oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Orthogonalize arguments to -a

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1008 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1996-11-17 04:34:25 +00:00
parent f5729ec262
commit 513527169b
1 changed files with 56 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
appl/ftp/ftpd/ftpd.c
View File

@@ -179,18 +179,11 @@ char hostname[MaxHostNameLen];
char remotehost[MaxHostNameLen]; char remotehost[MaxHostNameLen];
static char ttyline[20]; static char ttyline[20];
/* Default level for security: #define AUTH_PLAIN (1 << 0) /* allow sending passwords */
* 0 allow any kind of connection #define AUTH_OTP (1 << 1) /* passwords are one-time */
* 1 only OTP, authorized and anonymous connections #define AUTH_FTP (1 << 2) /* allow anonymous login */
* 2 only authorized and anonymous connections,
* 3 only authorized
*/
#define AUTH_NONE 0
#define AUTH_OTP 1
#define AUTH_SAFE 2
#define AUTH_USER 3
static int auth_level = AUTH_SAFE; static int auth_level = AUTH_FTP;
/* /*
* Timeout intervals for retrying connections * Timeout intervals for retrying connections
@@ -256,6 +249,32 @@ curdir(void)
#define LINE_MAX 1024 #define LINE_MAX 1024
#endif #endif
static int
parse_auth_level(char *str)
{
char *p;
int ret = 0;
p = strtok(str, ",");
while(p){
if(strcmp(p, "krb4") == 0 ||
strcmp(p, "user") == 0)
;
else if(strcmp(p, "otp") == 0)
ret |= AUTH_PLAIN|AUTH_OTP;
else if(strcmp(p, "ftp") == 0 ||
strcmp(p, "safe") == 0)
ret |= AUTH_FTP;
else if(strcmp(p, "plain") == 0)
ret |= AUTH_PLAIN;
else if(strcmp(p, "none") == 0)
ret |= AUTH_PLAIN|AUTH_FTP;
else
warnx("bad value for -a");
p = strtok(NULL, ",");
}
return ret;
}
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
@@ -285,19 +304,8 @@ main(int argc, char **argv)
while ((ch = getopt(argc, argv, "a:dilp:t:T:u:v")) != EOF) { while ((ch = getopt(argc, argv, "a:dilp:t:T:u:v")) != EOF) {
switch (ch) { switch (ch) {
case 'a': case 'a':
{ auth_level = parse_auth_level(optarg);
if(strcmp(optarg, "none") == 0)
auth_level = AUTH_NONE;
else if(strcmp(optarg, "otp") == 0)
auth_level = AUTH_OTP;
else if(strcmp(optarg, "safe") == 0)
auth_level = AUTH_SAFE;
else if(strcmp(optarg, "user") == 0)
auth_level = AUTH_USER;
else
warnx("bad value for -a");
break; break;
}
case 'd': case 'd':
debug = 1; debug = 1;
break; break;
@@ -438,10 +446,11 @@ main(int argc, char **argv)
/* reply(220,) must follow */ /* reply(220,) must follow */
} }
k_gethostname(hostname, sizeof(hostname)); k_gethostname(hostname, sizeof(hostname));
reply(220, "%s FTP server (%s) ready.", hostname, version); reply(220, "%s FTP server (%s+%s) ready.", hostname,
(void) setjmp(errcatch); version, krb4_version);
setjmp(errcatch);
for (;;) for (;;)
(void) yyparse(); yyparse();
/* NOTREACHED */ /* NOTREACHED */
} }
@@ -521,7 +530,7 @@ user(char *name)
{ {
char *cp, *shell; char *cp, *shell;
if(auth_level == AUTH_USER && !auth_complete){ if(auth_level == 0 && !auth_complete){
reply(530, "No login allowed without authorization."); reply(530, "No login allowed without authorization.");
return; return;
} }
@@ -539,7 +548,8 @@ user(char *name)
guest = 0; guest = 0;
if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
if (checkuser(_PATH_FTPUSERS, "ftp") || if ((auth_level & AUTH_FTP) == 0 ||
checkuser(_PATH_FTPUSERS, "ftp") ||
checkuser(_PATH_FTPUSERS, "anonymous")) checkuser(_PATH_FTPUSERS, "anonymous"))
reply(530, "User %s access denied.", name); reply(530, "User %s access denied.", name);
else if ((pw = sgetpwnam("ftp")) != NULL) { else if ((pw = sgetpwnam("ftp")) != NULL) {
@@ -554,7 +564,7 @@ user(char *name)
"ANONYMOUS FTP LOGIN REFUSED FROM %s", remotehost); "ANONYMOUS FTP LOGIN REFUSED FROM %s", remotehost);
return; return;
} }
if(auth_level == AUTH_SAFE && !auth_complete){ if((auth_level & AUTH_PLAIN) == 0 && !auth_complete){
reply(530, "Only authorized and anonymous login allowed."); reply(530, "Only authorized and anonymous login allowed.");
return; return;
} }
@@ -587,17 +597,17 @@ user(char *name)
reply(331, "Password %s for %s required.", reply(331, "Password %s for %s required.",
ss, name); ss, name);
askpasswd = 1; askpasswd = 1;
} else if (auth_level == AUTH_NONE) { } else if ((auth_level & AUTH_OTP) == 0) {
reply(331, "Password required for %s.", name); reply(331, "Password required for %s.", name);
askpasswd = 1; askpasswd = 1;
} else { } else {
char *s; char *s;
if (s = otp_error (&otp_ctx)) if (s = otp_error (&otp_ctx))
lreply(530, "OTP: %s", s); lreply(530, "OTP: %s", s);
reply(530, reply(530,
"Only authorized, anonymous and OTP " "Only authorized, anonymous and OTP "
"login allowed."); "login allowed.");
} }
} }
@@ -754,19 +764,19 @@ pass(char *passwd)
if (pw == NULL) if (pw == NULL)
rval = 1; /* failure below */ rval = 1; /* failure below */
else if (otp_verify_user (&otp_ctx, passwd) == 0) { else if (otp_verify_user (&otp_ctx, passwd) == 0) {
rval = 0; rval = 0;
} else if(auth_level == AUTH_NONE) { } else if((auth_level & AUTH_OTP) == 0) {
char realm[REALM_SZ]; char realm[REALM_SZ];
if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS)
rval = krb_verify_user(pw->pw_name, "", realm, rval = krb_verify_user(pw->pw_name, "", realm,
passwd, 1, NULL); passwd, 1, NULL);
if (rval != 0 ) if (rval != 0 )
rval = unix_verify_user(pw->pw_name, passwd); rval = unix_verify_user(pw->pw_name, passwd);
} else { } else {
char *s; char *s;
if (s = otp_error(&otp_ctx)) if (s = otp_error(&otp_ctx))
lreply(530, "OTP: %s", s); lreply(530, "OTP: %s", s);
} }
memset (passwd, 0, strlen(passwd)); memset (passwd, 0, strlen(passwd));