From: Geoffrey King Date: Wed, 12 Aug 1998 07:03:48 +0000 (+0000) Subject: * ftpcmd.y, ftpd.c: Replace global variable level with clevel and X-Git-Tag: krb5-1.1-beta1~582 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7ba12fe4bd52b39eb8c4024cbd7e1cedfbc1f7c4;p=krb5.git * ftpcmd.y, ftpd.c: Replace global variable level with clevel and dlevel to allow independence of command and data channel protection levels. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10805 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 5c6cc5158..508b3111c 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,9 @@ +Wed Aug 12 02:57:07 1998 Geoffrey King + + * ftpcmd.y, ftpd.c: Replace global variable level with clevel and + dlevel to allow independence of command and data channel + protection levels. + Tue Aug 11 04:30:59 1998 Matthew D Hancher * ftpd.c: Add support for extended logging as per PR#481. Using diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index 94b76ee69..de064bb00 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -114,6 +114,7 @@ extern int guest; extern int logging; extern int type; extern int form; +extern int clevel; extern int debug; extern int timeout; extern int maxtimeout; @@ -227,7 +228,7 @@ cmd: USER SP username CRLF | PROT SP prot_code CRLF = { if (maxbuf) - setlevel ($3); + setdlevel ($3); else reply(503, "Must first set PBSZ"); } @@ -1024,6 +1025,7 @@ getline(s, n, iop) } if (debug) syslog(LOG_DEBUG, "getline got %d from %s <%s>\n", len, cs, mic?"MIC":"ENC"); + clevel = mic ? PROT_S : PROT_P; #ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, "KERBEROS_V4") == 0) { if ((kerror = mic ? diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index f034b900e..e897bd472 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -178,7 +178,8 @@ int logging; int authenticate; int guest; int type; -int level; +int clevel; /* control protection level */ +int dlevel; /* data protection level */ int form; int stru; /* avoid C keyword */ int mode; @@ -400,6 +401,7 @@ nextopt: #define LOG_DAEMON 0 #endif openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + addrlen = sizeof (his_addr); if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); @@ -455,7 +457,7 @@ nextopt: * Set up default state */ data = -1; - level = PROT_C; + clevel = dlevel = PROT_C; type = TYPE_A; form = FORM_N; stru = STRU_F; @@ -564,7 +566,10 @@ path_expand(path) return strcat(pathbuf, path); } -setlevel(prot_level) +/* + * Set data channel protection level + */ +setdlevel(prot_level) int prot_level; { switch (prot_level) { @@ -574,10 +579,10 @@ int prot_level; #endif if (auth_type) case PROT_C: - reply(200, "Protection level set to %s.", - (level = prot_level) == PROT_S ? - "Safe" : level == PROT_P ? - "Private" : "Clear"); + reply(200, "Data channel protection level set to %s.", + (dlevel = prot_level) == PROT_S ? + "safe" : dlevel == PROT_P ? + "private" : "clear"); else default: reply(536, "%s protection level not supported.", levelnames[prot_level]); @@ -1440,7 +1445,7 @@ statcmd() reply(0, " Waiting for authentication data"); else reply(0, " Waiting for user name"); - reply(0, " PROTection level: %s", levelnames[level]); + reply(0, " Protection level: %s", levelnames[dlevel]); sprintf(str, " TYPE: %s", typenames[type]); if (type == TYPE_A || type == TYPE_E) sprintf(&str[strlen(str)], ", FORM: %s", formnames[form]); @@ -1514,16 +1519,12 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) if (auth_type) { char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; int length, kerror; - /* - * File protection level also determines whether - * replies are 631 or 632. Should be independent ... - */ if (n) sprintf(in, "%d%c", n, cont_char); else in[0] = '\0'; strcat(in, buf); #ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if ((length = level == PROT_P ? + if ((length = clevel == PROT_P ? krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, &kdata.session, @@ -1534,7 +1535,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) &ctrl_addr, &his_addr)) == -1) { syslog(LOG_ERR, "krb_mk_%s failed for KERBEROS_V4", - level == PROT_P ? "priv" : "safe"); + clevel == PROT_P ? "priv" : "safe"); fputs(in,stdout); } } else @@ -1549,17 +1550,17 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) in_buf.value = in; in_buf.length = strlen(in) + 1; maj_stat = gss_seal(&min_stat, gcontext, - level == PROT_P, /* confidential */ + clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, &in_buf, &conf_state, &out_buf); if (maj_stat != GSS_S_COMPLETE) { /* generally need to deal */ secure_gss_error(maj_stat, min_stat, - (level==PROT_P)? + (clevel==PROT_P)? "gss_seal ENC didn't complete": "gss_seal MIC didn't complete"); - } else if ((level == PROT_P) && !conf_state) { + } else if ((clevel == PROT_P) && !conf_state) { secure_error("GSSAPI didn't encrypt message"); } else { memcpy(out, out_buf.value, @@ -1574,7 +1575,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) radix_error(kerror)); fputs(in,stdout); } else - printf("%s%c%s", level == PROT_P ? "632" : "631", + printf("%s%c%s", clevel == PROT_P ? "632" : "631", n ? cont_char : '-', in); } else { if (n) printf("%d%c", n, cont_char); @@ -2210,7 +2211,7 @@ char *fmt; va_list ap; va_start(ap, fmt); - if (level == PROT_C) rval = vfprintf(stream, fmt, ap); + if (dlevel == PROT_C) rval = vfprintf(stream, fmt, ap); else { vsprintf(s, fmt, ap); rval = secure_write(fileno(stream), s, strlen(s)); @@ -2219,7 +2220,7 @@ char *fmt; return(rval); #else - if (level == PROT_C) + if (dlevel == PROT_C) return(fprintf(stream, fmt, p1, p2, p3, p4, p5)); sprintf(s, fmt, p1, p2, p3, p4, p5); return(secure_write(fileno(stream), s, strlen(s)));