+
+    CONDDEBUG((1, "ConfigItemReplay(%s) [%s:%d]", id, file, line));
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->replay = 0;
+	return;
+    }
+    for (i = 0; id[i] != '\000'; i++) {
+	if (!isdigit((int)id[i])) {
+	    Error("invalid replay value [%s:%d]", file, line);
+	    return;
+	}
+    }
+    if (i > 4) {
+	Error("replay value too large [%s:%d]", file, line);
+	return;
+    }
+    parserConfigTemp->replay = (unsigned short)atoi(id) + 1;
+}
+
+void
+ConfigItemSslcredentials(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslcredentials(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslcredentials != (char *)0)
+	free(parserConfigTemp->sslcredentials);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslcredentials = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslcredentials = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslcredentials ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslcacertificatefile(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslcacertificatefile(%s) [%s:%d]", id, file,
+	       line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslcacertificatefile != (char *)0)
+	free(parserConfigTemp->sslcacertificatefile);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslcacertificatefile = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslcacertificatefile = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslcacertificatefile ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslcacertificatepath(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslcacertificatepath(%s) [%s:%d]", id, file,
+	       line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslcacertificatepath != (char *)0)
+	free(parserConfigTemp->sslcacertificatepath);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslcacertificatepath = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslcacertificatepath = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslcacertificatepath ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslrequired(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslrequired(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    ProcessYesNo(id, &(parserConfigTemp->sslrequired));
+#else
+    Error
+	("sslrequired ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+ConfigItemSslenabled(char *id)
+{
+    CONDDEBUG((1, "ConfigItemSslenabled(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    ProcessYesNo(id, &(parserConfigTemp->sslenabled));
+#else
+    Error("sslenabled ignored - encryption not compiled into code [%s:%d]",
+	  file, line);
+#endif
+}
+
+void
+ConfigItemStriphigh(char *id)
+{
+    CONDDEBUG((1, "ConfigItemStriphigh(%s) [%s:%d]", id, file, line));
+    ProcessYesNo(id, &(parserConfigTemp->striphigh));
+}
+
+void
+ConfigItemUsername(char *id)
+{
+    CONDDEBUG((1, "ConfigItemUsername(%s) [%s:%d]", id, file, line));
+
+    if (parserConfigTemp->username != (char *)0)
+	free(parserConfigTemp->username);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->username = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->username = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+SUBST *substData = (SUBST *)0;
+
+SUBSTTOKEN
+SubstToken(char c)
+{
+    switch (c) {
+	case 'u':
+	case 'c':
+	    return ISSTRING;
+	default:
+	    return ISNOTHING;
+    }
+}
+
+int
+SubstValue(char c, char **s, int *i)
+{
+    int retval = 0;
+
+    if (s != (char **)0) {
+	CONFIG *pc;
+	if (substData->data == (void *)0)
+	    return 0;
+
+	pc = (CONFIG *)(substData->data);
+	if (c == 'u') {
+	    (*s) = pc->username;
+	    retval = 1;
+	} else if (c == 'c') {
+	    (*s) = pc->console;
+	    retval = 1;
+	}
+    }
+
+    return retval;
+}
+
+void
+InitSubstCallback(void)
+{
+    if (substData == (SUBST *)0) {
+	if ((substData = (SUBST *)calloc(1, sizeof(SUBST))) == (SUBST *)0)
+	    OutOfMem();
+	substData->value = &SubstValue;
+	substData->token = &SubstToken;
+    }
+}
+
+
+void
+TerminalItemAttach(char *id)
+{
+    CONDDEBUG((1, "TerminalItemAttach(%s) [%s:%d]", id, file, line));
+
+    if (parserTermTemp->attach != (char *)0)
+	free(parserTermTemp->attach);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserTermTemp->attach = (char *)0;
+	return;
+    }
+    if ((parserTermTemp->attach = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+TerminalItemAttachsubst(char *id)
+{
+    CONDDEBUG((1, "TerminalItemAttachsubst(%s) [%s:%d]", id, file, line));
+    ProcessSubst(substData, (char **)0, &(parserTermTemp->attachsubst),
+		 "attachsubst", id);
+}
+
+void
+TerminalItemDetach(char *id)
+{
+    CONDDEBUG((1, "TerminalItemDetach(%s) [%s:%d]", id, file, line));
+
+    if (parserTermTemp->detach != (char *)0)
+	free(parserTermTemp->detach);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserTermTemp->detach = (char *)0;
+	return;
+    }
+    if ((parserTermTemp->detach = StrDup(id)) == (char *)0)
+	OutOfMem();
+}
+
+void
+TerminalItemDetachsubst(char *id)
+{
+    CONDDEBUG((1, "TerminalItemDetachsubst(%s) [%s:%d]", id, file, line));
+    ProcessSubst(substData, (char **)0, &(parserTermTemp->detachsubst),
+		 "detachsubst", id);
+}
+
+ITEM keyConfig[] = {
+    {"escape", ConfigItemEscape},
+    {"master", ConfigItemMaster},
+    {"playback", ConfigItemPlayback},
+    {"port", ConfigItemPort},
+    {"replay", ConfigItemReplay},
+    {"sslcredentials", ConfigItemSslcredentials},
+    {"sslcacertificatefile", ConfigItemSslcacertificatefile},
+    {"sslcacertificatepath", ConfigItemSslcacertificatepath},
+    {"sslrequired", ConfigItemSslrequired},
+    {"sslenabled", ConfigItemSslenabled},
+    {"striphigh", ConfigItemStriphigh},
+    {"username", ConfigItemUsername},
+    {(char *)0, (void *)0}
+};
+
+ITEM keyTerminal[] = {
+    {"attach", TerminalItemAttach},
+    {"attachsubst", TerminalItemAttachsubst},
+    {"detach", TerminalItemDetach},
+    {"detachsubst", TerminalItemDetachsubst},
+    {(char *)0, (void *)0}
+};
+
+SECTION sections[] = {
+    {"config", ConfigBegin, ConfigEnd, ConfigAbort, ConfigDestroy,
+     keyConfig},
+    {"terminal", TerminalBegin, TerminalEnd, TerminalAbort,
+     TerminalDestroy, keyTerminal},
+    {(char *)0, (void *)0, (void *)0, (void *)0, (void *)0}
+};
+
+void
+ReadConf(char *filename, FLAG verbose)
+{
+    FILE *fp;
+
+    if ((FILE *)0 == (fp = fopen(filename, "r"))) {
+	if (verbose == FLAGTRUE)
+	    Error("could not open `%s'", filename);
+	return;
+    }
+
+    /* initialize the substition bits */
+    InitSubstCallback();
+
+    parserConfigDefault = pConfig;
+    pConfig = (CONFIG *)0;
+
+    parserTermDefault = pTerm;
+    pTerm = (TERM *)0;
+
+    ParseFile(filename, fp, 0);
+
+    /* shouldn't really happen, but in case i screw up the stuff
+     * ParseFile calls...
+     */
+    if (pConfig == (CONFIG *)0) {
+	if ((pConfig = (CONFIG *)calloc(1, sizeof(CONFIG)))
+	    == (CONFIG *)0)
+	    OutOfMem();
+    }
+
+    if (pTerm == (TERM *)0) {
+	if ((pTerm = (TERM *)calloc(1, sizeof(TERM)))
+	    == (TERM *)0)
+	    OutOfMem();
+    }
+
+    if (fDebug) {
+#define EMPTYSTR(x) x == (char *)0 ? "(null)" : x
+#define FLAGSTR(x) x == FLAGTRUE ? "true" : (x == FLAGFALSE ? "false" : "unset")
+	CONDDEBUG((1, "pConfig->username = %s",
+		   EMPTYSTR(pConfig->username)));
+	CONDDEBUG((1, "pConfig->master = %s", EMPTYSTR(pConfig->master)));
+	CONDDEBUG((1, "pConfig->port = %s", EMPTYSTR(pConfig->port)));
+	CONDDEBUG((1, "pConfig->escape = %s", EMPTYSTR(pConfig->escape)));
+	CONDDEBUG((1, "pConfig->striphigh = %s",
+		   FLAGSTR(pConfig->striphigh)));
+	CONDDEBUG((1, "pConfig->replay = %hu", pConfig->replay));
+	CONDDEBUG((1, "pConfig->playback = %hu", pConfig->playback));
+#if HAVE_OPENSSL
+	CONDDEBUG((1, "pConfig->sslcredentials = %s",
+		   EMPTYSTR(pConfig->sslcredentials)));
+	CONDDEBUG((1, "pConfig->sslcacertificatefile = %s",
+		   EMPTYSTR(pConfig->sslcacertificatefile)));
+	CONDDEBUG((1, "pConfig->sslcacertificatepath = %s",
+		   EMPTYSTR(pConfig->sslcacertificatepath)));
+	CONDDEBUG((1, "pConfig->sslrequired = %s",
+		   FLAGSTR(pConfig->sslrequired)));
+	CONDDEBUG((1, "pConfig->sslenabled = %s",
+		   FLAGSTR(pConfig->sslenabled)));
+#endif
+	CONDDEBUG((1, "pTerm->attach = %s", EMPTYSTR(pTerm->attach)));
+	CONDDEBUG((1, "pTerm->attachsubst = %s",
+		   EMPTYSTR(pTerm->attachsubst)));
+	CONDDEBUG((1, "pTerm->detach = %s", EMPTYSTR(pTerm->detach)));
+	CONDDEBUG((1, "pTerm->detachsubst = %s",
+		   EMPTYSTR(pTerm->detachsubst)));
+    }
+
+    fclose(fp);
+}

console/readconf.h

@@ -0,0 +1,41 @@
+/*
+ *  Copyright conserver.com, 2000
+ *
+ *  Maintainer/Enhancer: Bryan Stansell (bryan@conserver.com)
+ */
+
+typedef struct config {
+    STRING *name;
+    char *console;
+    char *username;
+    char *master;
+    char *port;
+    char *escape;
+    FLAG striphigh;
+    FLAG exitdown;
+    unsigned short replay;
+    unsigned short playback;
+#if HAVE_OPENSSL
+    char *sslcredentials;
+    char *sslcacertificatefile;
+    char *sslcacertificatepath;
+    FLAG sslrequired;
+    FLAG sslenabled;
+#endif
+} CONFIG;
+
+typedef struct term {
+    STRING *name;
+    char *attach;
+    char *attachsubst;
+    char *detach;
+    char *detachsubst;
+} TERM;
+
+extern CONFIG *pConfig;
+extern TERM *pTerm;
+extern SUBST *substData;
+
+extern void ReadConf(char *, FLAG);
+extern void DestroyConfig(CONFIG *);
+extern void DestroyTerminal(TERM *);

contrib/README

@@ -1,5 +1,11 @@
 Various contributions by folks....
 
+    chat
+        Author:   Greg Woods <woods@weird.com>
+	Synopsis: A send/expect program...source code from the NetBSD
+		  distribution and modified by Greg Woods to work
+		  a bit better with conserver
+
     solaris-package
 	Author:   Michael Sullivan <mike@trdlnk.com>
 	Synopsis: Creates a solaris package
@@ -8,11 +14,11 @@ Various contributions by folks....
 	Author:   Paul Heinlein <heinlein@measurecast.com>
 	Synopsis: Files for a Redhat-tuned RPM
 
+    maketestcerts
+	Author:   Bryan Stansell <bryan@conserver.com>
+	Synopsis: Silly script I used to create test SSL certs
+
 I can't verify that these scripts will work for everyone.  Hopefully they
 will be helpful.
 
 Bryan Stansell
-
-#
-#  $Id: README,v 1.2 2001-06-15 06:02:59-07 bryan Exp $
-#

contrib/chat/Makefile.in

@@ -0,0 +1,53 @@
+### Path settings
+datarootdir = @datarootdir@
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sysconfdir = @sysconfdir@
+mandir = @mandir@
+
+### Installation programs and flags
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
+LN_S = @LN_S@
+MKDIR = @MKDIR@
+
+### Compiler and link options
+CC	= @CC@
+CFLAGS	= @CFLAGS@
+DEFS	= @DEFS@
+CPPFLAGS = -I$(top_srcdir) -I$(srcdir) $(DEFS) @CPPFLAGS@
+LDFLAGS	= @LDFLAGS@
+LIBS	= @LIBS@
+@SET_MAKE@
+
+
+### Makefile rules - no user-servicable parts below
+
+CHAT_OBJS = chat.o
+CHAT_HDRS = ../../config.h
+ALL = chat
+
+all: $(ALL)
+
+chat: $(CHAT_OBJS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o chat $(CHAT_OBJS) $(LIBS)
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+
+clean:
+	rm -f *~ *.o $(ALL) core
+
+distclean: clean
+	rm -f Makefile
+
+install: chat
+	$(MKDIR) $(DESTDIR)$(bindir)
+	$(INSTALL_PROGRAM) chat $(DESTDIR)$(bindir)
+	$(MKDIR) $(DESTDIR)$(mandir)/man1
+	$(INSTALL) chat.man $(DESTDIR)$(mandir)/man1/chat.1
+
+.PHONY: clean distclean install

contrib/chat/README

@@ -0,0 +1,8 @@
+Information from Greg Woods <woods@weird.com>:
+
+    This version of "chat" is derived from the NetBSD variant found in
+    /usr/src/usr.sbin/pppd/chat.
+
+    It has had a new '-I' command-line flag added so that it can ignore
+    the fact it's not running on a TTY device (i.e. to allow it to work
+    over a socket).

contrib/chat/chat.man

@@ -0,0 +1,511 @@
+.\" -*- nroff -*-
+.\" manual page [] for chat 1.8
+.\" Id: chat.8,v 1.9 1999/09/06 05:10:23 paulus Exp
+.\" SH section heading
+.\" SS subsection heading
+.\" LP paragraph
+.\" IP indented paragraph
+.\" TP hanging label
+.TH CHAT 8 "22 May 1999" "Chat Version 1.22"
+.SH "NAME"
+chat \- Automated conversational script with a modem
+.SH "SYNOPSIS"
+.B chat
+[
+.I options
+]
+.I script
+.SH "DESCRIPTION"
+.LP
+The \fIchat\fR program defines a conversational exchange between the
+computer and the modem. Its primary purpose is to establish the
+connection between the Point-to-Point Protocol Daemon (\fIpppd\fR) and
+the remote's \fIpppd\fR process.
+.SH "OPTIONS"
+.TP
+.B -f \fI<chat file>
+Read the chat script from the chat \fIfile\fR. The use of this option
+is mutually exclusive with the chat script parameters. The user must
+have read access to the file. Multiple lines are permitted in the
+file. Space or horizontal tab characters should be used to separate
+the strings.
+.TP
+.B -t \fI<timeout>
+Set the timeout for the expected string to be received. If the string
+is not received within the time limit then the reply string is not
+sent. An alternate reply may be sent or the script will fail if there
+is no alternate reply string. A failed script will cause the
+\fIchat\fR program to terminate with a non-zero error code.
+.TP
+.B -r \fI<report file>
+Set the file for output of the report strings. If you use the keyword
+\fIREPORT\fR, the resulting strings are written to this file. If this
+option is not used and you still use \fIREPORT\fR keywords, the
+\fIstderr\fR file is used for the report strings.
+.TP
+.B -e
+Start with the echo option turned on. Echoing may also be turned on
+or off at specific points in the chat script by using the \fIECHO\fR
+keyword. When echoing is enabled, all output from the modem is echoed
+to \fIstderr\fR.
+.TP
+.B -E
+Enables environment variable substituion within chat scripts using the
+standard \fI$xxx\fR syntax.
+.TP
+.B -v
+Request that the \fIchat\fR script be executed in a verbose mode. The
+\fIchat\fR program will then log the execution state of the chat
+script as well as all text received from the modem and the output
+strings sent to the modem.  The default is to log through the SYSLOG;
+the logging method may be altered with the -S and -s flags. SYSLOGs
+are logged to facility LOG_LOCAL2.
+.TP
+.B -V
+Request that the \fIchat\fR script be executed in a stderr verbose
+mode. The \fIchat\fR program will then log all text received from the
+modem and the output strings sent to the modem to the stderr device. This
+device is usually the local console at the station running the chat or
+pppd program.
+.TP
+.B -s
+Use stderr.  All log messages from '-v' and all error messages will be
+sent to stderr.
+.TP
+.B -S
+Do not use the SYSLOG.  By default, error messages are sent to the
+SYSLOG.  The use of -S will prevent both log messages from '-v' and
+error messages from being sent to the SYSLOG (to facility LOG_LOCAL2).
+.TP
+.B -T \fI<phone number>
+Pass in an arbitary string, usually a phone number, that will be
+substituted for the \eT substitution metacharacter in a send string.
+.TP
+.B -U \fI<phone number 2>
+Pass in a second string, usually a phone number, that will be
+substituted for the \eU substitution metacharacter in a send string.
+This is useful when dialing an ISDN terminal adapter that requires two
+numbers.
+.TP
+.B script
+If the script is not specified in a file with the \fI-f\fR option then
+the script is included as parameters to the \fIchat\fR program.
+.SH "CHAT SCRIPT"
+.LP
+The \fIchat\fR script defines the communications.
+.LP
+A script consists of one or more "expect-send" pairs of strings,
+separated by spaces, with an optional "subexpect-subsend" string pair,
+separated by a dash as in the following example:
+.IP
+ogin:-BREAK-ogin: ppp ssword: hello2u2
+.LP
+This line indicates that the \fIchat\fR program should expect the string
+"ogin:". If it fails to receive a login prompt within the time interval
+allotted, it is to send a break sequence to the remote and then expect the
+string "ogin:". If the first "ogin:" is received then the break sequence is
+not generated.
+.LP
+Once it received the login prompt the \fIchat\fR program will send the
+string ppp and then expect the prompt "ssword:". When it receives the
+prompt for the password, it will send the password hello2u2.
+.LP
+A carriage return is normally sent following the reply string. It is not
+expected in the "expect" string unless it is specifically requested by using
+the \er character sequence.
+.LP
+The expect sequence should contain only what is needed to identify the
+string. Since it is normally stored on a disk file, it should not contain
+variable information. It is generally not acceptable to look for time
+strings, network identification strings, or other variable pieces of data as
+an expect string.
+.LP
+To help correct for characters which may be corrupted during the initial
+sequence, look for the string "ogin:" rather than "login:". It is possible
+that the leading "l" character may be received in error and you may never
+find the string even though it was sent by the system. For this reason,
+scripts look for "ogin:" rather than "login:" and "ssword:" rather than
+"password:".
+.LP
+A very simple script might look like this:
+.IP
+ogin: ppp ssword: hello2u2
+.LP
+In other words, expect ....ogin:, send ppp, expect ...ssword:, send hello2u2.
+.LP
+In actual practice, simple scripts are rare. At the vary least, you
+should include sub-expect sequences should the original string not be
+received. For example, consider the following script:
+.IP
+ogin:--ogin: ppp ssword: hello2u2
+.LP
+This would be a better script than the simple one used earlier. This would look
+for the same login: prompt, however, if one was not received, a single
+return sequence is sent and then it will look for login: again. Should line
+noise obscure the first login prompt then sending the empty line will
+usually generate a login prompt again.
+.SH "COMMENTS"
+Comments can be embedded in the chat script. A comment is a line which
+starts with the \fB#\fR (hash) character in column 1. Such comment
+lines are just ignored by the chat program. If a '#' character is to
+be expected as the first character of the expect sequence, you should
+quote the expect string, or give its octal value, `\e043'.
+In a script file if you want to wait for a prompt that starts with a '#'
+character, you would have to write something like this:
+.IP
+# Now wait for the prompt and send logout string
+.br
+\'# ' logout
+.SH "SENDING DATA FROM A FILE"
+If the string to send starts with an at sign (@), the rest of the
+string is taken to be the name of a file to read to get the string to
+send.  If the last character of the data read is a newline, it is
+removed.  The file can be a named pipe (or fifo) instead of a regular
+file.  This provides a way for \fBchat\fR to communicate with another
+program, for example, a program to prompt the user and receive a
+password typed in.
+.SH "ABORT STRINGS"
+Many modems will report the status of the call as a string. These
+strings may be \fBCONNECTED\fR or \fBNO CARRIER\fR or \fBBUSY\fR. It
+is often desirable to terminate the script should the modem fail to
+connect to the remote. The difficulty is that a script would not know
+exactly which modem string it may receive. On one attempt, it may
+receive \fBBUSY\fR while the next time it may receive \fBNO CARRIER\fR.
+.LP
+These "abort" strings may be specified in the script using the \fIABORT\fR
+sequence. It is written in the script as in the following example:
+.IP
+ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATDT5551212 CONNECT
+.LP
+This sequence will expect nothing; and then send the string ATZ. The
+expected response to this is the string \fIOK\fR. When it receives \fIOK\fR,
+the string ATDT5551212 to dial the telephone. The expected string is
+\fICONNECT\fR. If the string \fICONNECT\fR is received the remainder of the
+script is executed. However, should the modem find a busy telephone, it will
+send the string \fIBUSY\fR. This will cause the string to match the abort
+character sequence. The script will then fail because it found a match to
+the abort string. If it received the string \fINO CARRIER\fR, it will abort
+for the same reason. Either string may be received. Either string will
+terminate the \fIchat\fR script.
+.SH "CLR_ABORT STRINGS"
+This sequence allows for clearing previously set \fBABORT\fR strings.
+\fBABORT\fR strings are kept in an array of a pre-determined size (at
+compilation time); \fBCLR_ABORT\fR will reclaim the space for cleared
+entries so that new strings can use that space.
+.SH "SAY STRINGS"
+The \fBSAY\fR directive allows the script to send strings to the user
+at the terminal via standard error.  If \fBchat\fR is being run by
+pppd, and pppd is running as a daemon (detached from its controlling
+terminal), standard error will normally be redirected to the file
+/etc/ppp/connect-errors.
+.LP
+\fBSAY\fR strings must be enclosed in single or double quotes. If
+carriage return and line feed are needed in the string to be output,
+you must explicitly add them to your string.
+.LP
+The SAY strings could be used to give progress messages in sections of
+the script where you want to have 'ECHO OFF' but still let the user
+know what is happening.  An example is:
+.IP
+ABORT BUSY
+.br
+ECHO OFF
+.br
+SAY "Dialling your ISP...\en"
+.br
+\'' ATDT5551212
+.br
+TIMEOUT 120
+.br
+SAY "Waiting up to 2 minutes for connection ... "
+.br
+CONNECT ''
+.br
+SAY "Connected, now logging in ...\n"
+.br
+ogin: account
+.br
+ssword: pass
+.br
+$ \c
+SAY "Logged in OK ...\n"
+\fIetc ...\fR
+.LP
+This sequence will only present the SAY strings to the user and all
+the details of the script will remain hidden. For example, if the
+above script works, the user will see:
+.IP
+Dialling your ISP...
+.br
+Waiting up to 2 minutes for connection ... Connected, now logging in ...
+.br
+Logged in OK ...
+.LP
+.SH "REPORT STRINGS"
+A \fBreport\fR string is similar to the ABORT string. The difference
+is that the strings, and all characters to the next control character
+such as a carriage return, are written to the report file.
+.LP
+The report strings may be used to isolate the transmission rate of the
+modem's connect string and return the value to the chat user. The
+analysis of the report string logic occurs in conjunction with the
+other string processing such as looking for the expect string. The use
+of the same string for a report and abort sequence is probably not
+very useful, however, it is possible.
+.LP
+The report strings to no change the completion code of the program.
+.LP
+These "report" strings may be specified in the script using the \fIREPORT\fR
+sequence. It is written in the script as in the following example:
+.IP
+REPORT CONNECT ABORT BUSY '' ATDT5551212 CONNECT '' ogin: account
+.LP
+This sequence will expect nothing; and then send the string
+ATDT5551212 to dial the telephone. The expected string is
+\fICONNECT\fR. If the string \fICONNECT\fR is received the remainder
+of the script is executed. In addition the program will write to the
+expect-file the string "CONNECT" plus any characters which follow it
+such as the connection rate.
+.SH "CLR_REPORT STRINGS"
+This sequence allows for clearing previously set \fBREPORT\fR strings.
+\fBREPORT\fR strings are kept in an array of a pre-determined size (at
+compilation time); \fBCLR_REPORT\fR will reclaim the space for cleared
+entries so that new strings can use that space.
+.SH "ECHO"
+The echo options controls whether the output from the modem is echoed
+to \fIstderr\fR. This option may be set with the \fI-e\fR option, but
+it can also be controlled by the \fIECHO\fR keyword. The "expect-send"
+pair \fIECHO\fR \fION\fR enables echoing, and \fIECHO\fR \fIOFF\fR
+disables it. With this keyword you can select which parts of the
+conversation should be visible. For instance, with the following
+script:
+.IP
+ABORT   'BUSY'
+.br
+ABORT   'NO CARRIER'
+.br
+''      ATZ
+.br
+OK\er\en  ATD1234567
+.br
+\er\en    \ec
+.br
+ECHO    ON
+.br
+CONNECT \ec
+.br
+ogin:   account
+.LP
+all output resulting from modem configuration and dialing is not visible,
+but starting with the \fICONNECT\fR (or \fIBUSY\fR) message, everything
+will be echoed.
+.SH "HANGUP"
+The HANGUP options control whether a modem hangup should be considered
+as an error or not.  This option is useful in scripts for dialling
+systems which will hang up and call your system back.  The HANGUP
+options can be \fBON\fR or \fBOFF\fR.
+.br
+When HANGUP is set OFF and the modem hangs up (e.g., after the first
+stage of logging in to a callback system), \fBchat\fR will continue
+running the script (e.g., waiting for the incoming call and second
+stage login prompt). As soon as the incoming call is connected, you
+should use the \fBHANGUP ON\fR directive to reinstall normal hang up
+signal behavior.  Here is an (simple) example script:
+.IP
+ABORT   'BUSY'
+.br
+''      ATZ
+.br
+OK\er\en  ATD1234567
+.br
+\er\en    \ec
+.br
+CONNECT \ec
+.br
+\'Callback login:' call_back_ID
+.br
+HANGUP OFF
+.br
+ABORT "Bad Login"
+.br
+\'Callback Password:' Call_back_password
+.br
+TIMEOUT 120
+.br
+CONNECT \ec
+.br
+HANGUP ON
+.br
+ABORT "NO CARRIER"
+.br
+ogin:--BREAK--ogin: real_account
+.br
+\fIetc ...\fR
+.LP
+.SH "TIMEOUT"
+The initial timeout value is 45 seconds. This may be changed using the \fB-t\fR
+parameter.
+.LP
+To change the timeout value for the next expect string, the following
+example may be used:
+.IP
+ATZ OK ATDT5551212 CONNECT TIMEOUT 10 ogin:--ogin: TIMEOUT 5 assword: hello2u2
+.LP
+This will change the timeout to 10 seconds when it expects the login:
+prompt. The timeout is then changed to 5 seconds when it looks for the
+password prompt.
+.LP
+The timeout, once changed, remains in effect until it is changed again.
+.SH "SENDING EOT"
+The special reply string of \fIEOT\fR indicates that the chat program
+should send an EOT character to the remote. This is normally the
+End-of-file character sequence. A return character is not sent
+following the EOT.
+.PR
+The EOT sequence may be embedded into the send string using the
+sequence \fI^D\fR.
+.SH "GENERATING BREAK"
+The special reply string of \fIBREAK\fR will cause a break condition
+to be sent. The break is a special signal on the transmitter. The
+normal processing on the receiver is to change the transmission rate.
+It may be used to cycle through the available transmission rates on
+the remote until you are able to receive a valid login prompt.
+.PR
+The break sequence may be embedded into the send string using the
+\fI\eK\fR sequence.
+.SH "ESCAPE SEQUENCES"
+The expect and reply strings may contain escape sequences. All of the
+sequences are legal in the reply string. Many are legal in the expect.
+Those which are not valid in the expect sequence are so indicated.
+.TP
+.B ''
+Expects or sends a null string. If you send a null string then it will still
+send the return character. This sequence may either be a pair of apostrophe
+or quote characters.
+.TP
+.B \eb
+represents a backspace character.
+.TP
+.B \ec
+Suppresses the newline at the end of the reply string. This is the only
+method to send a string without a trailing return character. It must
+be at the end of the send string. For example,
+the sequence hello\ec will simply send the characters h, e, l, l, o.
+.I (not valid in expect.)
+.TP
+.B \ed
+Delay for one second. The program uses sleep(1) which will delay to a
+maximum of one second.
+.I (not valid in expect.)
+.TP
+.B \eK
+Insert a BREAK
+.I (not valid in expect.)
+.TP
+.B \en
+Send a newline or linefeed character.
+.TP
+.B \eN
+Send a null character. The same sequence may be represented by \e0.
+.I (not valid in expect.)
+.TP
+.B \ep
+Pause for a fraction of a second. The delay is 1/10th of a second.
+.I (not valid in expect.)
+.TP
+.B \eq
+Suppress writing the string to the SYSLOG. The string ?????? is
+written to the log in its place.
+.I (not valid in expect.)
+.TP
+.B \er
+Send or expect a carriage return.
+.TP
+.B \es
+Represents a space character in the string. This may be used when it
+is not desirable to quote the strings which contains spaces. The
+sequence 'HI\ TIM' and HI\esTIM are the same.
+.TP
+.B \et
+Send or expect a tab character.
+.TP
+.B \eT
+Send the phone number string as specified with the \fI-T\fR option
+.I (not valid in expect.)
+.TP
+.B \eU
+Send the phone number 2 string as specified with the \fI-U\fR option
+.I (not valid in expect.)
+.TP
+.B \e\e
+Send or expect a backslash character.
+.TP
+.B \eddd
+Collapse the octal digits (ddd) into a single ASCII character and send that
+character.
+.I (some characters are not valid in expect.)
+.TP
+.B \^^C
+Substitute the sequence with the control character represented by C.
+For example, the character DC1 (17) is shown as \^^Q.
+.I (some characters are not valid in expect.)
+.SH "ENVIRONMENT VARIABLES"
+Environment variables are available within chat scripts, if  the \fI-E\fR
+option was specified in the command line. The metacharacter \fI$\fR is used
+to introduce the name of the environment variable to substitute. If the
+substition fails, because the requested environment variable is not set,
+\fInothing\fR is replaced for the variable.
+.SH "TERMINATION CODES"
+The \fIchat\fR program will terminate with the following completion
+codes.
+.TP
+.B 0
+The normal termination of the program. This indicates that the script
+was executed without error to the normal conclusion.
+.TP
+.B 1
+One or more of the parameters are invalid or an expect string was too
+large for the internal buffers. This indicates that the program as not
+properly executed.
+.TP
+.B 2
+An error occurred during the execution of the program. This may be due
+to a read or write operation failing for some reason or chat receiving
+a signal such as SIGINT.
+.TP
+.B 3
+A timeout event occurred when there was an \fIexpect\fR string without
+having a "-subsend" string. This may mean that you did not program the
+script correctly for the condition or that some unexpected event has
+occurred and the expected string could not be found.
+.TP
+.B 4
+The first string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 5
+The second string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 6
+The third string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 7
+The fourth string marked as an \fIABORT\fR condition occurred.
+.TP
+.B ...
+The other termination codes are also strings marked as an \fIABORT\fR
+condition.
+.LP
+Using the termination code, it is possible to determine which event
+terminated the script. It is possible to decide if the string "BUSY"
+was received from the modem as opposed to "NO DIAL TONE". While the
+first event may be retried, the second will probably have little
+chance of succeeding during a retry.
+.SH "SEE ALSO"
+Additional information about \fIchat\fR scripts may be found with UUCP
+documentation. The \fIchat\fR script was taken from the ideas proposed
+by the scripts used by the \fIuucico\fR program.
+.LP
+uucp(1), uucico(8)
+.SH "COPYRIGHT"
+The \fIchat\fR program is in public domain. This is not the GNU public
+license. If it breaks then you get to keep both pieces.

contrib/maketestcerts

@@ -0,0 +1,55 @@
+#!/bin/sh
+
+#
+# This is a "simple" script that I've used to create test certificates
+# for conserver and it's OpenSSL bits.  It's far from perfect...or useful
+# outside of my own purposes.  If this helps, cool.  In the end I put the
+# rootcert.pem file in my global certs directory (OPENSSL_ROOT/ssl/certs),
+# point the server to server.pem and point the client at client.pem.  I
+# then run the c_rehash command.
+#
+# You can also use the sslcacertificatefile options to point the client/server
+# at rootcert.pem instead of populating the global repository
+#
+
+[ -f rootreq.pem -a -f rootkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -nodes
+US
+California
+Folsom
+conserver.com
+Conserver CA
+conserver.com
+
+
+
+EOD
+[ -f rootcert.pem ] || openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca -signkey rootkey.pem -out rootcert.pem
+[ -f root.pem ] || cat rootcert.pem rootkey.pem > root.pem
+
+[ -f serverreq.pem -a -f serverkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem -nodes
+US
+California
+Folsom
+conserver.com
+conserver
+conserver
+
+
+
+EOD
+[ -f servercert.pem ] || openssl x509 -req -in serverreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out servercert.pem
+[ -f server.pem ] || cat servercert.pem serverkey.pem rootcert.pem > server.pem
+
+[ -f clientreq.pem -a -f clientkey.pem ] || cat <<EOD | openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem -nodes
+US
+California
+Folsom
+conserver.com
+console
+console
+
+
+
+EOD
+[ -f clientcert.pem ] || openssl x509 -req -in clientreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem
+[ -f client.pem ] || cat clientcert.pem clientkey.pem rootcert.pem > client.pem

contrib/redhat-rpm/conserver.defaults

@@ -0,0 +1,5 @@
+# server options
+#OPTIONS="-p 33000 -d"
+# run as different user that root
+#RUNAS=conservr
+

contrib/redhat-rpm/conserver.init

@@ -7,43 +7,66 @@
 # config: /etc/conserver.cf
 #
 
+DAEMON=/usr/sbin/conserver
+
 # Source function library.
 . /etc/rc.d/init.d/functions
 
 # Source networking configuration.
 . /etc/sysconfig/network
 
+# Source defaults
+. /etc/default/conserver
+
 # Check that networking is up.
 [  ${NETWORKING} = "no" ] && exit 0
 
 # make sure conserver is installed and executable
-[ -x /usr/sbin/conserver  ] || exit 1
+[ -x $DAEMON  ] || exit 1
 
 
+start()
+{
+	echo -n "Starting conserver: "
+	daemon --user "${RUNAS-}" $DAEMON ${OPTIONS--d}
+	RETVAL=$?
+	[ "$RETVAL" = 0 ] && touch /var/lock/subsys/conserver
+	echo
+}
+
+stop()
+{
+	echo -n "Shutting down conserver: "
+	killproc conserver
+	RETVAL=$?
+	[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/conserver
+	echo
+}
+  
 # See how we were called.
 case "$1" in
   start)
-    echo -n "Starting conserver: "
-    daemon conserver -d
-    echo
-    touch /var/lock/subsys/conserver
+    start
     ;;
   stop)
-    echo -n "Shutting down conserver: "
-    killproc conserver
-    echo
-    rm -f /var/lock/subsys/conserver
+    stop
     ;;
   status)
     status conserver
     ;;
   restart)
-    $0 stop
-    $0 start
+    stop
+    start
+    ;;
+  reload)
+    echo -n "Reloading conserver: "
+    killproc conserver -HUP
+    RETVAL=$?
+    echo
     ;;
   *)
-    echo "Usage: conserver {start|stop|restart|status}"
-    exit 1
+    echo "Usage: conserver {start|stop|restart|reload|status}"
+    RETVAL=1
 esac
 
-exit 0
+exit $RETVAL

contrib/redhat-rpm/conserver.spec

@@ -3,8 +3,8 @@
 # platform that doesn't have red hat rpm >= 4.0.2 installed.
 #
 
-%define pkg  conserver
-%define ver  7.2.0
+%define pkg conserver
+%define ver 
 
 # define the name of the machine on which the main conserver
 # daemon will be running if you don't want to use the default
@@ -12,26 +12,71 @@
 %define master console
 
 # what red hat (or other distibution) version are you running?
-%define distver 6
+%define distver 1
+
+# compile arguments. defaults to 0
+# example: rpmbuild -bb conserver.spec --with openssl
+%define with_openssl  %{?_with_openssl:  1} %{?!_with_openssl:  0}
+%define with_libwrap  %{?_with_libwrap:  1} %{?!_with_libwrap:  0}
+%define with_pam      %{?_with_pam:      1} %{?!_with_pam:      0}
+%define with_dmalloc  %{?_with_dmalloc:  1} %{?!_with_dmalloc:  0}
+%define with_freeipmi %{?_with_freeipmi: 1} %{?!_with_freeipmi: 0}
+
+# additionally you can use macros logfile pidfile
+# example: rpmbuild -bb conserver.spec --define "pidfile /var/run/conserver/pid"
 
-Summary: Serial console server daemon/client
 Name: %{pkg}
 Version: %{ver}
-Release: 1.%{distver}x
-Copyright: distributable
+Release: %{distver}
+License: BSD
+Summary: Serial console server daemon/client
 Group: System Environment/Daemons
 URL: http://www.conserver.com/
 Source: http://www.conserver.com/%{pkg}-%{ver}.tar.gz
 BuildRoot: %{_tmppath}/%{pkg}-buildroot
+%if %{with_openssl}
+Requires: openssl
+BuildRequires: openssl-devel
+%endif
+%if %{with_pam}
+BuildRequires: pam-devel
+%endif
+%if %{with_libwrap}
+Requires: tcp_wrappers
+%endif
+%if %{with_dmalloc}
+Requires: dmalloc
+BuildRequires: dmalloc
+%endif
+%if %{with_freeipmi}
+Requires: freeipmi
+BuildRequires: freeipmi-devel
+%endif
 Prefix: %{_prefix}
 
+%package server
+Summary: Serial console server daemon
+Group: System Environment/Daemons
+
+%package client
+Summary: Serial console server client
+Group: Applications/Internet
 
 %description
-Conserver is an application that allows multiple users to watch a
+Conserver is a daemon that allows multiple users to watch a
 serial console at the same time.  It can log the data, allows users to
 take write-access of a console (one at a time), and has a variety of
 bells and whistles to accentuate that basic functionality.
 
+%description server
+conserver-server is a daemon that allows multiple users to watch a
+serial console at the same time.  It can log the data, allows users to
+take write-access of a console (one at a time), and has a variety of
+bells and whistles to accentuate that basic functionality.
+
+%description client
+conserver-client to connect to conserver-server using a tcp port.
+Allows multiple users to watch a serial console at the same time.
 
 %prep
 %{__rm} -rf %{buildroot}
@@ -44,7 +89,8 @@ f="conserver/Makefile.in"
 %{__mv} $f $f.orig
 %{__sed} -e 's/^.*conserver\.rc.*$//' < $f.orig > $f
 
-%configure --with-master=%{master}
+%configure %{?_with_openssl} %{?_with_libwrap} %{?_with_dmalloc} %{?_with_freeipmi} %{?_with_pam} %{?logfile: --with-logfile=%{logfile}} %{?pidfile: --with-pidfile=%{pidfile}} %{?master: --with-master=%{master}}
+
 make
 
 
@@ -65,12 +111,15 @@ make
 %{__mkdir_p} %{buildroot}/%{_initrddir}
 %{__cp} contrib/redhat-rpm/conserver.init %{buildroot}/%{_initrddir}/conserver
 
+# install copy of init script defaults
+%{__mkdir_p} %{buildroot}/%{_sysconfdir}/default
+%{__cp} contrib/redhat-rpm/conserver.defaults %{buildroot}/%{_sysconfdir}/default/conserver
 
 %clean
 %{__rm} -rf %{buildroot}
 
 
-%post
+%post server
 if [ -x %{_initrddir}/conserver ]; then
   /sbin/chkconfig --add conserver
 fi
@@ -80,7 +129,7 @@ if ! egrep '\<conserver\>' /etc/services > /dev/null 2>&1 ; then
 fi
 
 
-%preun
+%preun server
 if [ "$1" = 0 ]; then
   if [ -x %{_initrddir}/conserver ]; then
     %{_initrddir}/conserver stop
@@ -88,15 +137,37 @@ if [ "$1" = 0 ]; then
   fi
 fi
 
+# we need this even if empty
+#%files
 
-%files
+%files server
 %defattr(-,root,root)
 %doc CHANGES FAQ INSTALL README conserver.cf
 %config(noreplace) %{_sysconfdir}/conserver.cf
 %config(noreplace) %{_sysconfdir}/conserver.passwd
+%config(noreplace) %{_sysconfdir}/default/conserver
 %attr(555,root,root) %{_initrddir}/conserver
-%{prefix}/bin/console
-%{prefix}/man/man1/console.1.gz
-%{prefix}/man/man8/conserver.8.gz
-%{prefix}/man/man8/conserver.cf.8.gz
-%{prefix}/sbin/conserver
+%{_libdir}/conserver/convert
+%{_mandir}/man8/conserver.8.gz
+%{_mandir}/man5/conserver.cf.5.gz
+%{_mandir}/man5/conserver.passwd.5.gz
+%{_datadir}/examples/conserver/conserver.cf
+%{_datadir}/examples/conserver/conserver.passwd
+%{_sbindir}/conserver
+
+%files client
+%defattr(-,root,root)
+%doc CHANGES FAQ INSTALL README
+%{_bindir}/console
+%{_mandir}/man1/console.1.gz
+
+%changelog
+* Wed Oct 14 2009 Jodok Ole Muellers <muellejo@aschendorff.de>
+  - Changed the conserver.spec file to create separate subpackages
+    for client and server by using the %package directive.
+* Wed Sep 25 2009 Fabien Wernli
+  - added configure prerequisites
+* Thu Sep 24 2009 Fabien Wernli
+  - added prefix to configure
+  - changed some hardcoded values to proper macros:
+    didn't work on x64 lib -> lib64

contrib/solaris-package/Makefile

@@ -39,4 +39,5 @@ fakeinstall:
 	$(FIXMANCMD) man_tbl_header $(BUILDDIR)/conserver/conserver.man > $(MAN1MDIR)/conserver.$(MAN1MEXT)
 	$(FIXMANCMD) man_tbl_header $(BUILDDIR)/console/console.man > $(MAN1MDIR)/console.$(MAN1MEXT)
 	$(FIXMANCMD) $(BUILDDIR)/conserver.cf/conserver.cf.man > $(MAN4DIR)/conserver.cf.$(MAN4EXT)
+	$(FIXMANCMD) $(BUILDDIR)/conserver.cf/conserver.passwd.man > $(MAN4DIR)/conserver.passwd.$(MAN4EXT)
 	$(FIXSCRIPTCMD) $(BUILDDIR)/conserver/conserver.rc > $(LIBDIR)/conserver.rc

contrib/solaris-package/pkginfo

@@ -1,7 +1,7 @@
 PKG="conserver"
 NAME="Console server and client"
 CATEGORY="system"
-VERSION="7.2.0"
+VERSION=
 DESC="Console server and client"
 CLASSES=none
 ARCH=sparc

contrib/solaris-package/prototype

@@ -10,5 +10,6 @@ d none share/man 0755 bin bin
 d none share/man/man1m 0755 bin bin
 f none share/man/man1m/conserver.1m 0644 bin bin
 f none share/man/man1m/console.1m 0644 bin bin
-d none share/man/man4 0755 bin bin
-f none share/man/man4/conserver.cf.4 0644 bin bin
+d none share/man/man5 0755 bin bin
+f none share/man/man5/conserver.cf.5 0644 bin bin
+f none share/man/man5/conserver.passwd.5 0644 bin bin

gen-version

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+# awk gets stdin from /dev/null 'cause when autoconf runs this via m4_esyscmd_s,
+# stdin is closed and awk assumes there will always be an open stdin and you end
+# up with a bogus message:
+#
+#   awk: i/o error occurred while closing /dev/stdin
+#    input record number 20, file conserver/version.h
+#    source line number 1
+#
+#
+case "$1" in
+    number)
+	awk '$2=="VERSION_MAJOR"{maj=$NF} $2=="VERSION_MINOR"{min=$NF} $2=="VERSION_REV"{rev=$NF} END{print maj "." min "." rev}' conserver/version.h < /dev/null
+	;;
+
+    date)
+	awk '$2=="VERSION_DATE"{print $NF}' conserver/version.h < /dev/null | tr -d '"'
+	;;
+esac

package/README.md

@@ -0,0 +1,26 @@
+Testing Locally
+---------------
+
+You can run `./package/make-and-stage-release local` and the current code will be
+packaged into `./build` so anyone can configure and build code in a confined space.
+
+Creating a new release
+----------------------
+
+- Create a new release branch `git checkout -b release-vx.y.z`
+- Edit `conserver/version.h`
+- Update `CHANGES` with output of `./package/create-changes vx.y.z..`
+- Double-check and merge release branch
+- Run `GITHUB_TOKEN=xxxx ./package/make-and-stage-release` to tag release, create distribution, pgp sign, and push to github
+
+Requirements:
+
+- autoconf
+- githubrelease (pypi)
+- gpg
+
+Publishing a release
+--------------------
+
+- Use github to promote from draft or use the command output from `make-and-stage-release`
+- Send announcement on mailing lists

package/create-changes

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+[ -z "$1" ] && echo "Usage: $0 tag" && exit 1
+range="$1"
+date=`./gen-version date`
+changedate=`date -j -f '%Y/%m/%d' "$date" '+%B %-d, %Y'`
+echo "version `./gen-version number` ($changedate):"
+git log --no-merges --pretty=tformat:'        - %s (%an <%ae>)' "$range" | tail -r | awk '{if (! l[$0]) {l[$0]++; print}}' | sed -e 's/ *(Bryan Stansell <bryan@conserver.com>)$//'

package/make-and-stage-release

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+set -e
+
+case $(sed --help 2>&1) in
+  *GNU*) sed_i () { sed -i "$@"; };;
+  *) sed_i () { sed -i '' "$@"; };;
+esac
+
+local=false && [ "$1" = "local" ] && local=true
+
+[ -f conserver/version.h ] || { echo "you are in the wrong place" ; exit 1; }
+
+ver=`./gen-version number`
+
+if ! $local; then
+    echo "Ready to tag release v$ver (y/N)?"
+    read i
+    if [ "$i" = "y" ]; then
+	echo "Adding git tag v$ver"
+	git tag -a -m "Release $ver" v$ver
+    fi
+fi
+
+if [ ! -f ../conserver-$ver.tar.gz ] || $local; then
+    (
+	[ -d build ] && rm -rf build
+        mkdir build
+	archtag=v$ver
+	$local && archtag=HEAD
+	git archive --format=tar.gz --prefix=conserver-$ver/ $archtag | (cd build; tar zxf -)
+	cd build/conserver-$ver
+	../../package/setup-configure
+	rm -rf package
+	sed_i -e "/^%define ver/s| ver.*| ver $ver|" contrib/redhat-rpm/conserver.spec
+	sed_i -e "/^VERSION=/s|.*|VERSION=\"$ver\"|" contrib/solaris-package/pkginfo
+    )
+    $local && exit
+    echo "Creating ../conserver-$ver.tar.gz"
+    tar zcf ../conserver-$ver.tar.gz -C build conserver-$ver
+    rm -rf build
+
+    [ -f ../conserver-$ver.tar.gz.asc ] && rm ../conserver-$ver.tar.gz.asc
+fi
+if [ ! -f ../conserver-$ver.tar.gz.asc ]; then
+    echo "Signing ../conserver-$ver.tar.gz"
+    gpg -ab --local-user bryan@conserver.com ../conserver-$ver.tar.gz
+fi
+body="\`\`\`
+`sed -ne '/^ver/,/^$/p' CHANGES | sed -e '/^$/,$d'`
+\`\`\`"
+
+ls -l ../conserver-$ver.tar.gz*
+echo "Ready to push (y/N)?"
+read i
+if [ "$i" = "y" ]; then
+    git push --tags
+    githubrelease release bstansell/conserver create --name conserver-$ver --body "$body" v$ver ../conserver-$ver.tar.gz* 
+    echo You can publish this release on the website or with:
+    echo "    "githubrelease release bstansell/conserver publish v$ver
+else
+    echo Ok, here is the command I would have used:
+    echo "    "git push --tags
+    echo "    "githubrelease release bstansell/conserver create --name conserver-$ver --body \""$body"\" v$ver ../conserver-$ver.tar.gz* 
+fi