/* Telnet Acees, Roligin, etc HTAccess.c ** ========================== ** ** Authors ** TBL Tim Berners-Lee timbl@info.cern.ch ** JFG Jean-Francois Groff jgh@next.com ** DD Denis DeLaRoca (310) 825-4580 ** History ** 8 Jun 92 Telnet hopping prohibited as telnet is not secure (TBL) ** 26 Jun 92 When over DECnet, suppressed FTP, Gopher and News. (JFG) ** 6 Oct 92 Moved HTClientHost and logfile into here. (TBL) ** 17 Dec 92 Tn3270 added, bug fix. (DD) ** 2 Feb 93 Split from HTAccess.c. Registration.(TBL) */ #include "../config.h" /* Implements: */ #include "HTTelnet.h" #include "HTParse.h" #include "HTUtils.h" #include "HTAnchor.h" #include "HTTP.h" #include "HTFile.h" #include #include #include "tcp.h" #include "HText.h" #include "HTAccess.h" #include "HTAlert.h" extern void application_user_feedback (char *); #ifndef DISABLE_TRACE extern int www2Trace; #endif /* make a string secure for passage to the ** system() command. Make it contain only alphanumneric ** characters, or the characters '.', '-', '_', '+'. ** Also remove leading '-' or '+'. ** ----------------------------------------------------- */ PRIVATE void make_system_secure ARGS1(char *, str) { char *ptr1, *ptr2; if ((str == NULL)||(*str == '\0')) { return; } /* * remove leading '-' or '+' by making it into whitespace that * will be stripped later. */ if ((*str == '-')||(*str == '+')) { *str = ' '; } ptr1 = ptr2 = str; while (*ptr1 != '\0') { if ((!isalpha((int)*ptr1))&&(!isdigit((int)*ptr1))&& (*ptr1 != '.')&&(*ptr1 != '_')&& (*ptr1 != '+')&&(*ptr1 != '-')) { ptr1++; } else { *ptr2 = *ptr1; ptr2++; ptr1++; } } *ptr2 = *ptr1; } PRIVATE void run_a_command ARGS1(char *, command) { char **argv; int argc; char *str; int alen; alen = 10; argv = (char **)malloc(10 * sizeof(char *)); if (argv == NULL) { return; } argc = 0; str = strtok(command, " \t\n"); while (str != NULL) { argv[argc] = strdup(str); argc++; if (argc >= alen) { int i; char **tmp_av; tmp_av = (char **)malloc((alen + 10) * sizeof(char *)); if (tmp_av == NULL) { return; } for (i=0; i 200) { host[200] = '\0'; } user = host; hostname = strchr(host, '@'); port = strchr(host, ':'); if (hostname) { *hostname++ = 0; /* Split */ } else { hostname = host; user = 0; /* No user specified */ } if (port) { *port++ = 0; /* Split */ portnum = atoi(port); } /* * Make user and hostname secure by removing leading '-' or '+'. * and allowing only alphanumeric, '.', '_', '+', and '-'. */ make_system_secure(user); make_system_secure(hostname); xterm_str = global_xterm_str; if (login_protocol == rlogin) { /* For rlogin, we should use -l user. */ if ((port)&&(portnum > 0)&&(portnum < 63336)) { sprintf(command, "%s -e %s %s %d %s %s", xterm_str, access, hostname, portnum, user ? "-l" : "", user ? user : ""); } else { sprintf(command, "%s -e %s %s %s %s", xterm_str, access, hostname, user ? "-l" : "", user ? user : ""); } } else { /* For telnet, -l isn't safe to use at all -- most platforms don't understand it. */ if ((port)&&(portnum > 0)&&(portnum < 63336)) { sprintf(command, "%s -e %s %s %d", xterm_str, access, hostname, portnum); } else { sprintf(command, "%s -e %s %s", xterm_str, access, hostname); } } #ifndef DISABLE_TRACE if (www2Trace) fprintf(stderr, "HTaccess: Command is: %s\n", command); #endif run_a_command(command); /* No need for application feedback if we're rlogging directly in... */ if (user && login_protocol != rlogin) { char str[200]; /* Sleep to let the xterm get up first. Otherwise, the popup will get buried. */ sleep (2); sprintf (str, "When you are connected, log in as '%s'.", user); application_user_feedback (str); } return HT_NO_DATA; /* Ok - it was done but no data */ } /* "Load a document" -- establishes a session ** ------------------------------------------ ** ** On entry, ** addr must point to the fully qualified hypertext reference. ** ** On exit, ** returns <0 Error has occured. ** >=0 Value of file descriptor or socket to be used ** to read data. ** *pFormat Set to the format of the file, if known. ** (See WWW.h) ** */ PRIVATE int HTLoadTelnet ARGS4 ( WWW_CONST char *, addr, HTParentAnchor *, anchor, HTFormat, format_out, HTStream *, sink /* Ignored */ ) { char * access; char * host; int status; if (sink) { HTAlert("Can't output a live session -- it has to be interactive"); return HT_NO_ACCESS; } access = HTParse(addr, "file:", PARSE_ACCESS); host = HTParse(addr, "", PARSE_HOST); status = remote_session(access, host); free(host); free(access); return status; } PUBLIC HTProtocol HTTelnet = { "telnet", HTLoadTelnet, NULL }; PUBLIC HTProtocol HTRlogin = { "rlogin", HTLoadTelnet, NULL }; PUBLIC HTProtocol HTTn3270 = { "tn3270", HTLoadTelnet, NULL };