add -x (encrypt) option; implement cprotect (from MIT); make sure we
CCC if switching to clear-text command channel git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16162 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -663,7 +663,15 @@ sec_prot_internal(int level)
|
|||||||
enum protection_level
|
enum protection_level
|
||||||
set_command_prot(enum protection_level level)
|
set_command_prot(enum protection_level level)
|
||||||
{
|
{
|
||||||
|
int ret;
|
||||||
enum protection_level old = command_prot;
|
enum protection_level old = command_prot;
|
||||||
|
if(level != command_prot && level == prot_clear) {
|
||||||
|
ret = command("CCC");
|
||||||
|
if(ret != COMPLETE) {
|
||||||
|
printf("Failed to clear command channel.\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
command_prot = level;
|
command_prot = level;
|
||||||
return old;
|
return old;
|
||||||
}
|
}
|
||||||
@@ -673,8 +681,13 @@ sec_prot(int argc, char **argv)
|
|||||||
{
|
{
|
||||||
int level = -1;
|
int level = -1;
|
||||||
|
|
||||||
if(argc < 2 || argc > 3)
|
if(argc > 3)
|
||||||
goto usage;
|
goto usage;
|
||||||
|
|
||||||
|
if(argc == 1) {
|
||||||
|
sec_status();
|
||||||
|
return;
|
||||||
|
}
|
||||||
if(!sec_complete) {
|
if(!sec_complete) {
|
||||||
printf("No security data exchange has taken place.\n");
|
printf("No security data exchange has taken place.\n");
|
||||||
code = -1;
|
code = -1;
|
||||||
@@ -697,9 +710,12 @@ sec_prot(int argc, char **argv)
|
|||||||
code = -1;
|
code = -1;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0)
|
} else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0) {
|
||||||
set_command_prot(level);
|
if(set_command_prot(level) < 0) {
|
||||||
else
|
code = -1;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else
|
||||||
goto usage;
|
goto usage;
|
||||||
code = 0;
|
code = 0;
|
||||||
return;
|
return;
|
||||||
@@ -709,6 +725,46 @@ sec_prot(int argc, char **argv)
|
|||||||
code = -1;
|
code = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
sec_prot_command(int argc, char **argv)
|
||||||
|
{
|
||||||
|
int level;
|
||||||
|
|
||||||
|
if(argc > 2)
|
||||||
|
goto usage;
|
||||||
|
|
||||||
|
if(!sec_complete) {
|
||||||
|
printf("No security data exchange has taken place.\n");
|
||||||
|
code = -1;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(argc == 1) {
|
||||||
|
sec_status();
|
||||||
|
} else {
|
||||||
|
level = name_to_level(argv[1]);
|
||||||
|
if(level == -1)
|
||||||
|
goto usage;
|
||||||
|
|
||||||
|
if((*mech->check_prot)(app_data, level)) {
|
||||||
|
printf("%s does not implement %s protection.\n",
|
||||||
|
mech->name, level_to_name(level));
|
||||||
|
code = -1;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(set_command_prot(level) < 0) {
|
||||||
|
code = -1;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
code = 0;
|
||||||
|
return;
|
||||||
|
usage:
|
||||||
|
printf("usage: %s [clear|safe|confidential|private]\n",
|
||||||
|
argv[0]);
|
||||||
|
code = -1;
|
||||||
|
}
|
||||||
|
|
||||||
static enum protection_level request_data_prot;
|
static enum protection_level request_data_prot;
|
||||||
|
|
||||||
void
|
void
|
||||||
@@ -780,7 +836,12 @@ sec_login(char *host)
|
|||||||
}
|
}
|
||||||
mech = *m;
|
mech = *m;
|
||||||
sec_complete = 1;
|
sec_complete = 1;
|
||||||
command_prot = prot_safe;
|
if(doencrypt) {
|
||||||
|
command_prot = prot_private;
|
||||||
|
request_data_prot = prot_private;
|
||||||
|
} else {
|
||||||
|
command_prot = prot_safe;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user