TinTin++ Mud Client The TinTin++ message board

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
TinTin++ Mud Client

ssl support

 
Post new topic   Reply to topic    The TinTin++ message board Forum Index -> Feature Requests
View previous topic :: View next topic  
Author Message
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Mon Dec 22, 2008 12:45 pm    Post subject: ssl support Reply with quote

Hi,

is there a patch out already which adds ssl (tls) support to tintin++? If not, I might look into this, but I would like to avoid the work if it has already been done. And I would like to know if this could be included upstream eventually (assuming it works and people are happy with it).

thanks, Frank
Back to top
View user's profile Send private message
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Mon Dec 22, 2008 1:07 pm    Post subject: Reply with quote

You can run ssh and other console programs within tintin using: #run <session name> ssh <arguments>

Other than that there's no direct ssl support for tintin.
Back to top
View user's profile Send private message Send e-mail
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Mon Dec 22, 2008 2:41 pm    Post subject: Reply with quote

Hi,

I do not speak about 'ssh' as shell, but more about support like 'stunnel'. I tried stunnel inside tintin++ (it 'works' outside), not successfully. I appended the log. To reproduce, connect to avalon.mud.de port 7778 (ssl port, 7777 is no ssl), enter 'gast' as username (German for guest) and then the connection dies.

Even if this could somehow work using stunnel externally, wouldn't it be nice to have that support build in? This way a user would not have to worry about additional packages/software to be installed and it could work out of the box.

Btw: is there some version control system for tintin++ to have a look at the latest (not yet released) version of things?

thanks, Frank

Code:

#run Avalon stunnel -c -r avalon.mud.de:7778

Avalon ist seit ueber 13 Jahren etabliert.
Verschluesselte Verbindung
YX__^@d^@P (`-')  _       (`-') (`-')  _                     <-. (`-')_
 (OO ).-/      _(OO ) (OO ).-/    <-.        .->      \( OO) )
 / ,---.  ,--.(_/,-.\ / ,---.   ,--. )  (`-')----. ,--./ ,--/
 | \ /`.\ \   \ / (_/ | \ /`.\  |  (`-')( OO).-.  '|   \ |  |
 '-'|_.' | \   /   /  '-'|_.' | |  |OO )( _) | |  ||  . '|  |)
(|  .-.  |_ \     /_)(|  .-.  |(|  '__ | \|  |)|  ||  |\    |
 |  | |  |\-'\   /    |  | |  | |     |'  '  '-'  '|  | \   |
 `--' `--'    `-'     `--' `--' `-----'    `-----' `--'  `--'

Avalon! Eine Welt, in der alles moeglich und nichts unmoeglich ist.

"Endlich wieder hier", denkst Du Dir und verlierst auch schon Dein
Bewusstsein. Du wachst auf und ein Adliger steht vor Dir:

  Wer bist Du, Fremder? Sage mir Deinen Namen.
  Wenn Du verwirrt bist oder Deinen Namen nicht mehr weisst, so
  nenne Dich einfach "gast" oder rufe um "hilfe"!
  Tippe "neu", falls wir uns noch nie gesehen haben.

Du antwortest: gast
X^@TINTIN++^@

#COMPRESSION ERROR, RESETTING MCCP.


#SESSION 'Avalon' DIED.
Back to top
View user's profile Send private message
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Mon Dec 22, 2008 5:28 pm    Post subject: Reply with quote

I'm trying to keep tintin as basic as possible, and if #run can be used I'd rather not add unneeded functionality that needs documentation, maintenance, and adds to the learning curve for new users.

I installed stunnel v4.25 on cygwin, but when I enter stunnel -c -r avalon.mud.de:7778 it gives me: Syntax: stunnel [<filename>] ] -fd <n> | -help | -version | -sockets

I guess there's something about stunnel that I'm missing? I don't really have the time to dig through manuals atm.


There's no version control system, I upload a beta file if people ask for it or I want feedback, there's a link to it in the latest announcement.

Back to #run, looks like your mud breaks the connection for some reason, you might get back some more information if you enable: #config {debug telnet} on before connecting.
Back to top
View user's profile Send private message Send e-mail
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Mon Dec 22, 2008 8:33 pm    Post subject: Reply with quote

Alright, looks like I had to install an old version. The connection isn't closed on me with #run, but it does generate a mccp error:

Code:

RCVD WILL MCCP2
SENT IAC DO MCCP2
RCVD WILL MCCP1
SENT IAC DONT MCCP1
RCVD DO MCCP2
SENT IAC WONT MCCP2
RCVD DONT MCCP1
RCVD WONT MCCP2


When I connect over telnet to port 7777 or through a ssl proxy (v4.25) to port 7778 I get:

Code:

RCVD WILL MCCP2
SENT IAC DO MCCP2
RCVD WILL MCCP1
SENT IAC DONT MCCP1
RCVD IAC SB MCCP2 SEND
MCCP2 INITIALIZED.


'm not sure if the problem is with #run or with the old stunnel release.
Back to top
View user's profile Send private message Send e-mail
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Tue Dec 23, 2008 4:07 pm    Post subject: Reply with quote

I looked into it and it looks like telnet negotiations are messed up when using #run. You could upgrade stunnel and use it in proxy mode.

You'd have to edit etc/stunnel/stunnel.conf and put in it:

client = yes

[avalon]
connect = avalon.mud.de:7778
accept = localhost:7778

Next run stunnel (automatically runs in the background), and #ses bla localhost 7778 should do the trick.

If you could somehow automatically detect ssl support so the #session command could be used for both telnet and ssl sessions I'll look into ssl support.

I've put fixing #run with stunnel on the todo list, but I've spend 2 hours on it already and am still stumped at what is going wrong.
Back to top
View user's profile Send private message Send e-mail
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Wed Jan 11, 2012 1:41 am    Post subject: Reply with quote

I looked into tintin++ again, and ran into the same problem, googled and to my surprise found this - I completely forgot about my posting here some years ago. Anyway, I tried to look into it, and here is what I found so far:

- This is no problem of ssl or stunnel, netcat shows the same: #run Avalon nc avalon.mud.de 7777
- Looking at debug output when using inet/tty I see:
1) lf/crlf of the data tintin++ receives in its bufferis different when using a inet socket vs a terminal (not sure if this is relevant). Apparently termios does some linefeed translation. inet receives lf, tty gets crlf
2) The sniffed traffic is almost identical to a certain point within the negotiations, with the exception of the line feed negotiation at the very beginning (not even a telnet neg - the connection negotiation - probably not relevant). Note that the lf/crlf are identical - the conversion must be happening within termios somewhere.
3) After the first block of negotiations arrives the inet version sends off its answer and gets the next block - as it should, and as shown in the network traffic as well. In contrast, tintin gets the same block from the tty, answers as well but what comes next from the tty does not look right, and certainly didn't come over the net. It does look like negotiations of some sort, so tintin tries to answer, but this messes up the whole future conversation. Parts of it look like a repetition of what tintin just sent.
4) I se that in terminal.c:71 ECHO is disabled, but I am not sure if this is related. I have no idea of termios usage as of now.
- All this is 2.00.8 on Debian Squeeze

Does any of this maybe ring a bell?I could use a pointer or something to go on.

thanks, Frank
Back to top
View user's profile Send private message
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Wed Jan 11, 2012 8:18 am    Post subject: Reply with quote

Might be worth a try disabling mccp.

#config mccp off
Back to top
View user's profile Send private message Send e-mail
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Tue Jan 17, 2012 10:57 pm    Post subject: Reply with quote

I got it working. And as it turned out, it wasn't mccp after all. Nor was it ssl. ssl could be ruled out by using nc (netcat) instead. This essentially only opens a network connection and attaches it to stdin and stdout - no ssl. This didn't work either. mccp was not working, but that was only a symptom. The real problem turned out to be the terminal tintin uses to execute the command. It didn't cleanly pass traffic through from tintin to the mud and back. In particular, it had ECHO enabled, which means tintin saw its own telopt commands and thought they come from the server, reacted accordingly and this messed everything up.

I attach the patch I use below, in the hope the forum doesn't destroy it. Let me know where to send the file directly if it does (and I really think some kind of version control system would be nice).

To the patch: it does two things:
1) it changes the settings of the pass-through terminal used to run commands such that this terminal doesn't interpret commands - it just passes them though. In particular, it doesn't echo anything back: it shouldn't because either the mud takes care of that (e.g. in character mode), or tintin itself manages this.
2) It enables local echo. This was necessary because now the pass-through terminal doesn't do the echoing anymore. Now both regular sessions and sessions using #run should work the same way in tintin.

Please let me know what you think.

Frank, or usually Knarf

Code:

diff -ru tintin-2.00.8.orig/src/session.c tintin-2.00.8.new//src/session.c
--- tintin-2.00.8.orig/src/session.c    2011-10-25 19:03:07.000000000 -0500
+++ tintin-2.00.8.new//src/session.c    2012-01-17 21:54:36.000000000 -0600
@@ -264,7 +264,6 @@
                SET_BIT(newsession->flags, SES_FLAG_CONNECTED|SES_FLAG_RUN);
 
                SET_BIT(newsession->telopts, TELOPT_FLAG_SGA);
-               DEL_BIT(newsession->telopts, TELOPT_FLAG_ECHO);
 
                gtd->ses = newsession;
 
diff -ru tintin-2.00.8.orig/src/system.c tintin-2.00.8.new//src/system.c
--- tintin-2.00.8.orig/src/system.c     2011-10-23 22:32:15.000000000 -0500
+++ tintin-2.00.8.new//src/system.c     2012-01-17 21:40:11.000000000 -0600
@@ -65,6 +65,26 @@
                        break;
 
                case 0:
+      {
+        // Try to set stdin (slave tty) as raw as possible
+        struct termios flags;
+        if (tcgetattr(0, &flags))
+        {
+          tintin_printf2(ses, "#RUN: tcgetattr on slave tty failed.");
+          return gtd->ses;
+        }
+        DEL_BIT(flags.c_iflag, BRKINT|ICRNL|INPCK|ISTRIP|IXON|IGNCR|INLCR);
+        DEL_BIT(flags.c_lflag, ECHO|ECHONL|ECHOE|ECHOK|ICANON);
+        DEL_BIT(flags.c_oflag, OPOST);
+        SET_BIT(flags.c_cflag, CS8);
+        flags.c_cc[VMIN]  = 0;
+        flags.c_cc[VTIME] = 0;
+        if (tcsetattr(0, TCSAFLUSH, &flags))
+        {
+          tintin_printf2(ses, "#RUN: tcsetattr on slave tty failed.");
+          return gtd->ses;
+        }
+      }
                        sprintf(temp, "exec %s", right);
                        argv[2] = temp;
                        execv("/bin/sh", argv);
[/code]
Back to top
View user's profile Send private message
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Fri Jan 20, 2012 10:14 am    Post subject: Reply with quote

Would you consider to include this patch, or a variation of it upstream, in the next release? Do you think I did this the right way in the first place?
Back to top
View user's profile Send private message
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Sat Jan 21, 2012 7:10 pm    Post subject: Reply with quote

I'll have to look into it. It's on my todo list. Smile
Back to top
View user's profile Send private message Send e-mail
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Sat Mar 03, 2012 12:10 am    Post subject: Reply with quote

You can find this now here: http://sourceforge.net/p/tintindev/code/4/
Back to top
View user's profile Send private message
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Thu Mar 15, 2012 11:07 am    Post subject: Reply with quote

The following is necessary in addition to the patch above to fire the SESSION CONNECTED event also for sessions started using #run.

This can also be found here: http://sourceforge.net/p/tintindev/code/6

Code:
Index: session.c
===================================================================
--- session.c   (revision 4)
+++ session.c   (working copy)
@@ -268,6 +268,10 @@
                gtd->ses = newsession;
 
                gtd->ses->socket = desc;
+
+               tintin_printf2(newsession, "");
+               tintin_printf(newsession, "#SESSION '%s' CONNECTED TO 'host' PORT '0'", newsession->name);
+               check_all_events(newsession, SUB_ARG|SUB_SEC, 0, 4, "SESSION CONNECTED", newsession->name, "", "", "");
        }
 
        pop_call();
Back to top
View user's profile Send private message
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Thu Apr 05, 2012 10:15 pm    Post subject: Reply with quote

Your solution isn't ideal in the case someone wants to do something like: #run shell bash, or: #run mail pine

I'll see if I can come up with something.
Back to top
View user's profile Send private message Send e-mail
g0rm



Joined: 22 Dec 2008
Posts: 20

PostPosted: Mon Apr 09, 2012 10:58 pm    Post subject: Reply with quote

Scandum wrote:
Your solution isn't ideal in the case someone wants to do something like: #run shell bash, or: #run mail pine

I'll see if I can come up with something.


Would it be a solution to have two different commands for a) connecting to a mud using a system command and b) running something else? However, having said that, #run shell bash works just fine, only #run mail mutt doesn't quite work, most likely because character mode isn't enabled but expected by mutt (I don't have pine configured, but mutt should be sufficiently similar).
Back to top
View user's profile Send private message
Scandum
Site Admin


Joined: 03 Dec 2004
Posts: 3770

PostPosted: Tue Apr 10, 2012 7:05 pm    Post subject: Reply with quote

I'll probably look into adding a way to set some flags. #run -C maybe to disable character mode.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    The TinTin++ message board Forum Index -> Feature Requests All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Get TinTin++ Mud Client at SourceForge.net. Fast, secure and Free Open Source software downloads Get TinTin++ Mud Client at SourceForge.net. Fast, secure and Free Open Source software downloads
TinTin++ Homepage

Powered by phpBB © 2001, 2002 phpBB Group