diff --git a/appl/ftp/ftp/cmdtab.c b/appl/ftp/ftp/cmdtab.c index 9567e3c71..803240d9b 100644 --- a/appl/ftp/ftp/cmdtab.c +++ b/appl/ftp/ftp/cmdtab.c @@ -107,7 +107,9 @@ char verbosehelp[] = "toggle verbose mode"; char prothelp[] = "set protection level"; char kauthhelp[] = "get remote tokens"; char klisthelp[] = "show remote tickets"; -char aklog[] = "obtain remote AFS tokens"; +char kdestroyhelp[] = "destroy remote tickets"; +char krbtkfilehelp[] = "set filename of remote tickets"; +char afsloghelp[] = "obtain remote AFS tokens"; struct cmd cmdtab[] = { { "!", shellhelp, 0, 0, 0, shell }, @@ -186,6 +188,9 @@ struct cmd cmdtab[] = { { "prot", prothelp, 0, 1, 0, sec_prot }, { "kauth", kauthhelp, 0, 1, 0, kauth }, { "klist", klisthelp, 0, 1, 0, klist }, + { "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy }, + { "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile }, + { "afslog", afsloghelp, 0, 1, 0, afslog }, { 0 }, }; diff --git a/appl/ftp/ftp/kauth.c b/appl/ftp/ftp/kauth.c index 71e75df72..264966a06 100644 --- a/appl/ftp/ftp/kauth.c +++ b/appl/ftp/ftp/kauth.c @@ -39,7 +39,8 @@ #include "ftp_locl.h" RCSID("$Id$"); -void kauth(int argc, char **argv) +void +kauth(int argc, char **argv) { int ret; char buf[1024]; @@ -131,7 +132,8 @@ void kauth(int argc, char **argv) code = 0; } -void klist(int argc, char **argv) +void +klist(int argc, char **argv) { int ret; if(argc != 1){ @@ -143,3 +145,45 @@ void klist(int argc, char **argv) ret = command("SITE KLIST"); code = (ret == COMPLETE); } + +void +kdestroy(int argc, char **argv) +{ + int ret; + if (argc != 1) { + printf("usage: %s\n", argv[0]); + code = -1; + return; + } + ret = command("SITE KDESTROY"); + code = (ret == COMPLETE); +} + +void +krbtkfile(int argc, char **argv) +{ + int ret; + if(argc != 2) { + printf("usage: %s tktfile\n", argv[0]); + code = -1; + return; + } + ret = command("SITE KRBTKFILE %s", argv[1]); + code = (ret == COMPLETE); +} + +void +afslog(int argc, char **argv) +{ + int ret; + if(argc > 2) { + printf("usage: %s [cell]\n", argv[0]); + code = -1; + return; + } + if(argc == 2) + ret = command("SITE AFSLOG %s", argv[1]); + else + ret = command("SITE AFSLOG"); + code = (ret == COMPLETE); +} diff --git a/appl/ftp/ftp/krb4.h b/appl/ftp/ftp/krb4.h index 1810e0229..3ef2c67ef 100644 --- a/appl/ftp/ftp/krb4.h +++ b/appl/ftp/ftp/krb4.h @@ -68,6 +68,9 @@ int sec_request_prot(char *level); void kauth(int, char **); void klist(int, char **); +void kdestroy(int, char **); +void krbtkfile(int, char **); +void afslog(int, char **); void krb4_quit(void); diff --git a/appl/ftp/ftpd/extern.h b/appl/ftp/ftpd/extern.h index e9f50f95b..3b27965ad 100644 --- a/appl/ftp/ftpd/extern.h +++ b/appl/ftp/ftpd/extern.h @@ -53,8 +53,11 @@ #include #endif -#ifndef NBBY +#ifdef HAVE_LIMITS_H #include +#endif + +#ifndef NBBY #define NBBY CHAR_BIT #endif @@ -110,6 +113,11 @@ void yyerror(char *); void kauth(char *, char*); void klist(void); +void cond_kdestroy(void); +void kdestroy(void); +void krbtkfile(const char *tkfile); +void afslog(const char *cell); +void afsunlog(void); int find(char *); diff --git a/appl/ftp/ftpd/ftpcmd.y b/appl/ftp/ftpd/ftpcmd.y index d0c0d5148..5bc0978a2 100644 --- a/appl/ftp/ftpd/ftpcmd.y +++ b/appl/ftp/ftpd/ftpcmd.y @@ -162,7 +162,8 @@ static int yylex (void); AUTH ADAT PROT PBSZ CCC MIC CONF ENC - KAUTH KLIST FIND URL + KAUTH KLIST KDESTROY KRBTKFILE AFSLOG + FIND URL LEXERR @@ -567,6 +568,37 @@ cmd if($4) klist(); } + | SITE SP KDESTROY check_login CRLF + { + if($4) + kdestroy(); + } + | SITE SP KRBTKFILE check_login SP STRING CRLF + { + if(guest) + reply(500, "Can't be done as guest."); + else if($4 && $6) + krbtkfile($6); + if($6) + free($6); + } + | SITE SP AFSLOG check_login CRLF + { + if(guest) + reply(500, "Can't be done as guest."); + else if($4) + afslog(NULL); + } + | SITE SP AFSLOG check_login SP STRING CRLF + { + if(guest) + reply(500, "Can't be done as guest."); + else if($4){ + afslog($6); + } + if($6) + free($6); + } | SITE SP FIND check_login SP STRING CRLF { if($4 && $6 != NULL) @@ -961,6 +993,9 @@ struct tab sitetab[] = { { "KAUTH", KAUTH, STR1, 1, " principal [ ticket ]" }, { "KLIST", KLIST, ARGS, 1, "(show ticket file)" }, + { "KDESTROY", KDESTROY, ARGS, 1, "(destroy tickets)" }, + { "KRBTKFILE", KRBTKFILE, STR1, 1, " ticket-file" }, + { "AFSLOG", AFSLOG, OSTR, 1, "[ cell]" }, { "FIND", FIND, STR1, 1, " globexpr" }, diff --git a/appl/ftp/ftpd/kauth.c b/appl/ftp/ftpd/kauth.c index acc1cc464..6afb443ad 100644 --- a/appl/ftp/ftpd/kauth.c +++ b/appl/ftp/ftpd/kauth.c @@ -71,6 +71,8 @@ static time_t local_time; static krb_principal pr; +static int do_destroy_tickets = 1; + static int save_tkt(char *user, char *instance, char *realm, void *arg, int (*key_proc)(char*, char*, char*, void*, des_cblock*), KTEXT *cipp) @@ -184,7 +186,8 @@ store_ticket(KTEXT cip) return(kerror); } -void kauth(char *principal, char *ticket) +void +kauth(char *principal, char *ticket) { char *p; int ret; @@ -209,6 +212,8 @@ void kauth(char *principal, char *ticket) memset(&cip, 0, sizeof(cip)); return; } + do_destroy_tickets = 1; + if(k_hasafs()) k_afsklog(0, 0); reply(200, "Tickets will be destroyed on exit."); @@ -245,7 +250,8 @@ short_date(int32_t dp) return (cp); } -void klist(void) +void +klist(void) { int err; @@ -302,6 +308,8 @@ void klist(void) * it was done before tf_init. */ + lreply(200, "Ticket file: %s", tkt_string()); + lreply(200, "Principal: %s", krb_unparse_name(&pr)); while ((err = tf_get_cred(&c)) == KSUCCESS) { if (header) { @@ -323,3 +331,49 @@ void klist(void) } reply(200, ""); } + +/* + * Only destroy if we created the tickets + */ + +void +cond_kdestroy(void) +{ + if (do_destroy_tickets) + dest_tkt(); + afsunlog(); +} + +void +kdestroy(void) +{ + dest_tkt(); + afsunlog(); + reply(200, "Tickets destroyed"); +} + +void +krbtkfile(const char *tkfile) +{ + do_destroy_tickets = 0; + krb_set_tkt_string(tkfile); + reply(200, "Using ticket file %s", tkfile); +} + +void +afslog(const char *cell) +{ + if(k_hasafs()) { + k_afsklog(cell, 0); + reply(200, "afslog done"); + } else { + reply(200, "no AFS present"); + } +} + +void +afsunlog(void) +{ + if(k_hasafs()) + k_unlog(); +}