Fixes.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@395 ec53bebd-3082-4978-b11e-865c3cabbd6b
1996-04-17 04:08:31 +00:00
parent 65e69e54ca
commit d796b39576
19 changed files with 463 additions and 111 deletions
--- a/appl/ftp/ftp/Makefile.in
+++ b/appl/ftp/ftp/Makefile.in
@@ -34,7 +34,7 @@ ftp: $(ftp_OBJS) ../common/libcommon.a
 	$(CC) -o ftp $(ftp_OBJS) ../common/libcommon.a -L$(ATHENA)/lib -lkrb -ldes $(LIBS)

 clean cleandir:
-	rm -f *~ *.o core ftpd ftpcmd.c \#*
+	rm -f *~ *.o core ftp \#*

 distclean: 
 	rm -f Makefile
--- a/appl/ftp/ftp/cmds.c
+++ b/appl/ftp/ftp/cmds.c
@@ -803,6 +803,7 @@ status(int argc, char **argv)
 		}
 		pswitch(0);
 	}
+	sec_status();
 	printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
 		modename, typename, formname, structname);
 	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", 
@@ -1003,7 +1004,7 @@ lcd(int argc, char **argv)
 		code = -1;
 		return;
 	}
-	if (getwd(buf) != NULL)
+	if (getcwd(buf, sizeof(buf)) != NULL)
 		printf("Local directory now %s\n", buf);
 	else
 		warnx("getwd: %s", buf);
--- a/appl/ftp/ftp/ftp.c
+++ b/appl/ftp/ftp/ftp.c
@@ -165,6 +165,12 @@ login(char *host)
 	int n, aflag = 0;

 	user = pass = acct = 0;
+
+	if(do_klogin(host))
+	    printf("\n*** Using plaintext user and password ***\n\n");
+	else
+	    printf("Kerberos login successful.\n\n");
+
 	if (ruserpass(host, &user, &pass, &acct) < 0) {
 		code = -1;
 		return (0);
@@ -189,10 +195,6 @@ login(char *host)
 		else
 			user = tmp;
 	}
-	if(strcmp(user, "ftp") && strcmp(user, "anonymous")){
-	    if(do_klogin(host) < 0)
-		fprintf(stderr, "Resorting to plaintext user and password.\n");
-	}
 	strcpy(username, user);
 	n = command("USER %s", user);
 	if (n == CONTINUE) {
@@ -284,6 +286,7 @@ int
 getreply(int expecteof)
 {
    char *p;
+    char *lead_string;
    int c;
    struct sigaction sa, osa;
    char buf[1024];
@@ -326,16 +329,19 @@ getreply(int expecteof)
 		if(code == 631){
 		    krb4_read_mic(buf);
 		    sscanf(buf, "%d", &code);
-		    fprintf(stdout, "S:");
+		    lead_string = "S:";
 		} else if(code == 632){
 		    krb4_read_enc(buf);
 		    sscanf(buf, "%d", &code);
-		    fprintf(stdout, "P:");
+		    lead_string = "P:";
 		}else if(code == 633){
-		    fprintf(stdout, "Confidentiality is meaningless:\n");
+		    printf("Received confidential reply!\n");
 		}else if(auth_complete)
-		    fprintf(stdout, "!!"); /* clear text */
-		fprintf(stdout, "%s\n", buf);
+		    lead_string = "!!";
+		else
+		    lead_string = "";
+		if(verbose > 0 || (verbose > -1 && code > 499))
+		    fprintf(stdout, "%s%s\n", lead_string, buf);
 		if(buf[3] == ' '){
 		    strcpy(reply_string, buf);
 		    if (code < 200)
@@ -1095,7 +1101,7 @@ initconn(void)
 			goto bad;
 		}

-		bzero((char*)&data_addr, sizeof(data_addr));
+		memset(&data_addr, 0, sizeof(data_addr));
 		data_addr.sin_family = AF_INET;
 		a = (char *)&data_addr.sin_addr.s_addr;
 		a[0] = a0 & 0xff;
--- a/appl/ftp/ftp/kauth.c
+++ b/appl/ftp/ftp/kauth.c
@@ -58,7 +58,7 @@ void kauth(int argc, char **argv)
    sprintf(buf, "Password for %s:", name);
    des_read_password(&key, buf, 0);

-    des_set_key(&key, schedule);
+    des_key_sched(&key, schedule);
    
    des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tkt.dat, tkt.length, 
 		     schedule, &key, DES_DECRYPT);
--- a/appl/ftp/ftp/krb4.c
+++ b/appl/ftp/ftp/krb4.c
@@ -22,6 +22,54 @@ static int command_prot;
 static int auth_pbsz;
 static int data_prot;

+
+static struct {
+    int level;
+    char *name;
+} level_names[] = {
+    { prot_clear, "clear" },
+    { prot_safe, "safe" },
+    { prot_confidential, "confidential" },
+    { prot_private, "private" }
+};
+
+static char *level_to_name(int level)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(level_names[i].level == level)
+	    return level_names[i].name;
+    return "unknown";
+}
+
+static int name_to_level(char *name)
+{
+    int i;
+    for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
+	if(!strncasecmp(level_names[i].name, name, strlen(name)))
+	    return level_names[i].level;
+    return -1;
+}
+
+void sec_status(void)
+{
+    if(auth_complete){
+	printf("Using KERBEROS_V4 for authentication.\n");
+
+	command_prot = prot_private; /* this variable is not used */
+
+	printf("Using %s command channel.\n", 
+	       level_to_name(command_prot));
+
+	printf("Using %s data channel.\n", 
+	       level_to_name(data_prot));
+	if(auth_pbsz > 0)
+	    printf("Protection buffer size: %d.\n", auth_pbsz);
+    }else{
+	printf("Not using any security mechanism.\n");
+    }
+}
+
 void sec_prot(int argc, char **argv)
 {
    int s;
@@ -38,15 +86,14 @@ void sec_prot(int argc, char **argv)
 	code = -1;
 	return;
    }
-    if(!strcmp(argv[1], "clear"))
-	level = prot_clear;
+    level = name_to_level(argv[1]);
    
-    if(!strcmp(argv[1], "safe"))
-	level = prot_safe;
+    if(level == prot_confidential){
+	printf("Confidential protection is not defined for Kerberos.\n");
+	code = -1;
+	return;
+    }

-    if(!strcmp(argv[1], "private"))
-	level = prot_private;
-    
    if(level == -1){
 	fprintf(stderr, "ehu?\n");
 	code = -1;
@@ -232,7 +279,7 @@ int
 sec_fflush(FILE *F)
 {
    if(data_prot){
-	if(index){
+	if(p_index){
 	    sec_write(fileno(F), p_buf, p_index);
 	    p_index = 0;
 	}
@@ -299,6 +346,10 @@ do_klogin(char *host)
    int checksum;
    int tmp;

+    int old_verbose = verbose;
+
+    verbose = 0;
+    printf("Trying KERBEROS_V4...\n");
    ret = command("AUTH KERBEROS_V4");
    if(ret != CONTINUE){
 	if(code == 504){
@@ -308,6 +359,7 @@ do_klogin(char *host)
 	}else if(ret == ERROR)
 	    fprintf(stderr, "The server doesn't understand the FTP "
 		    "security extentions.\n");
+	verbose = old_verbose;
 	return -1;
    }

@@ -317,6 +369,7 @@ do_klogin(char *host)
 	ret = do_auth("rcmd", host, checksum);
    if(ret){
 	fprintf(stderr, "%s\n", krb_get_err_text(ret));
+	verbose = old_verbose;
 	return ret;
    }

@@ -326,18 +379,21 @@ do_klogin(char *host)

    if(ret != COMPLETE){
 	fprintf(stderr, "Server didn't accept auth data.");
+	verbose = old_verbose;
 	return -1;
    }

    p = strstr(reply_string, "ADAT=");
    if(!p){
 	fprintf(stderr, "Remote host didn't send adat reply.");
+	verbose = old_verbose;
 	return -1;
    }
    p+=5;
    len = base64_decode(p, adat);
    if(len < 0){
 	fprintf(stderr, "Failed to decode base64 from server.");
+	verbose = old_verbose;
 	return -1;
    }
    ret = krb_rd_safe(adat, len, &key, 
@@ -345,15 +401,18 @@ do_klogin(char *host)
    if(ret){
 	fprintf(stderr, "Error reading reply from server: %s.", 
 	      krb_get_err_text(ret));
+	verbose = old_verbose;
 	return -1;
    }
    memmove(&tmp, msg_data.app_data, 4);
    tmp = ntohl(tmp);
    if(tmp - checksum != 1){
 	fprintf(stderr, "Bad checksum returned from server.");
+	verbose = old_verbose;
 	return -1;
    }
    auth_complete = 1;
+    verbose = old_verbose;
    return 0;
 }

--- a/appl/ftp/ftp/krb4.h
+++ b/appl/ftp/ftp/krb4.h
@@ -3,6 +3,8 @@

 extern int auth_complete;

+void sec_status(void);
+
 void sec_prot(int, char**);

 void kauth(int, char **);