Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
314 lines (273 sloc) 6.31 KB
/* Telnet Acees, Roligin, etc HTAccess.c
** ==========================
**
** Authors
** TBL Tim Berners-Lee timbl@info.cern.ch
** JFG Jean-Francois Groff jgh@next.com
** DD Denis DeLaRoca (310) 825-4580 <CSP1DWD@mvs.oac.ucla.edu>
** History
** 8 Jun 92 Telnet hopping prohibited as telnet is not secure (TBL)
** 26 Jun 92 When over DECnet, suppressed FTP, Gopher and News. (JFG)
** 6 Oct 92 Moved HTClientHost and logfile into here. (TBL)
** 17 Dec 92 Tn3270 added, bug fix. (DD)
** 2 Feb 93 Split from HTAccess.c. Registration.(TBL)
*/
#include "../config.h"
/* Implements:
*/
#include "HTTelnet.h"
#include "HTParse.h"
#include "HTUtils.h"
#include "HTAnchor.h"
#include "HTTP.h"
#include "HTFile.h"
#include <errno.h>
#include <stdio.h>
#include "tcp.h"
#include "HText.h"
#include "HTAccess.h"
#include "HTAlert.h"
extern void application_user_feedback (char *);
#ifndef DISABLE_TRACE
extern int www2Trace;
#endif
/* make a string secure for passage to the
** system() command. Make it contain only alphanumneric
** characters, or the characters '.', '-', '_', '+'.
** Also remove leading '-' or '+'.
** -----------------------------------------------------
*/
PRIVATE void make_system_secure ARGS1(char *, str)
{
char *ptr1, *ptr2;
if ((str == NULL)||(*str == '\0'))
{
return;
}
/*
* remove leading '-' or '+' by making it into whitespace that
* will be stripped later.
*/
if ((*str == '-')||(*str == '+'))
{
*str = ' ';
}
ptr1 = ptr2 = str;
while (*ptr1 != '\0')
{
if ((!isalpha((int)*ptr1))&&(!isdigit((int)*ptr1))&&
(*ptr1 != '.')&&(*ptr1 != '_')&&
(*ptr1 != '+')&&(*ptr1 != '-'))
{
ptr1++;
}
else
{
*ptr2 = *ptr1;
ptr2++;
ptr1++;
}
}
*ptr2 = *ptr1;
}
PRIVATE void run_a_command ARGS1(char *, command)
{
char **argv;
int argc;
char *str;
int alen;
alen = 10;
argv = (char **)malloc(10 * sizeof(char *));
if (argv == NULL)
{
return;
}
argc = 0;
str = strtok(command, " \t\n");
while (str != NULL)
{
argv[argc] = strdup(str);
argc++;
if (argc >= alen)
{
int i;
char **tmp_av;
tmp_av = (char **)malloc((alen + 10) * sizeof(char *));
if (tmp_av == NULL)
{
return;
}
for (i=0; i<alen; i++)
{
tmp_av[i] = argv[i];
}
alen += 10;
free((char *)argv);
argv = tmp_av;
}
str = strtok(NULL, " \t\n");
}
argv[argc] = NULL;
if (fork() == 0)
{
execvp(argv[0], argv);
}
else
{
int i;
/*
* The signal handler in main.c will clean this child
* up when it exits.
*/
for (i=0; i<argc; i++)
{
if (argv[i] != NULL)
{
free(argv[i]);
}
}
free((char *)argv);
}
}
/* Telnet or "rlogin" access
** -------------------------
*/
PRIVATE int remote_session ARGS2(char *, access, char *, host)
{
char *user, *hostname, *port;
int portnum;
char command[256];
char *xterm_str;
enum _login_protocol { telnet, rlogin, tn3270 } login_protocol;
extern char *global_xterm_str;
if (!access || !host)
{
application_user_feedback
("Cannot open remote session, because\nURL is malformed.\0");
return HT_NO_DATA;
}
login_protocol =
strcmp(access, "rlogin") == 0 ? rlogin :
strcmp(access, "tn3270") == 0 ? tn3270 :
telnet;
/* Make sure we won't overrun the size of command with a huge host string */
if (strlen(host) > 200)
{
host[200] = '\0';
}
user = host;
hostname = strchr(host, '@');
port = strchr(host, ':');
if (hostname)
{
*hostname++ = 0; /* Split */
}
else
{
hostname = host;
user = 0; /* No user specified */
}
if (port)
{
*port++ = 0; /* Split */
portnum = atoi(port);
}
/*
* Make user and hostname secure by removing leading '-' or '+'.
* and allowing only alphanumeric, '.', '_', '+', and '-'.
*/
make_system_secure(user);
make_system_secure(hostname);
xterm_str = global_xterm_str;
if (login_protocol == rlogin)
{
/* For rlogin, we should use -l user. */
if ((port)&&(portnum > 0)&&(portnum < 63336))
{
sprintf(command, "%s -e %s %s %d %s %s", xterm_str, access,
hostname,
portnum,
user ? "-l" : "",
user ? user : "");
}
else
{
sprintf(command, "%s -e %s %s %s %s", xterm_str, access,
hostname,
user ? "-l" : "",
user ? user : "");
}
}
else
{
/* For telnet, -l isn't safe to use at all -- most platforms
don't understand it. */
if ((port)&&(portnum > 0)&&(portnum < 63336))
{
sprintf(command, "%s -e %s %s %d", xterm_str, access,
hostname, portnum);
}
else
{
sprintf(command, "%s -e %s %s", xterm_str, access,
hostname);
}
}
#ifndef DISABLE_TRACE
if (www2Trace) fprintf(stderr, "HTaccess: Command is: %s\n", command);
#endif
run_a_command(command);
/* No need for application feedback if we're rlogging directly
in... */
if (user && login_protocol != rlogin)
{
char str[200];
/* Sleep to let the xterm get up first.
Otherwise, the popup will get buried. */
sleep (2);
sprintf (str, "When you are connected, log in as '%s'.", user);
application_user_feedback (str);
}
return HT_NO_DATA; /* Ok - it was done but no data */
}
/* "Load a document" -- establishes a session
** ------------------------------------------
**
** On entry,
** addr must point to the fully qualified hypertext reference.
**
** On exit,
** returns <0 Error has occured.
** >=0 Value of file descriptor or socket to be used
** to read data.
** *pFormat Set to the format of the file, if known.
** (See WWW.h)
**
*/
PRIVATE int HTLoadTelnet
ARGS4
(
WWW_CONST char *, addr,
HTParentAnchor *, anchor,
HTFormat, format_out,
HTStream *, sink /* Ignored */
)
{
char * access;
char * host;
int status;
if (sink)
{
HTAlert("Can't output a live session -- it has to be interactive");
return HT_NO_ACCESS;
}
access = HTParse(addr, "file:", PARSE_ACCESS);
host = HTParse(addr, "", PARSE_HOST);
status = remote_session(access, host);
free(host);
free(access);
return status;
}
PUBLIC HTProtocol HTTelnet = { "telnet", HTLoadTelnet, NULL };
PUBLIC HTProtocol HTRlogin = { "rlogin", HTLoadTelnet, NULL };
PUBLIC HTProtocol HTTn3270 = { "tn3270", HTLoadTelnet, NULL };