oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Allow default data protection level through a "prot level" in

Browse Source 
.netrc. This really should be done in a more useful manner.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@527 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1996-05-12 22:09:25 +00:00
parent 28558456c4
commit 9557aea7a4
3 changed files with 88 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
appl/ftp/ftp/krb4.c
View File

@@ -11,8 +11,6 @@ static des_key_schedule schedule;
static char *data_buffer; static char *data_buffer;
enum { prot_clear, prot_safe, prot_confidential, prot_private };
extern struct sockaddr_in hisctladdr, myctladdr; extern struct sockaddr_in hisctladdr, myctladdr;
int auth_complete; int auth_complete;
@@ -22,6 +20,8 @@ static int command_prot;
static int auth_pbsz; static int auth_pbsz;
static int data_prot; static int data_prot;
static int request_data_prot;
static struct { static struct {
int level; int level;
@@ -70,6 +70,49 @@ void sec_status(void)
} }
} }
static int
sec_prot_internal(int level)
{
int ret;
char *p;
int s = 1048576;
int old_verbose = verbose;
verbose = 0;
if(!auth_complete){
fprintf(stderr, "No security data exchange has taken place.\n");
return -1;
}
if(level){
ret = command("PBSZ %d", s);
if(ret != COMPLETE){
fprintf(stderr, "Failed to set protection buffer size.\n");
return -1;
}
auth_pbsz = s;
p = strstr(reply_string, "PBSZ=");
if(p)
sscanf(p, "PBSZ=%d", &s);
if(s < auth_pbsz)
auth_pbsz = s;
if(data_buffer)
free(data_buffer);
data_buffer = malloc(auth_pbsz);
}
verbose = old_verbose;
ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
if(ret != COMPLETE){
fprintf(stderr, "Failed to set protection level.\n");
return -1;
}
data_prot = level;
return 0;
}
void sec_prot(int argc, char **argv) void sec_prot(int argc, char **argv)
{ {
int s; int s;
@@ -84,17 +127,12 @@ void sec_prot(int argc, char **argv)
return; return;
} }
if(!auth_complete){ if(!auth_complete){
fprintf(stderr, "ehu?\n"); fprintf(stderr, "No security data exchange has taken place.\n");
code = -1; code = -1;
return; return;
} }
level = name_to_level(argv[1]); level = name_to_level(argv[1]);
if(level == prot_confidential){
printf("Confidential protection is not defined for Kerberos.\n");
code = -1;
return;
}
if(level == -1){ if(level == -1){
fprintf(stderr, fprintf(stderr,
@@ -103,35 +141,38 @@ void sec_prot(int argc, char **argv)
code = -1; code = -1;
return; return;
} }
if(level){
s = 65536;
ret = command("PBSZ %d", s);
if(ret != COMPLETE){
fprintf(stderr, "Ehu?\n");
code = -1;
return;
}
auth_pbsz = s;
p = strstr(reply_string, "PBSZ=");
if(p)
sscanf(p, "PBSZ=%d", &s);
if(s < auth_pbsz)
auth_pbsz = s;
if(data_buffer)
free(data_buffer);
data_buffer = malloc(auth_pbsz);
}
ret = command("PROT %c", level["CSEP"]); /* XXX :-) */ if(level == prot_confidential){
if(ret != COMPLETE){ printf("Confidential protection is not defined with Kerberos.\n");
fprintf(stderr, "Ehu ?\n"); code = -1;
return;
}
if(sec_prot_internal(level) < 0){
code = -1; code = -1;
return; return;
} }
data_prot = level;
code = 0; code = 0;
} }
void
sec_set_protection_level(void)
{
if(auth_complete && data_prot != request_data_prot)
sec_prot_internal(request_data_prot);
}
int
sec_request_prot(char *level)
{
int l = name_to_level(level);
if(l == -1)
return -1;
request_data_prot = l;
return 0;
}
int sec_getc(FILE *F) int sec_getc(FILE *F)
{ {

5
appl/ftp/ftp/krb4.h
View File

@@ -5,8 +5,13 @@ extern int auth_complete;
void sec_status(void); void sec_status(void);
enum { prot_clear, prot_safe, prot_confidential, prot_private };
void sec_prot(int, char**); void sec_prot(int, char**);
void sec_set_protection_level(void);
int sec_request_prot(char *level);
void kauth(int, char **); void kauth(int, char **);
void klist(int, char **); void klist(int, char **);

17
appl/ftp/ftp/ruserpass.c
View File

@@ -43,6 +43,7 @@ static FILE *cfile;
#define PASSWD 3 #define PASSWD 3
#define ACCOUNT 4 #define ACCOUNT 4
#define MACDEF 5 #define MACDEF 5
#define PROT 6
#define ID 10 #define ID 10
#define MACH 11 #define MACH 11
@@ -59,6 +60,7 @@ static struct toktab {
{ "account", ACCOUNT }, { "account", ACCOUNT },
{ "machine", MACH }, { "machine", MACH },
{ "macdef", MACDEF }, { "macdef", MACDEF },
{ "prot", PROT },
{ NULL, 0 } { NULL, 0 }
}; };
@@ -66,7 +68,6 @@ int
ruserpass(char *host, char **aname, char **apass, char **aacct) ruserpass(char *host, char **aname, char **apass, char **aacct)
{ {
char *hdir, buf[BUFSIZ], *tmp; char *hdir, buf[BUFSIZ], *tmp;
char myname[MAXHOSTNAMELEN], *mydomain;
int t, i, c, usedefault = 0; int t, i, c, usedefault = 0;
struct stat stb; struct stat stb;
@@ -80,10 +81,11 @@ ruserpass(char *host, char **aname, char **apass, char **aacct)
warn("%s", buf); warn("%s", buf);
return (0); return (0);
} }
if (gethostname(myname, sizeof(myname)) < 0) if(k_gethostname(myhostname, MaxHostNameLen) < 0)
myname[0] = '\0'; strcpy(myhostname, "");
if ((mydomain = strchr(myname, '.')) == NULL) if((mydomain = strchr(myhostname, '.')) == NULL)
mydomain = ""; mydomain = myhostname;
next: next:
while ((t = token())) switch(t) { while ((t = token())) switch(t) {
@@ -213,6 +215,11 @@ next:
goto bad; goto bad;
} }
break; break;
case PROT:
token();
if(sec_request_prot(tokval) < 0)
warnx("Unknown protection level \"%s\"", tokval);
break;
default: default:
warnx("Unknown .netrc keyword %s", tokval); warnx("Unknown .netrc keyword %s", tokval);
break; break;