/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This module implements the "fast path" processing for the telnet protocol.
* Since it only knows a very small number of the telnet protocol options,
* the daemon is required to assist this module. This module must be run
* underneath logindmux, which handles switching messages between the
* daemon and the pty master stream appropriately. When an unknown telnet
* option is received it is handled as a stop-and-wait operation. The
* module refuses to forward data in either direction, and waits for the
* daemon to deal with the option, and forward any unprocessed data back
* to the daemon.
*/
#include <sys/logindmux.h>
#include <sys/telioctl.h>
#include <sys/cryptmod.h>
extern struct streamtab telmodinfo;
/*
* Module state flags
*/
/*
* NOTE: values TEL_BINARY_IN and TEL_BINARY_OUT are defined in
* telioctl.h, passed in the TEL_IOC_MODE ioctl and stored (bitwise)
* in the module state flag. So those values are not available
* even though they are not defined here.
*/
/*
* Per queue instances are single-threaded since the q_ptr
* field of queues need to be shared among threads.
*/
"telmod",
};
/*
* Module linkage information for the kernel.
*/
"telnet module",
&fsw
};
};
int
_init()
{
return (mod_install(&modlinkage));
}
int
_fini()
{
return (mod_remove(&modlinkage));
}
int
{
}
static void telmodrsrv(queue_t *);
static void telmodwsrv(queue_t *);
static void telmod_timer(void *);
static void telmod_buffer(void *);
TELMOD_ID, /* module id number */
"telmod", /* module name */
0, /* minimum packet size */
INFPSZ, /* maximum packet size */
512, /* hi-water mark */
256 /* lo-water mark */
};
(int (*)())telmodrput,
(int (*)())telmodrsrv,
};
(int (*)())telmodwput,
(int (*)())telmodwsrv,
NULL,
NULL,
};
NULL,
};
/*
* Per-instance state struct for the telnet module.
*/
struct telmod_info {
int flags;
};
/*ARGSUSED*/
static void
{}
/*
* telmodopen -
* A variety of telnet options can never really be processed in the
* kernel. For example, TELOPT_TTYPE, must be based in the TERM
* environment variable to the login process. Also, data may already
* have reached the stream head before telmod was pushed on the stream.
* So when telmod is opened, it begins in stopped state, preventing
* further data passing either direction through it. It sends a
* T_DATA_REQ messages up toward the daemon. This is so the daemon
* can be sure that all data which was not processed by telmod
* (because it wasn't yet pushed) has been received at the stream head.
*/
/*ARGSUSED*/
static int
{
int error;
return (EINVAL);
/* It's already attached. */
return (0);
}
/*
* Allocate state structure.
*/
/*
* Cross-link.
*/
noenable(q);
qprocson(q);
/*
* Since TCP operates in the TLI-inspired brain-dead fashion,
* the connection will revert to bound state if the connection
* is reset by the client. We must send a T_UNBIND_REQ in
* that case so the port doesn't get "wedged" (preventing
* inetd from being able to restart the listener). Allocate
* it here, so that we don't need to worry about allocb()
* failures later.
*/
if (!qwait_sig(q)) {
qunbufcall(q, id);
goto fail;
}
qunbufcall(q, id);
}
sizeof (struct T_unbind_req);
/*
* Send a M_PROTO msg of type T_DATA_REQ (this is unique for
* read queue since only write queue can get T_DATA_REQ).
* Readstream routine in telnet daemon will do a getmsg() till
* it receives this proto message
*/
if (!qwait_sig(q)) {
qunbufcall(q, id);
goto fail;
}
qunbufcall(q, id);
}
return (0);
fail:
qprocsoff(q);
}
return (error);
}
/*
* telmodclose - just the normal streams clean-up is required.
*/
/*ARGSUSED*/
static int
{
/*
* Flush any write-side data downstream. Ignoring flow
* control at this point is known to be safe because the
* M_HANGUP below poisons the stream such that no modules can
* be pushed again.
*/
/* Poison the stream head so that we can't be pushed again. */
(void) putnextctl(q, M_HANGUP);
qprocsoff(q);
}
}
}
}
}
return (0);
}
/*
* telmodrput:
* Be sure to preserve data order. If the daemon is waiting for additional
* data (TEL_GETBLK state) forward new data. Otherwise, apply normal
* telnet protocol processing to M_DATA. Take notice of TLI messages
* indicating connection tear-down, and change them into M_HANGUP's.
*/
static void
{
return;
}
case M_DATA:
/*
* If the user level daemon requests for 1 more
* block of data (needs more data for protocol processing)
* create a M_CTL message block with the mp.
*/
return;
}
noenable(q);
break;
}
/*
* call the protocol parsing routine which processes
* the data part of the message block first. Then it
* routines inside rcv_parse will queue up the
* original message block in its service queue.
*/
break;
case M_FLUSH:
/*
* Since M_FLUSH came from TCP, we mark it bound for
* daemon, not tty. This only happens when TCP expects
* to do a connection reset.
*/
break;
case M_PCSIG:
case M_ERROR:
/* FALLTHRU */
case M_IOCACK:
case M_IOCNAK:
case M_SETOPTS:
break;
case M_PROTO:
case M_PCPROTO:
case T_ORDREL_IND:
case T_DISCON_IND:
/* Make into M_HANGUP and putnext */
}
/*
* If we haven't already, send T_UNBIND_REQ to prevent
* TCP from going into "BOUND" state and locking up the
* port.
*/
NULL) {
} else {
}
break;
case T_EXDATA_IND:
case T_DATA_IND: /* conform to TPI, but never happens */
if (mp) {
goto is_mdata;
}
}
break;
/*
* We only get T_OK_ACK when we issue the unbind, and it can
* be ignored safely.
*/
case T_OK_ACK:
break;
default:
#ifdef DEBUG
"telmodrput: unexpected TLI primitive msg "
#endif
}
break;
default:
#ifdef DEBUG
"telmodrput: unexpected msg type 0x%x",
#endif
}
}
/*
* telmodrsrv:
* Mostly we end up here because of M_DATA processing delayed due to flow
* control or lack of memory. XXX.sparker: TLI primitives here?
*/
static void
{
return;
}
case M_DATA:
return;
}
noenable(q);
break;
}
return;
}
break;
case M_PROTO:
/*
* Unless the M_PROTO message indicates data, clear
* TEL_GETBLK so that we stop passing our messages
* up to the telnet daemon.
*/
case T_ORDREL_IND:
case T_DISCON_IND:
/* Make into M_HANGUP and putnext */
}
/*
* If we haven't already, send T_UNBIND_REQ
* to prevent TCP from going into "BOUND"
* state and locking up the port.
*/
} else {
}
break;
case T_DATA_IND: /* conform to TPI, but never happens */
case T_EXDATA_IND:
if (mp) {
goto is_mdata;
}
}
break;
/*
* We only get T_OK_ACK when we issue the unbind, and
* it can be ignored safely.
*/
case T_OK_ACK:
break;
default:
#ifdef DEBUG
"telmodrsrv: unexpected TLI primitive "
#endif
}
break;
case M_SETOPTS:
break;
default:
#ifdef DEBUG
"telmodrsrv: unexpected msg type 0x%x",
#endif
}
}
}
/*
* telmodwput:
* M_DATA is processed and forwarded if we aren't stopped awaiting the daemon
* to process something. M_CTL's are data from the daemon bound for the
* network. We forward them immediately. There are two classes of ioctl's
* we must handle here also. One is ioctl's forwarded by ptem which we
* ignore. The other is ioctl's issued by the daemon to control us.
* Process them appropriately. M_PROTO's we pass along, figuring they are
* are TPI operations for TCP. M_FLUSH requires careful processing, since
* telnet cannot tolerate flushing its protocol requests. Also the flushes
* can be running either daemon<->TCP or application<->telmod. We must
* carefully deal with this.
*/
static void
queue_t *q, /* Pointer to the read queue */
{
int rw;
int error;
case M_DATA:
(q->q_first)) {
noenable(q);
break;
}
/*
* This routine parses data generating from ptm side.
* Insert a null character if carraige return
* is not followed by line feed unless we are in binary mode.
* Also, duplicate IAC if found in the data.
*/
break;
case M_CTL:
}
break;
case M_IOCTL:
/*
* This ioctl is issued by user level daemon to
* request one more message block to process protocol
*/
case TEL_IOC_GETBLK:
break;
}
break;
/*
* This ioctl is issued by user level daemon to reenable the
* read and write queues. This is issued during startup time
* after setting up the mux links and also after processing
* the protocol. It is also issued after each time an
* an unrecognized telnet option is forwarded to the daemon.
*/
case TEL_IOC_ENABLE:
/*
* Send negative ack if TEL_STOPPED flag is not set
*/
break;
}
}
qenable(q);
enableok(q);
break;
/*
* according to the instructions from the daemon.
*/
case TEL_IOC_MODE:
if (error != 0) {
break;
}
break;
#ifdef DEBUG
case TCSETAF:
case TCSETSF:
case TCSETA:
case TCSETAW:
case TCSETS:
case TCSETSW:
case TCSBRK:
case TIOCSTI:
case TIOCSWINSZ:
break;
#endif
case CRYPTPASSTHRU:
if (error != 0) {
break;
}
else
break;
default:
} else {
#ifdef DEBUG
"telmodwput: unexpected ioctl type 0x%x",
#endif
}
break;
}
break;
case M_FLUSH:
/*
* Flushing is tricky: We try to flush all we can, but certain
* data cannot be flushed. Telnet protocol sequences cannot
* be flushed. So, TCP's queues cannot be flushed since we
* cannot tell what might be telnet protocol data. Then we
* must take care to create and forward out-of-band data
* indicating the flush to the far side.
*/
/*
* We cannot flush our read queue, since there may
* be telnet protocol bits in the queue, awaiting
* processing. However, once it leaves this module
* it's guaranteed that all protocol data is in
* M_CTL, so we do flush read data beyond us, expecting
* them (actually logindmux) to do FLUSHDATAs also.
*/
} else {
}
/*
* Since all telnet protocol data comes from the
* daemon, stored as M_CTL messages, flushq will
* do exactly what's needed: Flush bytes which do
* not have telnet protocol data.
*/
}
break;
case M_PCPROTO:
break;
case M_PROTO:
/* We may receive T_DISCON_REQ from the mux */
else
break;
default:
#ifdef DEBUG
"telmodwput: unexpected msg type 0x%x",
#endif
break;
}
}
/*
* telmodwsrv - module write service procedure
*/
static void
{
if (!canputnext(q)) {
return;
}
case M_DATA:
return;
}
/*
* Insert a null character if carraige return
* is not followed by line feed
*/
return;
}
break;
case M_CTL:
}
break;
case M_PROTO:
break;
default:
#ifdef DEBUG
"telmodwsrv: unexpected msg type 0x%x",
#endif
}
}
}
/*
* message block to check for telnet protocol by detecting an IAC.
* The routine processes the data part of the message block first and
* then sends protocol followed after IAC to the telnet daemon. The
*
* Since the code to do this with streams mblks is complicated, some
* explanations are in order. If an IAC is found, a dupb() is done,
* and the pointers are adjusted to create two streams message. The
* (possibly empty) first message contains preceeding data, and the
* second begins with the IAC and contains the rest of the streams
* message.
*
* The variables:
* datamp: Points to the head of a chain of mblks containing data
* which requires no expansion, and can be forwarded directly
* to the pty.
* prevmp: Points to the last mblk on the datamp chain, used to add
* to the chain headed by datamp.
* newmp: When an M_CTL header is required, this pointer references
* that "header" mblk.
* protomp: When an IAC is discovered, a dupb() is done on the first mblk
* containing an IAC. protomp points to this dup'ed mblk.
* This mblk is eventually forwarded to the daemon.
*/
static int
{
unsigned char *tmp;
while (mp) {
/*
* If the mblk is empty, just continue scanning.
*/
continue;
}
/*
* First check to see if we have received CR and are checking
* at the beginning of a subsequent mblk.
*/
if (prevmp) {
continue;
} else {
/*
* Message contained
* only a '\0' after
* a '\r' in a previous
* message, so we can
* read more, even
* though we have
* nothing to putnext.
*/
return (1);
} else {
continue;
}
}
}
}
}
/*
* Now scan through the entire message block, for IACs
* and CR characters, which need processing.
*/
/*
* Telnet protocol - parse it now
* process data part of mblk
* before sending the protocol.
*/
return (0);
}
if (prevmp)
} else {
if (prevmp)
else
datamp = 0;
}
if (datamp) {
}
/*
* create a 1 byte M_CTL message block with
* protomp and send it down.
*/
/*
* Save the dup'ed mp containing
* the protocol information which
* we couldn't get an M_CTL header
* for.
*/
return (0);
}
noenable(q);
return (0);
}
/*
* Set TEL_CRRCV flag if last character is CR
*/
(tmp[0] == '\r')) {
break;
}
/*
*/
/*
* If CR is in the middle of a block,
* we need to get rid of LF and join
* the two pieces together.
*/
} else {
}
if (prevmp)
}
}
tmp++;
}
}
return (1);
}
/*
* CR-LF. If CR is not followed by LF, it inserts a NULL character if we are
* in non binary mode. Also, duplicate IAC(0xFF) if found in the mblk.
* This routine is pessimistic: It pre-allocates a buffer twice the size
* of the incoming message, which is the maximum size a message can become
* after IAC expansion.
*
* savemp: Points at the original message, so it can be freed when
* processing is complete.
* mp: The current point of scanning the message.
* newmp: New message being created with the processed output.
*/
static int
{
if (size == 0) {
return (1);
}
/*
* Extra byte to allocb() takes care of the case when there was
* a '\r' at the end of the previous message and there's a '\r'
* at the beginning of the current message.
*/
return (0);
}
while (mp) {
}
(tmp[0] == '\r')) {
break;
}
if ((tmp[0] == '\r') &&
/* XXX.sparker: can't happen */
break;
}
}
} else
}
tmp++;
}
}
return (1);
}
static void
{
} else {
}
enableok(q);
qenable(q);
}
static void
{
} else {
}
enableok(q);
qenable(q);
}
static void
{
noenable(q);
/*
* Make sure there is at most one outstanding request per queue.
*/
return;
}
} else {
return;
}
}
else
} else {
else
}
}