From: Geoffrey King <gjking@mit.edu>
Date: Wed, 19 Aug 1998 11:06:25 +0000 (+0000)
Subject: Add optional support for the CCC (Clear Command Channel) command.
X-Git-Tag: krb5-1.1-beta1~573
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=bd86dea69d96583f2a73a8519cfaca61fb61289c;p=krb5.git

Add optional support for the CCC (Clear Command Channel) command.
This command is dangerous, since it allows commands to be transmitted
without integrity checking, so the default behavior without the -c
option is still for the server to refuse to accept unprotected
commands.

    * ftpd.c: Add a new command line option, -c, which tells the
    server to accept the CCC command.

    * ftpcmd.y: If the -c option was given, check to make sure the CCC
    command itself was integrity protected, and then set ccc_ok to
    allow future commands to be transmitted as cleartext.
    (getline): Now that CCC is potentially allowed, we must check to
    see if we are parsing an unprotected command even if a security
    context is established (i.e. auth_type is set).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10846 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog
index 508b3111c..21703b132 100644
--- a/src/appl/gssftp/ftpd/ChangeLog
+++ b/src/appl/gssftp/ftpd/ChangeLog
@@ -1,3 +1,15 @@
+Wed Aug 19 06:47:46 1998  Geoffrey King  <gjking@mit.edu>
+
+	* ftpd.c: Add a new command line option, -c, which tells the
+	server to accept the CCC command.
+
+	* ftpcmd.y: If the -c option was given, check to make sure the CCC
+	command itself was integrity protected, and then set ccc_ok to
+	allow future commands to be transmitted as cleartext.
+	(getline): Now that CCC is potentially allowed, we must check to
+	see if we are parsing an unprotected command even if a security
+	context is established (i.e. auth_type is set).
+
 Wed Aug 12 02:57:07 1998  Geoffrey King  <gjking@mit.edu>
 
 	* ftpcmd.y, ftpd.c: Replace global variable level with clevel and
diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y
index de064bb00..f237bb7c0 100644
--- a/src/appl/gssftp/ftpd/ftpcmd.y
+++ b/src/appl/gssftp/ftpd/ftpcmd.y
@@ -116,6 +116,10 @@ extern	int type;
 extern	int form;
 extern	int clevel;
 extern	int debug;
+
+
+extern	int allow_ccc;
+extern	int ccc_ok;
 extern	int timeout;
 extern	int maxtimeout;
 extern  int pdata;
@@ -234,7 +238,17 @@ cmd:		USER SP username CRLF
 		}
 	|	CCC CRLF
 		= {
-			reply(534, "CCC not supported");
+			if (!allow_ccc) {
+			    reply(534, "CCC not supported");
+			}
+			else {
+			    if(clevel == PROT_C && !ccc_ok) {
+			        reply(533, "CCC command must be integrity protected");
+			    } else {
+			        reply(200, "CCC command successful.");
+				ccc_ok = 1;
+			    }
+			}
 		}
 	|	PBSZ SP STRING CRLF
 		= {
@@ -979,9 +993,29 @@ getline(s, n, iop)
 	    char out[sizeof(cbuf)], *cp;
 	    int len, mic;
 
-	    if ((cs = strpbrk(s, " \r\n")))
-	    	*cs++ = '\0';
+
+	    /* Check to see if we have a protected command. */
+	    if (!((mic = strncmp(s, "ENC", 3)) && strncmp(s, "MIC", 3)
+#ifndef NOCONFIDENTIAL
+	        && strncmp(s, "CONF", 4)
+#endif
+	        ) && (cs = strpbrk(s, " \r\n"))) {
+	    	    *cs++ = '\0'; /* If so, split it into s and cs. */
+	    } else { /* If not, check if unprotected commands are allowed. */
+		if(ccc_ok) {
+		    clevel = PROT_C;
+		    upper(s);
+		    return(s);
+		} else {
+		    reply(533, "All commands must be protected.");
+		    syslog(LOG_ERR, "Unprotected command received");
+		    *s = '\0';
+		    return(s);
+		}
+	    }
 	    upper(s);
+	    if (debug)
+	        syslog(LOG_INFO, "command %s received (mic=%d)", s, mic);
 #ifdef NOCONFIDENTIAL
 	    if (!strcmp(s, "CONF")) {
 		reply(537, "CONF protected commands not supported.");
@@ -989,17 +1023,6 @@ getline(s, n, iop)
 		return(s);
 	    }
 #endif
-	    if ((mic = strcmp(s, "ENC")) && strcmp(s, "MIC")
-#ifndef NOCONFIDENTIAL
-		&& strcmp(s, "CONF")
-#endif
-					) {
-		reply(533, "All commands must be protected.");
-		syslog(LOG_ERR, "Unprotected command received");
-		*s = '\0';
-		return(s);
-	    } else if (debug)
-		syslog(LOG_INFO, "command %s received (mic=%d)", s, mic);
 /* Some paranoid sites may want to require that commands be encrypted. */
 #ifdef PARANOID
 	    if (mic) {
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
index e897bd472..19d72fa53 100644
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ b/src/appl/gssftp/ftpd/ftpd.c
@@ -172,6 +172,8 @@ sigjmp_buf urgcatch;
 int	logged_in;
 struct	passwd *pw;
 int	debug;
+int	allow_ccc = 0;    /* whether or not the CCC command is allowed */
+int	ccc_ok = 0;       /* whether or not to accept cleartext commands */
 int	timeout = 900;    /* timeout after 15 minutes of inactivity */
 int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
 int	logging;
@@ -283,6 +285,10 @@ main(argc, argv, envp)
 			authenticate = 1;
 			break;
 
+		case 'c':
+			allow_ccc = 1;
+			break;
+
 		case 'p':
 			if (*++cp != '\0')
 				port = atoi(cp);