From: Tom Yu Date: Wed, 3 Nov 2004 22:50:15 +0000 (+0000) Subject: merge athena ftpd changes for requiring encrypted passwords X-Git-Tag: ms-bug-test-20060525~472 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=db16a09830ffdcc461b63178c0834727bd7aa4a5;p=krb5.git merge athena ftpd changes for requiring encrypted passwords * ftpcmd.y (getline): Merge Athena change to reject MICed password. * ftpd.M: Document '-E'. * ftpd.c (main): Merge Athena's '-E' changes to prohibit unencrypted passwords. ticket: new target_version: 1.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16857 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 6ead450fc..58fab439b 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,13 @@ +2004-11-03 Tom Yu + + * ftpcmd.y (getline): Merge Athena change to reject MICed + password. + + * ftpd.M: Document '-E'. + + * ftpd.c (main): Merge Athena's '-E' changes to prohibit + unencrypted passwords. + 2004-09-22 Tom Yu * Makefile.in (ftpd): Use UTIL_LIB. diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index db50d5bfb..bb6bbcdde 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -124,6 +124,7 @@ extern int ccc_ok; extern int timeout; extern int maxtimeout; extern int pdata; +extern int authlevel; extern char hostname[], remotehost[]; extern char proctitle[]; extern char *globerr; @@ -1150,6 +1151,18 @@ getline(s, n, iop) } #endif /* GSSAPI */ /* Other auth types go here ... */ + + /* A password should never be MICed, but the CNS ftp + * client and the pre-6/98 Krb5 client did this if you + * authenticated but didn't encrypt. + */ + if (authlevel && mic && !strncmp(s, "PASS", 4)) { + lreply(530, "There is a problem with your ftp client. Password refused."); + reply(530, "Enable encryption before logging in, or update your ftp program."); + *s = 0; + return s; + } + } #if defined KRB5_KRB4_COMPAT || defined GSSAPI /* or other auth types */ else { /* !auth_type */ diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M index dc75e9b8d..b26a4bd94 100644 --- a/src/appl/gssftp/ftpd/ftpd.M +++ b/src/appl/gssftp/ftpd/ftpd.M @@ -36,8 +36,8 @@ ftpd \- DARPA Internet File Transfer Protocol server .SH SYNOPSIS .B ftpd -[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-l\fP] -[\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP] +[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB-E\fP] +[\fB\-l\fP] [\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP] [\fB\-p\fP \fIport\fP] [\fB\-U\fP \fIftpusers-file\fP] [\fB\-u\fP \fIumask\fP] [\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP] [\fB\-w\fP{\fBip\fP|\fImaxhostlen\fP[\fB,\fP{\fBstriplocal\fP|\fBnostriplocal\fP}]}] @@ -77,6 +77,9 @@ less secure connections, and should probably only be used when debugging. .B \-d Debugging information is written to the syslog. (Identical to -v) .TP +.B \-E +Don't allow passwords to be typed across unencrypted connections. +.TP .B \-l Each .IR ftp (1) diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 6048278d7..4e3ef9064 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -293,9 +293,9 @@ main(argc, argv, envp) extern char *optarg; extern int optopt; #ifdef KRB5_KRB4_COMPAT - char *option_string = "AaCcdlp:r:s:T:t:U:u:vw:"; + char *option_string = "AaCcdElp:r:s:T:t:U:u:vw:"; #else /* !KRB5_KRB4_COMPAT */ - char *option_string = "AaCcdlp:r:T:t:U:u:vw:"; + char *option_string = "AaCcdElp:r:T:t:U:u:vw:"; #endif /* KRB5_KRB4_COMPAT */ ftpusers = _PATH_FTPUSERS_DEFAULT; @@ -328,6 +328,11 @@ main(argc, argv, envp) debug = 1; break; + case 'E': + if (!authlevel) + authlevel = AUTHLEVEL_AUTHENTICATE; + break; + case 'l': logging ++; break;