2 * Copyright (c) 1985, 1989 Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 static char sccsid[] = "@(#)ftp.c 5.38 (Berkeley) 4/22/91";
38 #include <sys/param.h>
40 #include <sys/ioctl.h>
41 #include <sys/socket.h>
45 #include <netinet/in.h>
46 #include <netinet/in_systm.h>
47 #include <netinet/ip.h>
49 #include <arpa/telnet.h>
59 #if defined(__STDC__) && ! defined(VARARGS)
85 Key_schedule schedule;
89 #include <gssapi/gssapi.h>
90 #include <gssapi/gssapi_generic.h>
91 gss_ctx_id_t gcontext;
95 static int kerror; /* XXX needed for all auth types */
97 char *auth_type; /* Authentication succeeded? If so, what type? */
99 unsigned int maxbuf, actualbuf;
100 unsigned char *ucbuf;
105 #define sig_t my_sig_t
106 #define sigtype krb5_sigtype
107 typedef sigtype (*sig_t)();
109 struct sockaddr_in hisctladdr;
110 struct sockaddr_in hisdataaddr;
111 struct sockaddr_in data_addr;
115 struct sockaddr_in myctladdr;
118 off_t restart_point = 0;
120 #define strerror(error) (sys_errlist[error])
121 extern char *sys_errlist[];
122 extern int connected, errno;
124 #define herror() printf("unknown host\n")
134 register struct hostent *hp = 0;
136 static char hostnamebuf[80];
138 memset((char *)&hisctladdr, 0, sizeof (hisctladdr));
139 hisctladdr.sin_addr.s_addr = inet_addr(host);
140 if (hisctladdr.sin_addr.s_addr != -1) {
141 hisctladdr.sin_family = AF_INET;
142 (void) strncpy(hostnamebuf, host, sizeof(hostnamebuf));
144 hp = gethostbyname(host);
146 fprintf(stderr, "ftp: %s: ", host);
151 hisctladdr.sin_family = hp->h_addrtype;
152 memcpy((caddr_t)&hisctladdr.sin_addr, hp->h_addr_list[0],
154 (void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf));
156 hostname = hostnamebuf;
157 s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
159 perror("ftp: socket");
163 hisctladdr.sin_port = port;
164 while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) < 0) {
165 if (hp && hp->h_addr_list[1]) {
167 extern char *inet_ntoa();
169 fprintf(stderr, "ftp: connect to address %s: ",
170 inet_ntoa(hisctladdr.sin_addr));
174 memcpy((caddr_t)&hisctladdr.sin_addr,
175 hp->h_addr_list[0], hp->h_length);
176 fprintf(stdout, "Trying %s...\n",
177 inet_ntoa(hisctladdr.sin_addr));
179 s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
181 perror("ftp: socket");
187 perror("ftp: connect");
191 len = sizeof (myctladdr);
192 if (getsockname(s, (struct sockaddr *)&myctladdr, &len) < 0) {
193 perror("ftp: getsockname");
198 #ifdef IPTOS_LOWDELAY
199 tos = IPTOS_LOWDELAY;
200 if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
201 perror("ftp: setsockopt TOS (ignored)");
204 cin = fdopen(s, "r");
205 cout = fdopen(s, "w");
206 if (cin == NULL || cout == NULL) {
207 fprintf(stderr, "ftp: fdopen failed.\n");
216 printf("Connected to %s.\n", hostname);
217 if (getreply(0) > 2) { /* read startup message from server */
229 if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on))
231 perror("ftp: setsockopt");
234 #endif /* SO_OOBINLINE */
246 char *user, *pass, *acct, *getenv(), *getlogin(), *mygetpass();
250 user = pass = acct = 0;
251 if (ruserpass(host, &user, &pass, &acct) < 0) {
255 while (user == NULL) {
258 myname = getenv("LOGNAME");
260 myname = getenv("USER");
263 if (myname == NULL) {
264 struct passwd *pp = getpwuid(getuid());
267 myname = pp->pw_name;
270 printf("Name (%s:%s): ", host, myname);
272 printf("Name (%s): ", host);
273 (void) fgets(tmp, sizeof(tmp) - 1, stdin);
274 tmp[strlen(tmp) - 1] = '\0';
280 n = command("USER %s", user);
282 n = command("PASS dummy");
283 else if (n == CONTINUE) {
288 pass = mygetpass("Password:");
290 if ((oldlevel = level) == PROT_S) level = PROT_P;
292 n = command("PASS %s", pass);
294 /* level may have changed */
295 if (level == PROT_P) level = oldlevel;
300 acct = mygetpass("Account:");
301 n = command("ACCT %s", acct);
304 fprintf(stderr, "Login failed.\n");
307 if (!aflag && acct != NULL)
308 (void) command("ACCT %s", acct);
311 for (n = 0; n < macnum; ++n) {
312 if (!strcmp("init", macros[n].mac_name)) {
313 (void) strcpy(line, "$init");
315 domacro(margc, margv);
326 extern jmp_buf ptabort;
329 (void) fflush(stdout);
338 char in[FTP_BUFSIZ], out[FTP_BUFSIZ];
343 * File protection level also determines whether
344 * commands are MIC or ENC. Should be independent ...
347 if (strcmp(auth_type, "KERBEROS_V4") == 0)
348 if ((length = level == PROT_P ?
349 krb_mk_priv((unsigned char *)cmd, (unsigned char *)out,
350 strlen(cmd), schedule,
351 &cred.session, &myctladdr, &hisctladdr)
352 : krb_mk_safe((unsigned char *)cmd, (unsigned char *)out,
353 strlen(cmd), &cred.session,
354 &myctladdr, &hisctladdr)) == -1) {
355 fprintf(stderr, "krb_mk_%s failed for KERBEROS_V4\n",
356 level == PROT_P ? "priv" : "safe");
359 #endif /* KERBEROS */
361 /* secure_command (based on level) */
362 if (strcmp(auth_type, "GSSAPI") == 0) {
363 gss_buffer_desc in_buf, out_buf;
364 OM_uint32 maj_stat, min_stat;
366 /* level = PROT_P; */
368 in_buf.length = strlen(cmd) + 1;
369 maj_stat = gss_seal(&min_stat, gcontext,
370 (level==PROT_P), /* confidential */
372 &in_buf, &conf_state,
374 if (maj_stat != GSS_S_COMPLETE) {
375 /* generally need to deal */
376 user_gss_error(maj_stat, min_stat,
378 "gss_seal ENC didn't complete":
379 "gss_seal MIC didn't complete");
380 } else if ((level == PROT_P) && !conf_state) {
382 "GSSAPI didn't encrypt message");
385 fprintf(stderr, "sealed (%s) %d bytes\n",
386 level==PROT_P?"ENC":"MIC",
388 memcpy(out, out_buf.value,
389 length=out_buf.length);
390 gss_release_buffer(&min_stat, &out_buf);
394 /* Other auth types go here ... */
395 if (kerror = radix_encode(out, in, &length, 0)) {
396 fprintf(stderr,"Couldn't base 64 encode command (%s)\n",
397 radix_error(kerror));
400 fprintf(cout, "%s %s", level == PROT_P ? "ENC" : "MIC", in);
402 fprintf(stderr, "secure_command(%s)\nencoding %d bytes %s %s\n",
403 cmd, length, level==PROT_P ? "ENC" : "MIC", in);
404 } else fputs(cmd, cout);
405 fprintf(cout, "\r\n");
411 command(char *fmt, ...)
429 if (proxflag) printf("%s ", hostname);
435 fmt = va_arg(ap, char *);
437 if (strncmp("PASS ", fmt, 5) == 0)
440 vfprintf(stdout, fmt, ap);
443 (void) fflush(stdout);
446 perror ("No control connection for command");
450 oldintr = signal(SIGINT, cmdabort);
455 fmt = va_arg(ap, char *);
457 vsprintf(in, fmt, ap);
459 again: if (secure_command(in) == 0)
462 r = getreply(!strcmp(fmt, "QUIT"));
464 if (r == 533 && level == PROT_P) {
466 "ENC command not supported at server; retrying under MIC...\n");
471 if (abrtflag && oldintr != SIG_IGN)
473 (void) signal(SIGINT, oldintr);
477 char reply_string[FTP_BUFSIZ]; /* last line of previous reply */
479 /* for parsing replies to the ADAT command */
480 char *reply_parse, reply_buf[FTP_BUFSIZ], *reply_ptr;
487 register int i, c, n;
490 int originalcode = 0, continuation = 0;
495 char ibuf[FTP_BUFSIZ], obuf[FTP_BUFSIZ];
497 extern char *strpbrk(), *strstr();
500 if (reply_parse) reply_ptr = reply_buf;
501 oldintr = signal(SIGINT, cmdabort);
504 dig = n = code = i = 0;
506 while ((c = ibuf[0] ? ibuf[i++] : getc(cin)) != '\n') {
507 if (c == IAC) { /* handle telnet commands */
508 switch (c = getc(cin)) {
512 fprintf(cout, "%c%c%c", IAC, DONT, c);
518 fprintf(cout, "%c%c%c", IAC, WONT, c);
529 (void) signal(SIGINT,oldintr);
535 printf("421 Service not available, remote server has closed connection\n");
536 (void) fflush(stdout);
543 if (auth_type && !ibuf[0] &&
544 (n == '6' || continuation)) {
545 if (c != '\r' && dig > 4)
548 if (auth_type && !ibuf[0] && dig == 1 && verbose)
549 printf("Unauthenticated reply received from server:\n");
550 if (reply_parse) *reply_ptr++ = c;
551 if (c != '\r' && (verbose > 0 ||
552 (verbose > -1 && n == '5' && dig > 4))) {
554 (dig == 1 || dig == 5 && verbose == 0))
555 printf("%s:",hostname);
559 if (auth_type && !ibuf[0] && n != '6') continue;
560 if (dig < 4 && isdigit(c))
561 code = code * 10 + (c - '0');
562 if (!pflag && code == 227)
564 if (dig > 4 && pflag == 1 && isdigit(c))
567 if (c != '\r' && c != ')')
574 if (dig == 4 && c == '-' && n != '6') {
579 if (cp < &reply_string[sizeof(reply_string) - 1])
582 if (auth_type && !ibuf[0] && n != '6')
583 return(getreply(expecteof));
584 ibuf[0] = obuf[i] = '\0';
585 if (code && n == '6')
586 if (code != 631 && code != 632 && code != 633)
587 printf("Unknown reply: %d %s\n", code, obuf);
588 else safe = code == 631;
589 if (obuf[0]) /* if there is a string to decode */
591 printf("Cannot decode reply:\n%d %s\n", code, obuf);
593 else if (code == 632)
594 printf("Cannot decrypt %d reply: %s\n", code, obuf);
596 #ifdef NOCONFIDENTIAL
597 else if (code == 633)
598 printf("Cannot decrypt %d reply: %s\n", code, obuf);
602 if (kerror = radix_encode(obuf, ibuf, &len, 1))
603 printf("Can't base 64 decode reply %d (%s)\n\"%s\"\n",
604 code, radix_error(kerror), obuf);
606 else if (strcmp(auth_type, "KERBEROS_V4") == 0)
608 krb_rd_safe((unsigned char *)ibuf, len,
610 &hisctladdr, &myctladdr, &msg_data)
611 : krb_rd_priv((unsigned char *)ibuf, len,
612 schedule, &cred.session,
613 &hisctladdr, &myctladdr, &msg_data))
615 printf("%d reply %s! (krb_rd_%s: %s)\n", code,
616 safe ? "modified" : "garbled",
617 safe ? "safe" : "priv",
618 krb_get_err_text(kerror));
620 if (verbose) printf("%c:", safe ? 'S' : 'P');
621 memcpy(ibuf, msg_data.app_data,
622 msg_data.app_length);
623 strcpy(&ibuf[msg_data.app_length], "\r\n");
628 else if (strcmp(auth_type, "GSSAPI") == 0) {
629 gss_buffer_desc xmit_buf, msg_buf;
630 OM_uint32 maj_stat, min_stat;
632 xmit_buf.value = ibuf;
633 xmit_buf.length = len;
634 /* decrypt/verify the message */
636 maj_stat = gss_unseal(&min_stat, gcontext,
639 if (maj_stat != GSS_S_COMPLETE) {
640 user_gss_error(maj_stat, min_stat,
641 "failed unsealing reply");
643 memcpy(ibuf, msg_buf.value,
645 strcpy(&ibuf[msg_buf.length], "\r\n");
646 gss_release_buffer(&min_stat,&msg_buf);
651 /* Other auth types go here... */
654 if (verbose > 0 || verbose > -1 && n == '5') {
656 (void) fflush (stdout);
658 if (continuation && code != originalcode) {
659 if (originalcode == 0)
666 (void) signal(SIGINT,oldintr);
667 if (code == 421 || originalcode == 421)
669 if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN)
673 if (reply_ptr = strstr(reply_buf, reply_parse)) {
674 reply_parse = reply_ptr + strlen(reply_parse);
675 if (reply_ptr = strpbrk(reply_parse, " \r"))
677 } else reply_parse = reply_ptr;
689 t.tv_sec = (long) sec;
691 return(select(32, mask, (struct fd_set *) 0, (struct fd_set *) 0, &t));
703 printf("\nsend aborted\nwaiting for remote to finish abort\n");
704 (void) fflush(stdout);
705 longjmp(sendabort, 1);
709 secure_error(char *fmt, ...)
712 secure_error(fmt, p1, p2, p3, p4, p5)
720 vfprintf(stderr, fmt, ap);
723 fprintf(stderr, fmt, p1, p2, p3, p4, p5);
728 #define HASHBYTES 1024
730 sendrequest(cmd, local, remote, printnames)
731 char *cmd, *local, *remote;
735 struct timeval start, stop;
737 FILE *fin, *dout = 0, *popen();
738 int (*closefunc)(), pclose(), fclose();
739 sig_t oldintr, oldintp;
740 long bytes = 0, hashbytes = HASHBYTES;
741 char *lmode, buf[FTP_BUFSIZ], *bufp;
744 if (verbose && printnames) {
745 if (local && *local != '-')
746 printf("local: %s ", local);
748 printf("remote: %s\n", remote);
751 proxtrans(cmd, local, remote);
760 if (setjmp(sendabort)) {
769 (void) signal(SIGINT,oldintr);
771 (void) signal(SIGPIPE,oldintp);
775 oldintr = signal(SIGINT, abortsend);
776 if (strcmp(local, "-") == 0)
778 else if (*local == '|') {
779 oldintp = signal(SIGPIPE,SIG_IGN);
780 fin = popen(local + 1, "r");
783 (void) signal(SIGINT, oldintr);
784 (void) signal(SIGPIPE, oldintp);
790 fin = fopen(local, "r");
792 fprintf(stderr, "local: %s: %s\n", local,
794 (void) signal(SIGINT, oldintr);
799 if (fstat(fileno(fin), &st) < 0 ||
800 (st.st_mode&S_IFMT) != S_IFREG) {
801 fprintf(stdout, "%s: not a plain file.\n", local);
802 (void) signal(SIGINT, oldintr);
809 (void) signal(SIGINT, oldintr);
811 (void) signal(SIGPIPE, oldintp);
813 if (closefunc != NULL)
817 if (setjmp(sendabort))
821 (strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) {
822 if (fseek(fin, (long) restart_point, 0) < 0) {
823 fprintf(stderr, "local: %s: %s\n", local,
826 if (closefunc != NULL)
830 if (command("REST %ld", (long) restart_point)
833 if (closefunc != NULL)
841 if (command("%s %s", cmd, remote) != PRELIM) {
842 (void) signal(SIGINT, oldintr);
844 (void) signal(SIGPIPE, oldintp);
845 if (closefunc != NULL)
850 if (command("%s", cmd) != PRELIM) {
851 (void) signal(SIGINT, oldintr);
853 (void) signal(SIGPIPE, oldintp);
854 if (closefunc != NULL)
858 dout = dataconn(lmode);
861 (void) gettimeofday(&start, (struct timezone *)0);
862 oldintp = signal(SIGPIPE, SIG_IGN);
868 while ((c = read(fileno(fin), buf, sizeof (buf))) > 0) {
870 for (bufp = buf; c > 0; c -= d, bufp += d)
871 if ((d = secure_write(fileno(dout), bufp, c)) <= 0)
874 while (bytes >= hashbytes) {
876 hashbytes += HASHBYTES;
878 (void) fflush(stdout);
881 if (hash && bytes > 0) {
882 if (bytes < HASHBYTES)
884 (void) putchar('\n');
885 (void) fflush(stdout);
888 fprintf(stderr, "local: %s: %s\n", local,
890 if (d < 0 || (d = secure_flush(fileno(dout))) < 0) {
891 if (d == -1 && errno != EPIPE)
898 while ((c = getc(fin)) != EOF) {
900 while (hash && (bytes >= hashbytes)) {
902 (void) fflush(stdout);
903 hashbytes += HASHBYTES;
906 secure_putc('\r', dout) < 0)
910 if (secure_putc(c, dout) < 0)
913 /* if (c == '\r') { */
914 /* (void) putc('\0', dout); /* this violates rfc */
919 if (bytes < hashbytes)
921 (void) putchar('\n');
922 (void) fflush(stdout);
925 fprintf(stderr, "local: %s: %s\n", local,
928 if (ferror(dout) || (d = secure_flush(fileno(dout))) < 0) {
929 if ((ferror(dout) || d == -1) && errno != EPIPE)
935 (void) gettimeofday(&stop, (struct timezone *)0);
936 if (closefunc != NULL)
940 (void) signal(SIGINT, oldintr);
942 (void) signal(SIGPIPE, oldintp);
944 ptransfer("sent", bytes, &start, &stop);
947 (void) gettimeofday(&stop, (struct timezone *)0);
948 (void) signal(SIGINT, oldintr);
950 (void) signal(SIGPIPE, oldintp);
963 if (closefunc != NULL && fin != NULL)
966 ptransfer("sent", bytes, &start, &stop);
978 printf("\nreceive aborted\nwaiting for remote to finish abort\n");
979 (void) fflush(stdout);
980 longjmp(recvabort, 1);
983 recvrequest(cmd, local, remote, lmode, printnames)
984 char *cmd, *local, *remote, *lmode;
986 FILE *fout, *din = 0, *popen();
987 int (*closefunc)(), pclose(), fclose();
988 sig_t oldintr, oldintp;
989 int is_retr, tcrflag, bare_lfs = 0;
994 long bytes = 0, hashbytes = HASHBYTES;
996 struct timeval start, stop;
1001 is_retr = strcmp(cmd, "RETR") == 0;
1002 if (is_retr && verbose && printnames) {
1003 if (local && *local != '-')
1004 printf("local: %s ", local);
1006 printf("remote: %s\n", remote);
1008 if (proxy && is_retr) {
1009 proxtrans(cmd, local, remote);
1015 tcrflag = !crflag && is_retr;
1016 if (setjmp(recvabort)) {
1025 (void) signal(SIGINT, oldintr);
1029 oldintr = signal(SIGINT, abortrecv);
1030 if (strcmp(local, "-") && *local != '|') {
1031 if (access(local, 2) < 0) {
1032 char *dir = strrchr(local, '/');
1034 if (errno != ENOENT && errno != EACCES) {
1035 fprintf(stderr, "local: %s: %s\n", local,
1037 (void) signal(SIGINT, oldintr);
1043 d = access(dir ? local : ".", 2);
1047 fprintf(stderr, "local: %s: %s\n", local,
1049 (void) signal(SIGINT, oldintr);
1053 if (!runique && errno == EACCES &&
1054 chmod(local, 0600) < 0) {
1055 fprintf(stderr, "local: %s: %s\n", local,
1057 (void) signal(SIGINT, oldintr);
1058 (void) signal(SIGINT, oldintr);
1062 if (runique && errno == EACCES &&
1063 (local = gunique(local)) == NULL) {
1064 (void) signal(SIGINT, oldintr);
1069 else if (runique && (local = gunique(local)) == NULL) {
1070 (void) signal(SIGINT, oldintr);
1076 if (curtype != TYPE_A)
1077 changetype(TYPE_A, 0);
1078 } else if (curtype != type)
1079 changetype(type, 0);
1081 (void) signal(SIGINT, oldintr);
1085 if (setjmp(recvabort))
1087 if (is_retr && restart_point &&
1088 command("REST %ld", (long) restart_point) != CONTINUE)
1091 if (command("%s %s", cmd, remote) != PRELIM) {
1092 (void) signal(SIGINT, oldintr);
1096 if (command("%s", cmd) != PRELIM) {
1097 (void) signal(SIGINT, oldintr);
1101 din = dataconn("r");
1104 if (strcmp(local, "-") == 0)
1106 else if (*local == '|') {
1107 oldintp = signal(SIGPIPE, SIG_IGN);
1108 fout = popen(local + 1, "w");
1115 fout = fopen(local, lmode);
1117 fprintf(stderr, "local: %s: %s\n", local,
1123 blksize = FTP_BUFSIZ;
1125 if (fstat(fileno(fout), &st) == 0 && st.st_blksize != 0)
1126 blksize = st.st_blksize;
1128 if (blksize > bufsize) {
1131 buf = (char *)malloc((unsigned)blksize);
1139 (void) gettimeofday(&start, (struct timezone *)0);
1144 if (restart_point &&
1145 lseek(fileno(fout), (long) restart_point, L_SET) < 0) {
1146 fprintf(stderr, "local: %s: %s\n", local,
1148 if (closefunc != NULL)
1153 while ((c = secure_read(fileno(din), buf, bufsize)) > 0) {
1154 if ((d = write(fileno(fout), buf, c)) != c)
1158 while (bytes >= hashbytes) {
1159 (void) putchar('#');
1160 hashbytes += HASHBYTES;
1162 (void) fflush(stdout);
1165 if (hash && bytes > 0) {
1166 if (bytes < HASHBYTES)
1167 (void) putchar('#');
1168 (void) putchar('\n');
1169 (void) fflush(stdout);
1172 if (c == -1 && errno != EPIPE)
1178 fprintf(stderr, "local: %s: %s\n", local,
1181 fprintf(stderr, "%s: short write\n", local);
1186 if (restart_point) {
1187 register int i, n, ch;
1189 if (fseek(fout, 0L, L_SET) < 0)
1192 for (i = 0; i++ < n;) {
1193 if ((ch = getc(fout)) == EOF)
1198 if (fseek(fout, 0L, L_INCR) < 0) {
1200 fprintf(stderr, "local: %s: %s\n", local,
1202 if (closefunc != NULL)
1207 while ((c = secure_getc(din)) >= 0) {
1211 while (hash && (bytes >= hashbytes)) {
1212 (void) putchar('#');
1213 (void) fflush(stdout);
1214 hashbytes += HASHBYTES;
1217 if ((c = secure_getc(din)) != '\n' || tcrflag) {
1220 (void) putc('\r', fout);
1228 (void) putc(c, fout);
1234 printf("WARNING! %d bare linefeeds received in ASCII mode\n", bare_lfs);
1235 printf("File may not have transferred correctly.\n");
1238 if (bytes < hashbytes)
1239 (void) putchar('#');
1240 (void) putchar('\n');
1241 (void) fflush(stdout);
1248 if (ferror(fout) || c == -2) {
1250 fprintf(stderr, "local: %s: %s\n", local,
1256 if (closefunc != NULL)
1258 (void) signal(SIGINT, oldintr);
1260 (void) signal(SIGPIPE, oldintp);
1261 (void) gettimeofday(&stop, (struct timezone *)0);
1264 if (bytes > 0 && is_retr)
1265 ptransfer("received", bytes, &start, &stop);
1269 /* abort using RFC959 recommended IP,SYNC sequence */
1271 (void) gettimeofday(&stop, (struct timezone *)0);
1273 (void) signal(SIGPIPE, oldintr);
1274 (void) signal(SIGINT, SIG_IGN);
1277 (void) signal(SIGINT, oldintr);
1287 if (closefunc != NULL && fout != NULL)
1292 ptransfer("received", bytes, &start, &stop);
1293 (void) signal(SIGINT, oldintr);
1297 * Need to start a listen on the data channel before we send the command,
1298 * otherwise the server's connect may fail.
1302 register char *p, *a;
1303 int result, len, tmpno = 0;
1305 #ifndef NO_PASSIVE_MODE
1306 int a1,a2,a3,a4,p1,p2;
1309 data = socket(AF_INET, SOCK_STREAM, 0);
1311 perror("ftp: socket");
1314 if (options & SO_DEBUG &&
1315 setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0)
1316 perror("ftp: setsockopt (ignored)");
1317 if (command("PASV") != COMPLETE) {
1318 printf("Passive mode refused. Turning off passive mode.\n");
1324 * What we've got at this point is a string of comma separated
1325 * one-byte unsigned integer values, separated by commas.
1326 * The first four are the an IP address. The fifth is the MSB
1327 * of the port number, the sixth is the LSB. From that we'll
1328 * prepare a sockaddr_in.
1331 if (sscanf(pasv,"%d,%d,%d,%d,%d,%d",&a1,&a2,&a3,&a4,&p1,&p2) != 6) {
1332 printf("Passive mode address scan failure. Shouldn't happen!\n");
1336 data_addr.sin_family = AF_INET;
1337 data_addr.sin_addr.s_addr = htonl((a1<<24)|(a2<<16)|(a3<<8)|a4);
1338 data_addr.sin_port = htons((p1<<8)|p2);
1340 if (connect(data, (struct sockaddr *) &data_addr, sizeof(data_addr))<0) {
1341 perror("ftp: connect");
1345 #ifdef IPTOS_THROUGHPUT
1346 on = IPTOS_THROUGHPUT;
1347 if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
1348 perror("ftp: setsockopt TOS (ignored)");
1351 hisdataaddr = data_addr;
1357 data_addr = myctladdr;
1359 data_addr.sin_port = 0; /* let system pick one */
1362 data = socket(AF_INET, SOCK_STREAM, 0);
1364 perror("ftp: socket");
1370 if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) < 0) {
1371 perror("ftp: setsockopt (reuse address)");
1374 if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) < 0) {
1375 perror("ftp: bind");
1378 if (options & SO_DEBUG &&
1379 setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0)
1380 perror("ftp: setsockopt (ignored)");
1381 len = sizeof (data_addr);
1382 if (getsockname(data, (struct sockaddr *)&data_addr, &len) < 0) {
1383 perror("ftp: getsockname");
1386 if (listen(data, 1) < 0)
1387 perror("ftp: listen");
1389 a = (char *)&data_addr.sin_addr;
1390 p = (char *)&data_addr.sin_port;
1391 #define UC(b) (((int)b)&0xff)
1393 command("PORT %d,%d,%d,%d,%d,%d",
1394 UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
1395 UC(p[0]), UC(p[1]));
1396 if (result == ERROR && sendport == -1) {
1401 return (result != COMPLETE);
1406 #ifdef IPTOS_THROUGHPUT
1407 on = IPTOS_THROUGHPUT;
1408 if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
1409 perror("ftp: setsockopt TOS (ignored)");
1414 (void) close(data), data = -1;
1424 int s, fromlen = sizeof (hisdataaddr), tos;
1426 #ifndef NO_PASSIVE_MODE
1428 return (fdopen(data, lmode));
1430 s = accept(data, (struct sockaddr *) &hisdataaddr, &fromlen);
1432 perror("ftp: accept");
1433 (void) close(data), data = -1;
1439 #ifdef IPTOS_THROUGHPUT
1440 tos = IPTOS_THROUGHPUT;
1441 if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
1442 perror("ftp: setsockopt TOS (ignored)");
1445 return (fdopen(data, lmode));
1448 ptransfer(direction, bytes, t0, t1)
1451 struct timeval *t0, *t1;
1458 s = td.tv_sec + (td.tv_usec / 1000000.);
1459 #define nz(x) ((x) == 0 ? 1 : (x))
1460 kbs = (bytes / nz(s))/1024.0;
1461 printf("%ld bytes %s in %.2g seconds (%.2g Kbytes/s)\n",
1462 bytes, direction, s, kbs);
1467 struct timeval *tsum, *t0;
1470 tsum->tv_sec += t0->tv_sec;
1471 tsum->tv_usec += t0->tv_usec;
1472 if (tsum->tv_usec > 1000000)
1473 tsum->tv_sec++, tsum->tv_usec -= 1000000;
1476 tvsub(tdiff, t1, t0)
1477 struct timeval *tdiff, *t1, *t0;
1480 tdiff->tv_sec = t1->tv_sec - t0->tv_sec;
1481 tdiff->tv_usec = t1->tv_usec - t0->tv_usec;
1482 if (tdiff->tv_usec < 0)
1483 tdiff->tv_sec--, tdiff->tv_usec += 1000000;
1490 extern int abrtflag;
1498 extern int proxy, abrtflag;
1500 static struct comvars {
1502 char name[MAXHOSTNAMELEN];
1503 struct sockaddr_in mctl;
1504 struct sockaddr_in hctl;
1517 char mi[MAXPATHLEN];
1518 char mo[MAXPATHLEN];
1523 Key_schedule schedule;
1524 #endif /* KERBEROS */
1525 } proxstruct, tmpstruct;
1526 struct comvars *ip, *op;
1529 oldintr = signal(SIGINT, psabort);
1543 ip->connect = connected;
1544 connected = op->connect;
1546 (void) strncpy(ip->name, hostname, sizeof(ip->name) - 1);
1547 ip->name[strlen(ip->name)] = '\0';
1550 hostname = op->name;
1551 ip->hctl = hisctladdr;
1552 hisctladdr = op->hctl;
1553 ip->mctl = myctladdr;
1554 myctladdr = op->mctl;
1561 ip->curtpe = curtype;
1562 curtype = op->curtpe;
1565 ip->sunqe = sunique;
1566 sunique = op->sunqe;
1567 ip->runqe = runique;
1568 runique = op->runqe;
1573 (void) strncpy(ip->nti, ntin, 16);
1574 (ip->nti)[strlen(ip->nti)] = '\0';
1575 (void) strcpy(ntin, op->nti);
1576 (void) strncpy(ip->nto, ntout, 16);
1577 (ip->nto)[strlen(ip->nto)] = '\0';
1578 (void) strcpy(ntout, op->nto);
1579 ip->mapflg = mapflag;
1580 mapflag = op->mapflg;
1581 (void) strncpy(ip->mi, mapin, MAXPATHLEN - 1);
1582 (ip->mi)[strlen(ip->mi)] = '\0';
1583 (void) strcpy(mapin, op->mi);
1584 (void) strncpy(ip->mo, mapout, MAXPATHLEN - 1);
1585 (ip->mo)[strlen(ip->mo)] = '\0';
1586 (void) strcpy(mapout, op->mo);
1587 ip->authtype = auth_type;
1588 auth_type = op->authtype;
1594 memcpy(ip->session, cred.session, sizeof(cred.session));
1595 memcpy(cred.session, op->session, sizeof(cred.session));
1596 memcpy(ip->schedule, schedule, sizeof(schedule));
1597 memcpy(schedule, op->schedule, sizeof(schedule));
1598 #endif /* KERBEROS */
1599 (void) signal(SIGINT, oldintr);
1614 (void) fflush(stdout);
1618 longjmp(ptabort, 1);
1621 proxtrans(cmd, local, remote)
1622 char *cmd, *local, *remote;
1625 int secndflag = 0, prox_type, nfnd;
1626 extern jmp_buf ptabort;
1631 if (strcmp(cmd, "RETR"))
1634 cmd2 = runique ? "STOU" : "STOR";
1635 if ((prox_type = type) == 0) {
1636 if (unix_server && unix_proxy)
1641 if (curtype != prox_type)
1642 changetype(prox_type, 1);
1643 if (command("PASV") != COMPLETE) {
1644 printf("proxy server does not support third party transfers.\n");
1649 printf("No primary connection\n");
1654 if (curtype != prox_type)
1655 changetype(prox_type, 1);
1656 if (command("PORT %s", pasv) != COMPLETE) {
1660 if (setjmp(ptabort))
1662 oldintr = signal(SIGINT, abortpt);
1663 if (command("%s %s", cmd, remote) != PRELIM) {
1664 (void) signal(SIGINT, oldintr);
1671 if (command("%s %s", cmd2, local) != PRELIM)
1677 (void) signal(SIGINT, oldintr);
1680 printf("local: %s remote: %s\n", local, remote);
1683 (void) signal(SIGINT, SIG_IGN);
1685 if (strcmp(cmd, "RETR") && !proxy)
1687 else if (!strcmp(cmd, "RETR") && proxy)
1689 if (!cpend && !secndflag) { /* only here if cmd = "STOR" (proxy=1) */
1690 if (command("%s %s", cmd2, local) != PRELIM) {
1693 abort_remote((FILE *) NULL);
1698 (void) signal(SIGINT, oldintr);
1702 abort_remote((FILE *) NULL);
1704 if (!cpend && !secndflag) { /* only if cmd = "RETR" (proxy=1) */
1705 if (command("%s %s", cmd2, local) != PRELIM) {
1708 abort_remote((FILE *) NULL);
1712 (void) signal(SIGINT, oldintr);
1717 abort_remote((FILE *) NULL);
1721 FD_SET(fileno(cin), &mask);
1722 if ((nfnd = empty(&mask, 10)) <= 0) {
1738 (void) signal(SIGINT, oldintr);
1748 FD_SET(fileno(cin), &mask);
1749 if ((nfnd = empty(&mask,0)) < 0) {
1764 static char new[MAXPATHLEN];
1765 char *cp = strrchr(local, '/');
1771 d = access(cp ? local : ".", 2);
1775 fprintf(stderr, "local: %s: %s\n", local, strerror(errno));
1778 (void) strcpy(new, local);
1779 cp = new + strlen(new);
1782 if (++count == 100) {
1783 printf("runique: can't find unique file name.\n");
1792 if ((d = access(new, 0)) < 0)
1796 else if (*(cp - 2) == '.')
1799 *(cp - 2) = *(cp - 2) + 1;
1807 char realm[REALM_SZ + 1];
1808 #endif /* KERBEROS */
1811 /* for testing, we don't have an ftp key yet */
1812 char* gss_services[] = { /* "ftp",*/ "host", 0 };
1817 extern int setsafe();
1820 char *service, inst[INST_SZ];
1821 u_long cksum, checksum = (u_long) getpid();
1822 #endif /* KERBEROS */
1823 #if defined(KERBEROS) || defined(GSSAPI)
1824 u_char out_buf[FTP_BUFSIZ];
1826 #endif /* KERBEROS */
1828 if (auth_type) return(1); /* auth already succeeded */
1830 /* Other auth types go here ... */
1833 if (command("AUTH %s", "KERBEROS_V4") == CONTINUE) {
1835 printf("%s accepted as authentication type\n", "KERBEROS_V4");
1837 strcpy(inst, (char *) krb_get_phost(hostname));
1838 if (realm[0] == '\0')
1839 strcpy(realm, (char *) krb_realmofhost(hostname));
1840 if ((kerror = krb_mk_req(&ticket, service = "ftp",
1841 inst, realm, checksum))
1842 && (kerror != KDC_PR_UNKNOWN ||
1843 (kerror = krb_mk_req(&ticket, service = "rcmd",
1844 inst, realm, checksum))))
1845 fprintf(stderr, "Kerberos V4 krb_mk_req failed: %s\n",
1846 krb_get_err_text(kerror));
1847 else if (kerror = krb_get_cred(service, inst, realm, &cred))
1848 fprintf(stderr, "Kerberos V4 krb_get_cred failed: %s\n",
1849 krb_get_err_text(kerror));
1851 key_sched(cred.session, schedule);
1852 reply_parse = "ADAT=";
1853 oldverbose = verbose;
1856 if (kerror = radix_encode(ticket.dat, out_buf, &i, 0))
1857 fprintf(stderr, "Base 64 encoding failed: %s\n",
1858 radix_error(kerror));
1859 else if (command("ADAT %s", out_buf) != COMPLETE)
1860 fprintf(stderr, "Kerberos V4 authentication failed\n");
1861 else if (!reply_parse)
1863 "No authentication data received from server\n");
1864 else if (kerror = radix_encode(reply_parse, out_buf, &i, 1))
1865 fprintf(stderr, "Base 64 decoding failed: %s\n",
1866 radix_error(kerror));
1867 else if (kerror = krb_rd_safe(out_buf, i, &cred.session,
1868 &hisctladdr, &myctladdr, &msg_data))
1869 fprintf(stderr, "Kerberos V4 krb_rd_safe failed: %s\n",
1870 krb_get_err_text(kerror));
1872 /* fetch the (modified) checksum */
1873 (void) memcpy(&cksum, msg_data.app_data, sizeof(cksum));
1874 if (ntohl(cksum) == checksum + 1) {
1875 verbose = oldverbose;
1877 printf("Kerberos V4 authentication succeeded\n");
1879 auth_type = "KERBEROS_V4";
1881 } else fprintf(stderr,
1882 "Kerberos V4 mutual authentication failed\n");
1884 verbose = oldverbose;
1887 } else fprintf(stderr, "%s rejected as an authentication type\n",
1889 #endif /* KERBEROS */
1891 if (command("AUTH %s", "GSSAPI") == CONTINUE) {
1892 OM_uint32 maj_stat, min_stat;
1893 gss_name_t target_name;
1894 gss_buffer_desc send_tok, recv_tok, *token_ptr;
1895 char stbuf[FTP_BUFSIZ];
1896 char **service_name, **end_service_name;
1898 struct gss_channel_bindings_struct chan;
1899 chan.initiator_addrtype = GSS_C_AF_INET; /* OM_uint32 */
1900 chan.initiator_address.length = 4;
1901 chan.initiator_address.value = &myctladdr.sin_addr.s_addr;
1902 chan.acceptor_addrtype = GSS_C_AF_INET; /* OM_uint32 */
1903 chan.acceptor_address.length = 4;
1904 chan.acceptor_address.value = &hisctladdr.sin_addr.s_addr;
1905 chan.application_data.length = 0;
1906 chan.application_data.value = 0;
1908 for (end_service_name = gss_services; *end_service_name; )
1913 printf("%s accepted as authentication type\n", "GSSAPI");
1915 /* blob from gss-client */
1918 for (service_name = gss_services; *service_name; service_name++) {
1920 /* ftp@hostname first, the host@hostname */
1921 /* the V5 GSSAPI binding canonicalizes this for us... */
1922 sprintf(stbuf, "%s@%s", *service_name, hostname);
1924 fprintf(stderr, "Trying to authenticate to <%s>\n", stbuf);
1926 send_tok.value = stbuf;
1927 send_tok.length = strlen(stbuf) + 1;
1928 maj_stat = gss_import_name(&min_stat, &send_tok,
1929 gss_nt_service_name, &target_name);
1931 if (maj_stat != GSS_S_COMPLETE) {
1932 user_gss_error(maj_stat, min_stat, "parsing name");
1933 secure_error("name parsed <%s>\n", stbuf);
1937 token_ptr = GSS_C_NO_BUFFER;
1938 gcontext = GSS_C_NO_CONTEXT; /* structure copy */
1942 fprintf(stderr, "calling gss_init_sec_context\n");
1944 gss_init_sec_context(&min_stat,
1945 GSS_C_NO_CREDENTIAL,
1949 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
1951 &chan, /* channel bindings */
1953 NULL, /* ignore mech type */
1955 NULL, /* ignore ret_flags */
1956 NULL); /* ignore time_rec */
1959 if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED){
1960 user_gss_error(maj_stat, min_stat, "initializing context");
1961 (void) gss_release_name(&min_stat, &target_name);
1962 /* could just be that we missed on the service name */
1966 if (send_tok.length != 0) {
1967 int len = send_tok.length;
1968 reply_parse = "ADAT="; /* for command() later */
1969 oldverbose = verbose;
1971 kerror = radix_encode(send_tok.value, out_buf, &len, 0);
1973 fprintf(stderr, "Base 64 encoding failed: %s\n",
1974 radix_error(kerror));
1975 } else if ((comcode = command("ADAT %s", out_buf))!=COMPLETE
1976 /* && comcode != 3 (335)*/) {
1977 fprintf(stderr, "GSSAPI ADAT failed\n");
1978 /* force out of loop */
1979 maj_stat = GSS_S_FAILURE;
1980 } else if (!reply_parse) {
1982 "No authentication data received from server\n");
1983 if (maj_stat == GSS_S_COMPLETE) {
1984 fprintf(stderr, "...but no more was needed\n");
1985 goto gss_complete_loop;
1987 user_gss_error(maj_stat, min_stat, "no reply, huh?");
1988 goto gss_complete_loop;
1990 } else if (kerror = radix_encode(reply_parse,out_buf,&i,1)) {
1991 fprintf(stderr, "Base 64 decoding failed: %s\n",
1992 radix_error(kerror));
1994 /* everything worked */
1995 token_ptr = &recv_tok;
1996 recv_tok.value = out_buf;
1997 recv_tok.length = i;
2001 /* get out of loop clean */
2003 service_name = end_service_name;
2004 gss_release_buffer(&min_stat, &send_tok);
2005 gss_release_name(&min_stat, &target_name);
2008 } while (maj_stat == GSS_S_CONTINUE_NEEDED);
2012 verbose = oldverbose;
2013 if (maj_stat == GSS_S_COMPLETE) {
2015 printf("GSSAPI authentication succeeded\n");
2017 auth_type = "GSSAPI";
2020 fprintf(stderr, "GSSAPI authentication failed\n");
2021 verbose = oldverbose;
2027 /* Other auth types go here ... */
2037 if (ucbuf) (void) free(ucbuf);
2039 while ((ucbuf = (unsigned char *)malloc(actualbuf)) == NULL)
2043 perror("Error while trying to malloc PROT buffer:");
2046 oldverbose = verbose;
2048 reply_parse = "PBSZ=";
2049 if (command("PBSZ %u", actualbuf) != COMPLETE)
2050 fatal("Cannot set PROT buffer size");
2052 if ((maxbuf = (unsigned int) atol(reply_parse)) > actualbuf)
2054 } else maxbuf = actualbuf;
2056 verbose = oldverbose;
2062 char buf[FTP_BUFSIZ];
2067 * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
2068 * after urgent byte rather than before as is protocol now
2070 sprintf(buf, "%c%c%c", IAC, IP, IAC);
2071 if (send(fileno(cout), buf, 3, MSG_OOB) != 3)
2074 (void) secure_command("ABOR");
2076 FD_SET(fileno(cin), &mask);
2078 FD_SET(fileno(din), &mask);
2080 if ((nfnd = empty(&mask, 10)) <= 0) {
2088 if (din && FD_ISSET(fileno(din), &mask)) {
2089 /* Security: No threat associated with this read. */
2090 while (read(fileno(din), buf, FTP_BUFSIZ) > 0)
2093 if (getreply(0) == ERROR && code == 552) {
2094 /* 552 needed for nic style abort */
2100 user_gss_error(maj_stat, min_stat, s)
2101 OM_uint32 maj_stat, min_stat;
2104 /* a lot of work just to report the error */
2105 OM_uint32 gmaj_stat, gmin_stat;
2106 gss_buffer_desc msg;
2110 gmaj_stat = gss_display_status(&gmin_stat, maj_stat,
2114 if ((gmaj_stat == GSS_S_COMPLETE)||
2115 (gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
2116 fprintf(stderr, "GSSAPI error major: %s\n",
2118 (void) gss_release_buffer(&gmin_stat, &msg);
2120 if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
2125 gmaj_stat = gss_display_status(&gmin_stat, min_stat,
2129 if ((gmaj_stat == GSS_S_COMPLETE)||
2130 (gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
2131 fprintf(stderr, "GSSAPI error minor: %s\n",
2133 (void) gss_release_buffer(&gmin_stat, &msg);
2135 if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
2138 fprintf(stderr, "GSSAPI error: %s\n", s);
2141 secure_gss_error(maj_stat, min_stat, s)
2142 OM_uint32 maj_stat, min_stat;
2145 return user_gss_error(maj_stat, min_stat, s);
projects / krb5.git / blob