From: Geoffrey King Date: Mon, 26 Oct 1998 11:46:30 +0000 (+0000) Subject: * ftp.M: Add documentation for new ccc and cprotect commands. X-Git-Tag: krb5-1.1-beta1~517 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=82e3ffd806a41dda8bbb22681d5140aa46276462;p=krb5.git * ftp.M: Add documentation for new ccc and cprotect commands. Also, add previously omitted command line options -u and -t and "passive" command to the man page. * main.c (main): Print out a usage message instead of just "unknown option." git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10992 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 786283c9c..ed4aecb1a 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,12 @@ +1998-10-26 Geoffrey King + + * ftp.M: Add documentation for new ccc and cprotect commands. + Also, add previously omitted command line options -u and -t and + "passive" command to the man page. + + * main.c (main): Print out a usage message instead of just + "unknown option." + Fri Oct 2 16:16:13 1998 Theodore Y. Ts'o * cmdtab.c: Update help message for passive mode so that it diff --git a/src/appl/gssftp/ftp/ftp.M b/src/appl/gssftp/ftp/ftp.M index 499b58777..9c890cfb1 100644 --- a/src/appl/gssftp/ftp/ftp.M +++ b/src/appl/gssftp/ftp/ftp.M @@ -37,7 +37,7 @@ ftp \- ARPANET file transfer program .SH SYNOPSIS .B ftp [\fB\-v\fP] [\fB\-d\fP] [\fB\-i\fP] [\fB\-n\fP] [\fB\-g\fP] [\fB\-k\fP -\fIrealm\fP] [\fB\-f\fP] [\fB\-x\fP] [\fIhost\fP] +\fIrealm\fP] [\fB\-f\fP] [\fB\-x\fP] [\fB\-u\fP] [\fB\-t\fP] [\fIhost\fP] .SH DESCRIPTION .B FTP is the user interface to the @@ -57,8 +57,23 @@ transfer statistics. .B \-n Restrains .B ftp -from attempting ``auto-login'' upon initial connection. If -auto-login is enabled, +from attempting ``auto-login'' upon initial connection. If auto-login +is enabled, +.B ftp +will check the +.I .netrc +(see below) file in the user's home directory for an entry describing an +account on the remote machine. If no entry exists, +.B ftp +will prompt for the remote machine login name (default is the user +identity on the local machine), and, if necessary, prompt for a password +and an account with which to login. +.TP +.B \-u +Restrains +.B ftp +from attempting ``auto-authentication'' upon initial connection. If +auto-authentication is enabled, .B ftp attempts to authenticate to the .SM FTP @@ -68,16 +83,7 @@ command, using whichever authentication types are locally supported. Once an authentication type is accepted, an authentication protocol will proceed by issuing .SM ADAT -commands. -.B ftp -then will check the -.I .netrc -(see below) file in the user's home directory for an entry describing an -account on the remote machine. If no entry exists, -.B ftp -will prompt for the remote machine login name (default is the user -identity on the local machine), and, if necessary, prompt for a password -and an account with which to login. +commands. This option also disables auto-login. .TP .B \-i Turns off interactive prompting during multiple file transfers. @@ -96,8 +102,12 @@ When using Kerberos v4 authentication, gets tickets in Causes credentials to be forwarded to the remote host. .TP .B \-x -Causes the client to attempt to negotiate encryption (protection level -`private') immediately after successfully authenticating. +Causes the client to attempt to negotiate encryption (data and command +protection levels ``private'') immediately after successfully +authenticating. +.TP +.B \-t +Enables packet tracing. .SH COMMANDS The client host with which .B ftp @@ -181,6 +191,15 @@ is on (default is off), remote computer file names with all letters in upper case are written in the local directory with the letters mapped to lower case. .TP +.B ccc +Turn off integrity protection on the command channel. This command +must be sent integrity protected, and must be proceeded by a successful +.SM ADAT +command. Since turning off integrity protection potentially +allows an attacker to insert commands onto the command channel, some +.SM FTP +servers may refuse to honor this command. +.TP \fBcd\fP \fIremote-directory\fP Change the working directory on the remote machine to .IR remote-directory . @@ -206,6 +225,22 @@ Terminate the session with the remote server, and return to the command interpreter. Any defined macros are erased. .TP +\fBcprotect\fP [\fIprotection-level\fP] +Set the protection level on commands to +.IR protection-level . +The valid protection levels are ``clear'' for unprotected commands, +``safe'' for commands integrity protected by +cryptographic checksum, and ``private'' for commands +confidentiality and integrity protected by encryption. If an +.SM ADAT +command succeeded, then the default command protection level is +``safe'', otherwise the only possible level is ``clear''. If no +level is specified, the current level is printed. +.B cprotect clear +is equivalent to the +.B ccc +command. +.TP .B cr Toggle carriage return stripping during ascii type file retrieval. Records are denoted by a carriage return/linefeed sequence during ascii @@ -560,7 +595,7 @@ server. An optional port number may be supplied, in which case, will attempt to contact an .SM FTP server at that port. If the -.B auto-login +.B auto-authenticate option is on (default), .B ftp will attempt to authenticate to the @@ -571,7 +606,9 @@ command, using whichever authentication types which are locally supported. Once an authentication type is accepted, an authentication protocol will proceed by issuing .SM ADAT -commands. +commands. If the +.B auto-login +option is on (default), .B ftp will also attempt to automatically log the user in to the .SM FTP @@ -581,6 +618,12 @@ option is specified, .B ftp will forward a copy of the user's Kerberos tickets to the remote host. .TP +.B passive +Toggle passive data transfer mode. In passive mode, the client initiates +the data connection by listening on the data port. Passive mode may +be necessary for operation from behind firewalls which do not permit +incoming connections. +.TP .B private Set the protection level on data transfers to ``private''. Data transmissions are confidentiality and integrity protected by encryption. diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c index 685c14758..aa6e5a4df 100644 --- a/src/appl/gssftp/ftp/main.c +++ b/src/appl/gssftp/ftp/main.c @@ -86,6 +86,7 @@ main(argc, argv) int top; struct passwd *pw = NULL; char homedir[MAXPATHLEN]; + char *progname = argv[0]; sp = getservbyname("ftp", "tcp"); if (sp == 0) { @@ -147,10 +148,9 @@ main(argc, argv) doglob = 0; break; - case 'u': - autoauth = 0; - break; + autoauth = 0; + break; case 'f': forward = 1; @@ -160,11 +160,13 @@ main(argc, argv) autoencrypt = 1; break; - default: - fprintf(stdout, + fprintf(stderr, "ftp: %c: unknown option\n", *cp); - exit(1); + fprintf(stderr, "Usage: %s [-v] [-d] [-i] [-n] [-g] " + "[-k realm] [-f] [-x] [-u] [-t] [host]\n", + progname); + exit(1); } nextopt: argc--, argv++;