path: root/networking/telnetd.c (plain)
blob: f06e9583e4f8900ece4f388d11f51f3316b98607

1	/* vi: set sw=4 ts=4: */
2	/*
3	* Simple telnet server
4	* Bjorn Wesen, Axis Communications AB (bjornw@axis.com)
5	*
6	* Licensed under GPLv2 or later, see file LICENSE in this source tree.
7	*
8	* ---------------------------------------------------------------------------
9	* (C) Copyright 2000, Axis Communications AB, LUND, SWEDEN
10	****************************************************************************
11	*
12	* The telnetd manpage says it all:
13	*
14	* Telnetd operates by allocating a pseudo-terminal device (see pty(4)) for
15	* a client, then creating a login process which has the slave side of the
16	* pseudo-terminal as stdin, stdout, and stderr. Telnetd manipulates the
17	* master side of the pseudo-terminal, implementing the telnet protocol and
18	* passing characters between the remote client and the login process.
19	*
20	* Vladimir Oleynik <dzo@simtreas.ru> 2001
21	* Set process group corrections, initial busybox port
22	*/
23	//config:config TELNETD
24	//config: bool "telnetd"
25	//config: default y
26	//config: select FEATURE_SYSLOG
27	//config: help
28	//config: A daemon for the TELNET protocol, allowing you to log onto the host
29	//config: running the daemon. Please keep in mind that the TELNET protocol
30	//config: sends passwords in plain text. If you can't afford the space for an
31	//config: SSH daemon and you trust your network, you may say 'y' here. As a
32	//config: more secure alternative, you should seriously consider installing the
33	//config: very small Dropbear SSH daemon instead:
34	//config: http://matt.ucc.asn.au/dropbear/dropbear.html
35	//config:
36	//config: Note that for busybox telnetd to work you need several things:
37	//config: First of all, your kernel needs:
38	//config: CONFIG_UNIX98_PTYS=y
39	//config:
40	//config: Next, you need a /dev/pts directory on your root filesystem:
41	//config:
42	//config: $ ls -ld /dev/pts
43	//config: drwxr-xr-x 2 root root 0 Sep 23 13:21 /dev/pts/
44	//config:
45	//config: Next you need the pseudo terminal master multiplexer /dev/ptmx:
46	//config:
47	//config: $ ls -la /dev/ptmx
48	//config: crw-rw-rw- 1 root tty 5, 2 Sep 23 13:55 /dev/ptmx
49	//config:
50	//config: Any /dev/ttyp[0-9]* files you may have can be removed.
51	//config: Next, you need to mount the devpts filesystem on /dev/pts using:
52	//config:
53	//config: mount -t devpts devpts /dev/pts
54	//config:
55	//config: You need to be sure that busybox has LOGIN and
56	//config: FEATURE_SUID enabled. And finally, you should make
57	//config: certain that Busybox has been installed setuid root:
58	//config:
59	//config: chown root.root /bin/busybox
60	//config: chmod 4755 /bin/busybox
61	//config:
62	//config: with all that done, telnetd _should_ work....
63	//config:
64	//config:config FEATURE_TELNETD_STANDALONE
65	//config: bool "Support standalone telnetd (not inetd only)"
66	//config: default y
67	//config: depends on TELNETD
68	//config: help
69	//config: Selecting this will make telnetd able to run standalone.
70	//config:
71	//config:config FEATURE_TELNETD_INETD_WAIT
72	//config: bool "Support -w SEC option (inetd wait mode)"
73	//config: default y
74	//config: depends on FEATURE_TELNETD_STANDALONE
75	//config: help
76	//config: This option allows you to run telnetd in "inet wait" mode.
77	//config: Example inetd.conf line (note "wait", not usual "nowait"):
78	//config:
79	//config: telnet stream tcp wait root /bin/telnetd telnetd -w10
80	//config:
81	//config: In this example, inetd passes _listening_ socket_ as fd 0
82	//config: to telnetd when connection appears.
83	//config: telnetd will wait for connections until all existing
84	//config: connections are closed, and no new connections
85	//config: appear during 10 seconds. Then it exits, and inetd continues
86	//config: to listen for new connections.
87	//config:
88	//config: This option is rarely used. "tcp nowait" is much more usual
89	//config: way of running tcp services, including telnetd.
90	//config: You most probably want to say N here.
91
92	//applet:IF_TELNETD(APPLET(telnetd, BB_DIR_USR_SBIN, BB_SUID_DROP))
93
94	//kbuild:lib-$(CONFIG_TELNETD) += telnetd.o
95
96	//usage:#define telnetd_trivial_usage
97	//usage: "[OPTIONS]"
98	//usage:#define telnetd_full_usage "\n\n"
99	//usage: "Handle incoming telnet connections"
100	//usage: IF_NOT_FEATURE_TELNETD_STANDALONE(" via inetd") "\n"
101	//usage: "\n -l LOGIN Exec LOGIN on connect"
102	//usage: "\n -f ISSUE_FILE Display ISSUE_FILE instead of /etc/issue"
103	//usage: "\n -K Close connection as soon as login exits"
104	//usage: "\n (normally wait until all programs close slave pty)"
105	//usage: IF_FEATURE_TELNETD_STANDALONE(
106	//usage: "\n -p PORT Port to listen on"
107	//usage: "\n -b ADDR[:PORT] Address to bind to"
108	//usage: "\n -F Run in foreground"
109	//usage: "\n -i Inetd mode"
110	//usage: IF_FEATURE_TELNETD_INETD_WAIT(
111	//usage: "\n -w SEC Inetd 'wait' mode, linger time SEC"
112	//usage: "\n -S Log to syslog (implied by -i or without -F and -w)"
113	//usage: )
114	//usage: )
115
116	#define DEBUG 0
117
118	#include "libbb.h"
119	#include "common_bufsiz.h"
120	#include <syslog.h>
121
122	#if DEBUG
123	# define TELCMDS
124	# define TELOPTS
125	#endif
126	#include <arpa/telnet.h>
127
128
129	struct tsession {
130	struct tsession *next;
131	pid_t shell_pid;
132	int sockfd_read;
133	int sockfd_write;
134	int ptyfd;
135	smallint buffered_IAC_for_pty;
136
137	/* two circular buffers */
138	/*char *buf1, *buf2;*/
139	/*#define TS_BUF1(ts) ts->buf1*/
140	/*#define TS_BUF2(ts) TS_BUF2(ts)*/
141	#define TS_BUF1(ts) ((unsigned char*)(ts + 1))
142	#define TS_BUF2(ts) (((unsigned char*)(ts + 1)) + BUFSIZE)
143	int rdidx1, wridx1, size1;
144	int rdidx2, wridx2, size2;
145	};
146
147	/* Two buffers are directly after tsession in malloced memory.
148	* Make whole thing fit in 4k */
149	enum { BUFSIZE = (4 * 1024 - sizeof(struct tsession)) / 2 };
150
151
152	/* Globals */
153	struct globals {
154	struct tsession *sessions;
155	const char *loginpath;
156	const char *issuefile;
157	int maxfd;
158	} FIX_ALIASING;
159	#define G (*(struct globals*)bb_common_bufsiz1)
160	#define INIT_G() do { \
161	setup_common_bufsiz(); \
162	G.loginpath = "/bin/login"; \
163	G.issuefile = "/etc/issue.net"; \
164	} while (0)
165
166
167	/* Write some buf1 data to pty, processing IACs.
168	* Update wridx1 and size1. Return < 0 on error.
169	* Buggy if IAC is present but incomplete: skips them.
170	*/
171	static ssize_t
172	safe_write_to_pty_decode_iac(struct tsession *ts)
173	{
174	unsigned wr;
175	ssize_t rc;
176	unsigned char *buf;
177	unsigned char *found;
178
179	buf = TS_BUF1(ts) + ts->wridx1;
180	wr = MIN(BUFSIZE - ts->wridx1, ts->size1);
181	/* wr is at least 1 here */
182
183	if (ts->buffered_IAC_for_pty) {
184	/* Last time we stopped on a "dangling" IAC byte.
185	* We removed it from the buffer back then.
186	* Now pretend it's still there, and jump to IAC processing.
187	*/
188	ts->buffered_IAC_for_pty = 0;
189	wr++;
190	ts->size1++;
191	buf--; /* Yes, this can point before the buffer. It's ok */
192	ts->wridx1--;
193	goto handle_iac;
194	}
195
196	found = memchr(buf, IAC, wr);
197	if (found != buf) {
198	/* There is a "prefix" of non-IAC chars.
199	* Write only them, and return.
200	*/
201	if (found)
202	wr = found - buf;
203
204	/* We map \r\n ==> \r for pragmatic reasons:
205	* many client implementations send \r\n when
206	* the user hits the CarriageReturn key.
207	* See RFC 1123 3.3.1 Telnet End-of-Line Convention.
208	*/
209	rc = wr;
210	found = memchr(buf, '\r', wr);
211	if (found)
212	rc = found - buf + 1;
213	rc = safe_write(ts->ptyfd, buf, rc);
214	if (rc <= 0)
215	return rc;
216	if (rc < wr /* don't look past available data */
217	&& buf[rc-1] == '\r' /* need this: imagine that write was _short_ */
218	&& (buf[rc] == '\n' || buf[rc] == '\0')
219	) {
220	rc++;
221	}
222	goto update_and_return;
223	}
224
225	/* buf starts with IAC char. Process that sequence.
226	* Example: we get this from our own (bbox) telnet client:
227	* read(5, "\377\374\1""\377\373\37""\377\372\37\0\262\0@\377\360""\377\375\1""\377\375\3"):
228	* IAC WONT ECHO, IAC WILL NAWS, IAC SB NAWS <cols> <rows> IAC SE, IAC DO SGA
229	* Another example (telnet-0.17 from old-netkit):
230	* read(4, "\377\375\3""\377\373\30""\377\373\37""\377\373 ""\377\373!""\377\373\"""\377\373'"
231	* "\377\375\5""\377\373#""\377\374\1""\377\372\37\0\257\0I\377\360""\377\375\1"):
232	* IAC DO SGA, IAC WILL TTYPE, IAC WILL NAWS, IAC WILL TSPEED, IAC WILL LFLOW, IAC WILL LINEMODE, IAC WILL NEW_ENVIRON,
233	* IAC DO STATUS, IAC WILL XDISPLOC, IAC WONT ECHO, IAC SB NAWS <cols> <rows> IAC SE, IAC DO ECHO
234	*/
235	if (wr <= 1) {
236	/* Only the single IAC byte is in the buffer, eat it
237	* and set a flag "process the rest of the sequence
238	* next time we are here".
239	*/
240	//bb_error_msg("dangling IAC!");
241	ts->buffered_IAC_for_pty = 1;
242	rc = 1;
243	goto update_and_return;
244	}
245
246	handle_iac:
247	/* 2-byte commands (240..250 and 255):
248	* IAC IAC (255) Literal 255. Supported.
249	* IAC SE (240) End of subnegotiation. Treated as NOP.
250	* IAC NOP (241) NOP. Supported.
251	* IAC BRK (243) Break. Like serial line break. TODO via tcsendbreak()?
252	* IAC AYT (246) Are you there. Send back evidence that AYT was seen. TODO (send NOP back)?
253	* These don't look useful:
254	* IAC DM (242) Data mark. What is this?
255	* IAC IP (244) Suspend, interrupt or abort the process. (Ancient cousin of ^C).
256	* IAC AO (245) Abort output. "You can continue running, but do not send me the output".
257	* IAC EC (247) Erase character. The receiver should delete the last received char.
258	* IAC EL (248) Erase line. The receiver should delete everything up tp last newline.
259	* IAC GA (249) Go ahead. For half-duplex lines: "now you talk".
260	* Implemented only as part of NAWS:
261	* IAC SB (250) Subnegotiation of an option follows.
262	*/
263	if (buf[1] == IAC) {
264	/* Literal 255 (emacs M-DEL) */
265	//bb_error_msg("255!");
266	rc = safe_write(ts->ptyfd, &buf[1], 1);
267	/*
268	* If we went through buffered_IAC_for_pty==1 path,
269	* bailing out on error like below messes up the buffer.
270	* EAGAIN is highly unlikely here, other errors will be
271	* repeated on next write, let's just skip error check.
272	*/
273	#if 0
274	if (rc <= 0)
275	return rc;
276	#endif
277	rc = 2;
278	goto update_and_return;
279	}
280	if (buf[1] >= 240 && buf[1] <= 249) {
281	/* NOP (241). Ignore (putty keepalive, etc) */
282	/* All other 2-byte commands also treated as NOPs here */
283	rc = 2;
284	goto update_and_return;
285	}
286
287	if (wr <= 2) {
288	/* BUG: only 2 bytes of the IAC is in the buffer, we just eat them.
289	* This is not a practical problem since >2 byte IACs are seen only
290	* in initial negotiation, when buffer is empty
291	*/
292	rc = 2;
293	goto update_and_return;
294	}
295
296	if (buf[1] == SB) {
297	if (buf[2] == TELOPT_NAWS) {
298	/* IAC SB, TELOPT_NAWS, 4-byte, IAC SE */
299	struct winsize ws;
300	if (wr <= 6) {
301	/* BUG: incomplete, can't process */
302	rc = wr;
303	goto update_and_return;
304	}
305	memset(&ws, 0, sizeof(ws)); /* pixel sizes are set to 0 */
306	ws.ws_col = (buf[3] << 8) | buf[4];
307	ws.ws_row = (buf[5] << 8) | buf[6];
308	ioctl(ts->ptyfd, TIOCSWINSZ, (char *)&ws);
309	rc = 7;
310	/* trailing IAC SE will be eaten separately, as 2-byte NOP */
311	goto update_and_return;
312	}
313	/* else: other subnegs not supported yet */
314	}
315
316	/* Assume it is a 3-byte WILL/WONT/DO/DONT 251..254 command and skip it */
317	#if DEBUG
318	fprintf(stderr, "Ignoring IAC %s,%s\n",
319	TELCMD(buf[1]), TELOPT(buf[2]));
320	#endif
321	rc = 3;
322
323	update_and_return:
324	ts->wridx1 += rc;
325	if (ts->wridx1 >= BUFSIZE) /* actually == BUFSIZE */
326	ts->wridx1 = 0;
327	ts->size1 -= rc;
328	/*
329	* Hack. We cannot process IACs which wrap around buffer's end.
330	* Since properly fixing it requires writing bigger code,
331	* we rely instead on this code making it virtually impossible
332	* to have wrapped IAC (people don't type at 2k/second).
333	* It also allows for bigger reads in common case.
334	*/
335	if (ts->size1 == 0) { /* very typical */
336	//bb_error_msg("zero size1");
337	ts->rdidx1 = 0;
338	ts->wridx1 = 0;
339	return rc;
340	}
341	wr = ts->wridx1;
342	if (wr != 0 && wr < ts->rdidx1) {
343	/* Buffer is not wrapped yet.
344	* We can easily move it to the beginning.
345	*/
346	//bb_error_msg("moved %d", wr);
347	memmove(TS_BUF1(ts), TS_BUF1(ts) + wr, ts->size1);
348	ts->rdidx1 -= wr;
349	ts->wridx1 = 0;
350	}
351	return rc;
352	}
353
354	/*
355	* Converting single IAC into double on output
356	*/
357	static size_t safe_write_double_iac(int fd, const char *buf, size_t count)
358	{
359	const char *IACptr;
360	size_t wr, rc, total;
361
362	total = 0;
363	while (1) {
364	if (count == 0)
365	return total;
366	if (*buf == (char)IAC) {
367	static const char IACIAC[] ALIGN1 = { IAC, IAC };
368	rc = safe_write(fd, IACIAC, 2);
369	/* BUG: if partial write was only 1 byte long, we end up emitting just one IAC */
370	if (rc != 2)
371	break;
372	buf++;
373	total++;
374	count--;
375	continue;
376	}
377	/* count != 0, *buf != IAC */
378	IACptr = memchr(buf, IAC, count);
379	wr = count;
380	if (IACptr)
381	wr = IACptr - buf;
382	rc = safe_write(fd, buf, wr);
383	if (rc != wr)
384	break;
385	buf += rc;
386	total += rc;
387	count -= rc;
388	}
389	/* here: rc - result of last short write */
390	if ((ssize_t)rc < 0) { /* error? */
391	if (total == 0)
392	return rc;
393	rc = 0;
394	}
395	return total + rc;
396	}
397
398	/* Must match getopt32 string */
399	enum {
400	OPT_WATCHCHILD = (1 << 2), /* -K */
401	OPT_INETD = (1 << 3) * ENABLE_FEATURE_TELNETD_STANDALONE, /* -i */
402	OPT_PORT = (1 << 4) * ENABLE_FEATURE_TELNETD_STANDALONE, /* -p PORT */
403	OPT_FOREGROUND = (1 << 6) * ENABLE_FEATURE_TELNETD_STANDALONE, /* -F */
404	OPT_SYSLOG = (1 << 7) * ENABLE_FEATURE_TELNETD_INETD_WAIT, /* -S */
405	OPT_WAIT = (1 << 8) * ENABLE_FEATURE_TELNETD_INETD_WAIT, /* -w SEC */
406	};
407
408	static struct tsession *
409	make_new_session(
410	IF_FEATURE_TELNETD_STANDALONE(int sock)
411	IF_NOT_FEATURE_TELNETD_STANDALONE(void)
412	) {
413	#if !ENABLE_FEATURE_TELNETD_STANDALONE
414	enum { sock = 0 };
415	#endif
416	const char *login_argv[2];
417	struct termios termbuf;
418	int fd, pid;
419	char tty_name[GETPTY_BUFSIZE];
420	struct tsession *ts = xzalloc(sizeof(struct tsession) + BUFSIZE * 2);
421
422	/*ts->buf1 = (char *)(ts + 1);*/
423	/*ts->buf2 = ts->buf1 + BUFSIZE;*/
424
425	/* Got a new connection, set up a tty */
426	fd = xgetpty(tty_name);
427	if (fd > G.maxfd)
428	G.maxfd = fd;
429	ts->ptyfd = fd;
430	ndelay_on(fd);
431	close_on_exec_on(fd);
432
433	/* SO_KEEPALIVE by popular demand */
434	setsockopt_keepalive(sock);
435	#if ENABLE_FEATURE_TELNETD_STANDALONE
436	ts->sockfd_read = sock;
437	ndelay_on(sock);
438	if (sock == 0) { /* We are called with fd 0 - we are in inetd mode */
439	sock++; /* so use fd 1 for output */
440	ndelay_on(sock);
441	}
442	ts->sockfd_write = sock;
443	if (sock > G.maxfd)
444	G.maxfd = sock;
445	#else
446	/* ts->sockfd_read = 0; - done by xzalloc */
447	ts->sockfd_write = 1;
448	ndelay_on(0);
449	ndelay_on(1);
450	#endif
451
452	/* Make the telnet client understand we will echo characters so it
453	* should not do it locally. We don't tell the client to run linemode,
454	* because we want to handle line editing and tab completion and other
455	* stuff that requires char-by-char support. */
456	{
457	static const char iacs_to_send[] ALIGN1 = {
458	IAC, DO, TELOPT_ECHO,
459	IAC, DO, TELOPT_NAWS,
460	/* This requires telnetd.ctrlSQ.patch (incomplete) */
461	/*IAC, DO, TELOPT_LFLOW,*/
462	IAC, WILL, TELOPT_ECHO,
463	IAC, WILL, TELOPT_SGA
464	};
465	/* This confuses safe_write_double_iac(), it will try to duplicate
466	* each IAC... */
467	//memcpy(TS_BUF2(ts), iacs_to_send, sizeof(iacs_to_send));
468	//ts->rdidx2 = sizeof(iacs_to_send);
469	//ts->size2 = sizeof(iacs_to_send);
470	/* So just stuff it into TCP stream! (no error check...) */
471	#if ENABLE_FEATURE_TELNETD_STANDALONE
472	safe_write(sock, iacs_to_send, sizeof(iacs_to_send));
473	#else
474	safe_write(1, iacs_to_send, sizeof(iacs_to_send));
475	#endif
476	/*ts->rdidx2 = 0; - xzalloc did it */
477	/*ts->size2 = 0;*/
478	}
479
480	fflush_all();
481	pid = vfork(); /* NOMMU-friendly */
482	if (pid < 0) {
483	free(ts);
484	close(fd);
485	/* sock will be closed by caller */
486	bb_perror_msg("vfork");
487	return NULL;
488	}
489	if (pid > 0) {
490	/* Parent */
491	ts->shell_pid = pid;
492	return ts;
493	}
494
495	/* Child */
496	/* Careful - we are after vfork! */
497
498	/* Restore default signal handling ASAP */
499	bb_signals((1 << SIGCHLD) + (1 << SIGPIPE), SIG_DFL);
500
501	pid = getpid();
502
503	if (ENABLE_FEATURE_UTMP) {
504	len_and_sockaddr *lsa = get_peer_lsa(sock);
505	char *hostname = NULL;
506	if (lsa) {
507	hostname = xmalloc_sockaddr2dotted(&lsa->u.sa);
508	free(lsa);
509	}
510	write_new_utmp(pid, LOGIN_PROCESS, tty_name, /*username:*/ "LOGIN", hostname);
511	free(hostname);
512	}
513
514	/* Make new session and process group */
515	setsid();
516
517	/* Open the child's side of the tty */
518	/* NB: setsid() disconnects from any previous ctty's. Therefore
519	* we must open child's side of the tty AFTER setsid! */
520	close(0);
521	xopen(tty_name, O_RDWR); /* becomes our ctty */
522	xdup2(0, 1);
523	xdup2(0, 2);
524	tcsetpgrp(0, pid); /* switch this tty's process group to us */
525
526	/* The pseudo-terminal allocated to the client is configured to operate
527	* in cooked mode, and with XTABS CRMOD enabled (see tty(4)) */
528	tcgetattr(0, &termbuf);
529	termbuf.c_lflag |= ECHO; /* if we use readline we dont want this */
530	termbuf.c_oflag |= ONLCR | XTABS;
531	termbuf.c_iflag |= ICRNL;
532	termbuf.c_iflag &= ~IXOFF;
533	/*termbuf.c_lflag &= ~ICANON;*/
534	tcsetattr_stdin_TCSANOW(&termbuf);
535
536	/* Uses FILE-based I/O to stdout, but does fflush_all(),
537	* so should be safe with vfork.
538	* I fear, though, that some users will have ridiculously big
539	* issue files, and they may block writing to fd 1,
540	* (parent is supposed to read it, but parent waits
541	* for vforked child to exec!) */
542	print_login_issue(G.issuefile, tty_name);
543
544	/* Exec shell / login / whatever */
545	login_argv[0] = G.loginpath;
546	login_argv[1] = NULL;
547	/* exec busybox applet (if PREFER_APPLETS=y), if that fails,
548	* exec external program.
549	* NB: sock is either 0 or has CLOEXEC set on it.
550	* fd has CLOEXEC set on it too. These two fds will be closed here.
551	*/
552	BB_EXECVP(G.loginpath, (char **)login_argv);
553	/* _exit is safer with vfork, and we shouldn't send message
554	* to remote clients anyway */
555	_exit(EXIT_FAILURE); /*bb_perror_msg_and_die("execv %s", G.loginpath);*/
556	}
557
558	#if ENABLE_FEATURE_TELNETD_STANDALONE
559
560	static void
561	free_session(struct tsession *ts)
562	{
563	struct tsession *t;
564
565	if (option_mask32 & OPT_INETD)
566	exit(EXIT_SUCCESS);
567
568	/* Unlink this telnet session from the session list */
569	t = G.sessions;
570	if (t == ts)
571	G.sessions = ts->next;
572	else {
573	while (t->next != ts)
574	t = t->next;
575	t->next = ts->next;
576	}
577
578	#if 0
579	/* It was said that "normal" telnetd just closes ptyfd,
580	* doesn't send SIGKILL. When we close ptyfd,
581	* kernel sends SIGHUP to processes having slave side opened. */
582	kill(ts->shell_pid, SIGKILL);
583	waitpid(ts->shell_pid, NULL, 0);
584	#endif
585	close(ts->ptyfd);
586	close(ts->sockfd_read);
587	/* We do not need to close(ts->sockfd_write), it's the same
588	* as sockfd_read unless we are in inetd mode. But in inetd mode
589	* we do not reach this */
590	free(ts);
591
592	/* Scan all sessions and find new maxfd */
593	G.maxfd = 0;
594	ts = G.sessions;
595	while (ts) {
596	if (G.maxfd < ts->ptyfd)
597	G.maxfd = ts->ptyfd;
598	if (G.maxfd < ts->sockfd_read)
599	G.maxfd = ts->sockfd_read;
600	#if 0
601	/* Again, sockfd_write == sockfd_read here */
602	if (G.maxfd < ts->sockfd_write)
603	G.maxfd = ts->sockfd_write;
604	#endif
605	ts = ts->next;
606	}
607	}
608
609	#else /* !FEATURE_TELNETD_STANDALONE */
610
611	/* Used in main() only, thus "return 0" actually is exit(EXIT_SUCCESS). */
612	#define free_session(ts) return 0
613
614	#endif
615
616	static void handle_sigchld(int sig UNUSED_PARAM)
617	{
618	pid_t pid;
619	struct tsession *ts;
620	int save_errno = errno;
621
622	/* Looping: more than one child may have exited */
623	while (1) {
624	pid = wait_any_nohang(NULL);
625	if (pid <= 0)
626	break;
627	ts = G.sessions;
628	while (ts) {
629	if (ts->shell_pid == pid) {
630	ts->shell_pid = -1;
631	update_utmp_DEAD_PROCESS(pid);
632	break;
633	}
634	ts = ts->next;
635	}
636	}
637
638	errno = save_errno;
639	}
640
641	int telnetd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
642	int telnetd_main(int argc UNUSED_PARAM, char **argv)
643	{
644	fd_set rdfdset, wrfdset;
645	unsigned opt;
646	int count;
647	struct tsession *ts;
648	#if ENABLE_FEATURE_TELNETD_STANDALONE
649	#define IS_INETD (opt & OPT_INETD)
650	int master_fd = master_fd; /* for compiler */
651	int sec_linger = sec_linger;
652	char *opt_bindaddr = NULL;
653	char *opt_portnbr;
654	#else
655	enum {
656	IS_INETD = 1,
657	master_fd = -1,
658	};
659	#endif
660	INIT_G();
661
662	/* -w NUM, and implies -F. -w and -i don't mix */
663	IF_FEATURE_TELNETD_INETD_WAIT(opt_complementary = "wF:i--w:w--i";)
664	/* Even if !STANDALONE, we accept (and ignore) -i, thus people
665	* don't need to guess whether it's ok to pass -i to us */
666	opt = getopt32(argv, "f:l:Ki"
667	IF_FEATURE_TELNETD_STANDALONE("p:b:F")
668	IF_FEATURE_TELNETD_INETD_WAIT("Sw:+"),
669	&G.issuefile, &G.loginpath
670	IF_FEATURE_TELNETD_STANDALONE(, &opt_portnbr, &opt_bindaddr)
671	IF_FEATURE_TELNETD_INETD_WAIT(, &sec_linger)
672	);
673	if (!IS_INETD /*&& !re_execed*/) {
674	/* inform that we start in standalone mode?
675	* May be useful when people forget to give -i */
676	/*bb_error_msg("listening for connections");*/
677	if (!(opt & OPT_FOREGROUND)) {
678	/* DAEMON_CHDIR_ROOT was giving inconsistent
679	* behavior with/without -F, -i */
680	bb_daemonize_or_rexec(0 /*was DAEMON_CHDIR_ROOT*/, argv);
681	}
682	}
683	/* Redirect log to syslog early, if needed */
684	if (IS_INETD || (opt & OPT_SYSLOG) || !(opt & OPT_FOREGROUND)) {
685	openlog(applet_name, LOG_PID, LOG_DAEMON);
686	logmode = LOGMODE_SYSLOG;
687	}
688	#if ENABLE_FEATURE_TELNETD_STANDALONE
689	if (IS_INETD) {
690	G.sessions = make_new_session(0);
691	if (!G.sessions) /* pty opening or vfork problem, exit */
692	return 1; /* make_new_session printed error message */
693	} else {
694	master_fd = 0;
695	if (!(opt & OPT_WAIT)) {
696	unsigned portnbr = 23;
697	if (opt & OPT_PORT)
698	portnbr = xatou16(opt_portnbr);
699	master_fd = create_and_bind_stream_or_die(opt_bindaddr, portnbr);
700	xlisten(master_fd, 1);
701	}
702	close_on_exec_on(master_fd);
703	}
704	#else
705	G.sessions = make_new_session();
706	if (!G.sessions) /* pty opening or vfork problem, exit */
707	return 1; /* make_new_session printed error message */
708	#endif
709
710	/* We don't want to die if just one session is broken */
711	signal(SIGPIPE, SIG_IGN);
712
713	if (opt & OPT_WATCHCHILD)
714	signal(SIGCHLD, handle_sigchld);
715	else /* prevent dead children from becoming zombies */
716	signal(SIGCHLD, SIG_IGN);
717
718	/*
719	This is how the buffers are used. The arrows indicate data flow.
720
721	+-------+ wridx1++ +------+ rdidx1++ +----------+
722	| | <-------------- | buf1 | <-------------- | |
723	| | size1-- +------+ size1++ | |
724	| pty | | socket |
725	| | rdidx2++ +------+ wridx2++ | |
726	| | --------------> | buf2 | --------------> | |
727	+-------+ size2++ +------+ size2-- +----------+
728
729	size1: "how many bytes are buffered for pty between rdidx1 and wridx1?"
730	size2: "how many bytes are buffered for socket between rdidx2 and wridx2?"
731
732	Each session has got two buffers. Buffers are circular. If sizeN == 0,
733	buffer is empty. If sizeN == BUFSIZE, buffer is full. In both these cases
734	rdidxN == wridxN.
735	*/
736	again:
737	FD_ZERO(&rdfdset);
738	FD_ZERO(&wrfdset);
739
740	/* Select on the master socket, all telnet sockets and their
741	* ptys if there is room in their session buffers.
742	* NB: scalability problem: we recalculate entire bitmap
743	* before each select. Can be a problem with 500+ connections. */
744	ts = G.sessions;
745	while (ts) {
746	struct tsession *next = ts->next; /* in case we free ts */
747	if (ts->shell_pid == -1) {
748	/* Child died and we detected that */
749	free_session(ts);
750	} else {
751	if (ts->size1 > 0) /* can write to pty */
752	FD_SET(ts->ptyfd, &wrfdset);
753	if (ts->size1 < BUFSIZE) /* can read from socket */
754	FD_SET(ts->sockfd_read, &rdfdset);
755	if (ts->size2 > 0) /* can write to socket */
756	FD_SET(ts->sockfd_write, &wrfdset);
757	if (ts->size2 < BUFSIZE) /* can read from pty */
758	FD_SET(ts->ptyfd, &rdfdset);
759	}
760	ts = next;
761	}
762	if (!IS_INETD) {
763	FD_SET(master_fd, &rdfdset);
764	/* This is needed because free_session() does not
765	* take master_fd into account when it finds new
766	* maxfd among remaining fd's */
767	if (master_fd > G.maxfd)
768	G.maxfd = master_fd;
769	}
770
771	{
772	struct timeval *tv_ptr = NULL;
773	#if ENABLE_FEATURE_TELNETD_INETD_WAIT
774	struct timeval tv;
775	if ((opt & OPT_WAIT) && !G.sessions) {
776	tv.tv_sec = sec_linger;
777	tv.tv_usec = 0;
778	tv_ptr = &tv;
779	}
780	#endif
781	count = select(G.maxfd + 1, &rdfdset, &wrfdset, NULL, tv_ptr);
782	}
783	if (count == 0) /* "telnetd -w SEC" timed out */
784	return 0;
785	if (count < 0)
786	goto again; /* EINTR or ENOMEM */
787
788	#if ENABLE_FEATURE_TELNETD_STANDALONE
789	/* Check for and accept new sessions */
790	if (!IS_INETD && FD_ISSET(master_fd, &rdfdset)) {
791	int fd;
792	struct tsession *new_ts;
793
794	fd = accept(master_fd, NULL, NULL);
795	if (fd < 0)
796	goto again;
797	close_on_exec_on(fd);
798
799	/* Create a new session and link it into active list */
800	new_ts = make_new_session(fd);
801	if (new_ts) {
802	new_ts->next = G.sessions;
803	G.sessions = new_ts;
804	} else {
805	close(fd);
806	}
807	}
808	#endif
809
810	/* Then check for data tunneling */
811	ts = G.sessions;
812	while (ts) { /* For all sessions... */
813	struct tsession *next = ts->next; /* in case we free ts */
814
815	if (/*ts->size1 &&*/ FD_ISSET(ts->ptyfd, &wrfdset)) {
816	/* Write to pty from buffer 1 */
817	count = safe_write_to_pty_decode_iac(ts);
818	if (count < 0) {
819	if (errno == EAGAIN)
820	goto skip1;
821	goto kill_session;
822	}
823	}
824	skip1:
825	if (/*ts->size2 &&*/ FD_ISSET(ts->sockfd_write, &wrfdset)) {
826	/* Write to socket from buffer 2 */
827	count = MIN(BUFSIZE - ts->wridx2, ts->size2);
828	count = safe_write_double_iac(ts->sockfd_write, (void*)(TS_BUF2(ts) + ts->wridx2), count);
829	if (count < 0) {
830	if (errno == EAGAIN)
831	goto skip2;
832	goto kill_session;
833	}
834	ts->wridx2 += count;
835	if (ts->wridx2 >= BUFSIZE) /* actually == BUFSIZE */
836	ts->wridx2 = 0;
837	ts->size2 -= count;
838	if (ts->size2 == 0) {
839	ts->rdidx2 = 0;
840	ts->wridx2 = 0;
841	}
842	}
843	skip2:
844
845	if (/*ts->size1 < BUFSIZE &&*/ FD_ISSET(ts->sockfd_read, &rdfdset)) {
846	/* Read from socket to buffer 1 */
847	count = MIN(BUFSIZE - ts->rdidx1, BUFSIZE - ts->size1);
848	count = safe_read(ts->sockfd_read, TS_BUF1(ts) + ts->rdidx1, count);
849	if (count <= 0) {
850	if (count < 0 && errno == EAGAIN)
851	goto skip3;
852	goto kill_session;
853	}
854	/* Ignore trailing NUL if it is there */
855	if (!TS_BUF1(ts)[ts->rdidx1 + count - 1]) {
856	--count;
857	}
858	ts->size1 += count;
859	ts->rdidx1 += count;
860	if (ts->rdidx1 >= BUFSIZE) /* actually == BUFSIZE */
861	ts->rdidx1 = 0;
862	}
863	skip3:
864	if (/*ts->size2 < BUFSIZE &&*/ FD_ISSET(ts->ptyfd, &rdfdset)) {
865	/* Read from pty to buffer 2 */
866	count = MIN(BUFSIZE - ts->rdidx2, BUFSIZE - ts->size2);
867	count = safe_read(ts->ptyfd, TS_BUF2(ts) + ts->rdidx2, count);
868	if (count <= 0) {
869	if (count < 0 && errno == EAGAIN)
870	goto skip4;
871	goto kill_session;
872	}
873	ts->size2 += count;
874	ts->rdidx2 += count;
875	if (ts->rdidx2 >= BUFSIZE) /* actually == BUFSIZE */
876	ts->rdidx2 = 0;
877	}
878	skip4:
879	ts = next;
880	continue;
881	kill_session:
882	if (ts->shell_pid > 0)
883	update_utmp_DEAD_PROCESS(ts->shell_pid);
884	free_session(ts);
885	ts = next;
886	}
887
888	goto again;
889	}
890