From: email@example.com (Robert Carnegie) Subject: Re: how to set env var by telnet port no Date: 1 Aug 2001 03:49:02 -0700 References: <OIC97.267$yY2.firstname.lastname@example.org>
<email@example.com> firstname.lastname@example.org (John DuBois) wrote in message news: <email@example.com>... > In article <MvE97.firstname.lastname@example.org>, > Karel Adams <email@example.com> wrote: > > > >"Richard Karl Getchell" <firstname.lastname@example.org> schreef in > >bericht news:OIC97.267$yY2.email@example.com... > >> My problem: I don't know how to get the port number from within > >> the shell (/bin/sh). Any suggestions? > > > >Could you not have inetd invoke two different scripts? > >Each of these would first set $ABC as appropriate, afterwards they would be > >identical. > >Don't understand why /etc/profile must set $ABC. > > Not much in the telnetd environment makes it through to a login session. > Offhand, I can only think of TZ. I suppose in your telnetd script you could > subvert TZ with something like > > TZ=7023 > > and then in /etc/profile: > > PORT=$TZ > . /etc/TIMEZONE # to reset TZ > > (and do something equivalent in the initialization files for other shells in > use, if any) > > John Robert Carnegie chooses to introduce himself as the fool who rushes in where angels fear to thread. And I'm not sure how telnetd can set a "correct" non-default value of TZ anyway...? (Hypothetical question.)
Not sure if this is at all helpful, but one other datum that (perhaps) gets through from telnetd is that the process _is_ telnetd. The second telnetd that you run could be renamed or linked to /etc/td7023, I presume. Whether this helps depends on whether the user's shell process can execute "ps -f" to see details of the root process that started the shell - on OpenServer, that's "login", right? - and then the process that started _that_ one, usually "telnetd". However, you may have security set so that users _can't_ "see" these processes which don't belong to them. That's why I said "perhaps". Alternatively: "who -x -m" gives me this session user's host address or name, but not the local port. "netstat -f inet" gives me host and port information for all sessions. _If_ you know that the _only_ telnet connections from hosts on 7023-type connections are going to be the 7023-type connections (I guess that there's a firewall involved), _then_ I suppose this will do, more or less - hostaddress=`who -x -m | (read yada yada yada date time host;echo $host)` if netstat -f inet | grep ".7023 " | grep " $hostaddress." | grep -v " $hostaddress.7023 " >/dev/null then # this is a host using local port 7023 fi Using ksh I can do "who -x -m | read yada yada yada yada yada hostaddress", but in /bin/sh variables don't survive beyond the pipeline...? And I'm presuming that Joe user is allowed to run "netstat" at least... If you have to cope with (near-) concurrent connections to port 23 and to port 7023 from the same host, this algorithm won't work, because all it tells you is that there is _a_ connection to port 7023 from the host in question, and not that _this_ connection is to port 7023. It only works if on your network, those two statements are equivalent.
On the other hand, if a firewall's involved then the host address itself should tell you - if you know how to read it - whether the host is beyond the firewall or not, assuming that that's essentially all that you want to know. I previously suggested executing "who -x -m" with the environment variable HOSTRESORDER set to disable name lookup beyond /etc/hosts (which apparently can't be disabled), which would give you a raw IP address which you could compare to local routing tables. _If_ the firewall is on the local network and not one or more sub-nets away, then it should be feasible (...) to tell whether the route to your host (the telnet client) points to the firewall, or elsewhere. Then there's the network-address-translation type of firewall (we've got one) where all the clients that come in through it appear to be originating at the firewall itself anyway. So the last term in "who -x -m" will be the firewall's address. And if that's all that you wanted to know......
Got something to add? Send me email.