From 9557aea7a4f3fffa3114ff0757e8f36143a60843 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Sun, 12 May 1996 22:09:25 +0000
Subject: [PATCH] Allow default data protection level through a "prot level" in
 .netrc. This really should be done in a more useful manner.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@527 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/ftp/ftp/krb4.c      | 101 +++++++++++++++++++++++++++------------
 appl/ftp/ftp/krb4.h      |   5 ++
 appl/ftp/ftp/ruserpass.c |  17 +++++--
 3 files changed, 88 insertions(+), 35 deletions(-)

diff --git a/appl/ftp/ftp/krb4.c b/appl/ftp/ftp/krb4.c
index 8553d66de..1e3cbb445 100644
--- a/appl/ftp/ftp/krb4.c
+++ b/appl/ftp/ftp/krb4.c
@@ -11,8 +11,6 @@ static des_key_schedule schedule;
 
 static char *data_buffer;
 
-enum { prot_clear, prot_safe, prot_confidential, prot_private };
-
 extern struct sockaddr_in hisctladdr, myctladdr;
 
 int auth_complete;
@@ -22,6 +20,8 @@ static int command_prot;
 static int auth_pbsz;
 static int data_prot;
 
+static int request_data_prot;
+
 
 static struct {
     int level;
@@ -70,6 +70,49 @@ void sec_status(void)
     }
 }
 
+static int
+sec_prot_internal(int level)
+{
+    int ret;
+    char *p;
+    int s = 1048576;
+
+    int old_verbose = verbose;
+    verbose = 0;
+
+    if(!auth_complete){
+	fprintf(stderr, "No security data exchange has taken place.\n");
+	return -1;
+    }
+
+    if(level){
+	ret = command("PBSZ %d", s);
+	if(ret != COMPLETE){
+	    fprintf(stderr, "Failed to set protection buffer size.\n");
+	    return -1;
+	}
+	auth_pbsz = s;
+	p = strstr(reply_string, "PBSZ=");
+	if(p)
+	    sscanf(p, "PBSZ=%d", &s);
+	if(s < auth_pbsz)
+	    auth_pbsz = s;
+	if(data_buffer)
+	    free(data_buffer);
+	data_buffer = malloc(auth_pbsz);
+    }
+    verbose = old_verbose;
+    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
+    if(ret != COMPLETE){
+	fprintf(stderr, "Failed to set protection level.\n");
+	return -1;
+    }
+    
+    data_prot = level;
+    return 0;
+}
+
+
 void sec_prot(int argc, char **argv)
 {
     int s;
@@ -84,17 +127,12 @@ void sec_prot(int argc, char **argv)
 	return;
     }
     if(!auth_complete){
-	fprintf(stderr, "ehu?\n");
+	fprintf(stderr, "No security data exchange has taken place.\n");
 	code = -1;
 	return;
     }
     level = name_to_level(argv[1]);
     
-    if(level == prot_confidential){
-	printf("Confidential protection is not defined for Kerberos.\n");
-	code = -1;
-	return;
-    }
 
     if(level == -1){
 	fprintf(stderr,
@@ -103,35 +141,38 @@ void sec_prot(int argc, char **argv)
 	code = -1;
 	return;
     }
-    if(level){
-	s = 65536;
-	ret = command("PBSZ %d", s);
-	if(ret != COMPLETE){
-	    fprintf(stderr, "Ehu?\n");
-	    code = -1;
-	    return;
-	}
-	auth_pbsz = s;
-	p = strstr(reply_string, "PBSZ=");
-	if(p)
-	    sscanf(p, "PBSZ=%d", &s);
-	if(s < auth_pbsz)
-	    auth_pbsz = s;
-	if(data_buffer)
-	    free(data_buffer);
-	data_buffer = malloc(auth_pbsz);
-    }
     
-    ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
-    if(ret != COMPLETE){
-	fprintf(stderr, "Ehu ?\n");
+    if(level == prot_confidential){
+	printf("Confidential protection is not defined with Kerberos.\n");
+	code = -1;
+	return;
+    }
+
+    if(sec_prot_internal(level) < 0){
 	code = -1;
 	return;
     }
-    data_prot = level;
     code = 0;
 }
 
+void
+sec_set_protection_level(void)
+{
+    if(auth_complete && data_prot != request_data_prot)
+	sec_prot_internal(request_data_prot);
+}
+
+
+int
+sec_request_prot(char *level)
+{
+    int l = name_to_level(level);
+    if(l == -1)
+	return -1;
+    request_data_prot = l;
+    return 0;
+}
+
 
 int sec_getc(FILE *F)
 {
diff --git a/appl/ftp/ftp/krb4.h b/appl/ftp/ftp/krb4.h
index e532a57c4..5633dba58 100644
--- a/appl/ftp/ftp/krb4.h
+++ b/appl/ftp/ftp/krb4.h
@@ -5,8 +5,13 @@ extern int auth_complete;
 
 void sec_status(void);
 
+enum { prot_clear, prot_safe, prot_confidential, prot_private };
+
 void sec_prot(int, char**);
 
+void sec_set_protection_level(void);
+int sec_request_prot(char *level);
+
 void kauth(int, char **);
 void klist(int, char **);
 
diff --git a/appl/ftp/ftp/ruserpass.c b/appl/ftp/ftp/ruserpass.c
index 38ad3d495..06dcb5d03 100644
--- a/appl/ftp/ftp/ruserpass.c
+++ b/appl/ftp/ftp/ruserpass.c
@@ -43,6 +43,7 @@ static	FILE *cfile;
 #define	PASSWD	3
 #define	ACCOUNT 4
 #define MACDEF  5
+#define PROT	6
 #define	ID	10
 #define	MACH	11
 
@@ -59,6 +60,7 @@ static struct toktab {
 	{ "account",	ACCOUNT },
 	{ "machine",	MACH },
 	{ "macdef",	MACDEF },
+	{ "prot", 	PROT }, 
 	{ NULL,		0 }
 };
 
@@ -66,7 +68,6 @@ int
 ruserpass(char *host, char **aname, char **apass, char **aacct)
 {
 	char *hdir, buf[BUFSIZ], *tmp;
-	char myname[MAXHOSTNAMELEN], *mydomain;
 	int t, i, c, usedefault = 0;
 	struct stat stb;
 
@@ -80,10 +81,11 @@ ruserpass(char *host, char **aname, char **apass, char **aacct)
 			warn("%s", buf);
 		return (0);
 	}
-	if (gethostname(myname, sizeof(myname)) < 0)
-		myname[0] = '\0';
-	if ((mydomain = strchr(myname, '.')) == NULL)
-		mydomain = "";
+	if(k_gethostname(myhostname, MaxHostNameLen) < 0)
+	    strcpy(myhostname, "");
+	if((mydomain = strchr(myhostname, '.')) == NULL)
+	    mydomain = myhostname;
+
 next:
 	while ((t = token())) switch(t) {
 
@@ -213,6 +215,11 @@ next:
 				goto bad;
 			}
 			break;
+		case PROT:
+		    token();
+		    if(sec_request_prot(tokval) < 0)
+			warnx("Unknown protection level \"%s\"", tokval);
+		    break;
 		default:
 			warnx("Unknown .netrc keyword %s", tokval);
 			break;