From 5f04a55959beba585481c44fb2c35cfeee6afc66 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Fri, 30 Jan 1998 00:57:03 +0000 Subject: [PATCH] Add -x (automatically encrypt) and -f (forward credentials) options Don't complain about missing ftp/hostname principal if there's a usable host/hostname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10387 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gssftp/ftp/ChangeLog | 12 ++++++++++++ src/appl/gssftp/ftp/cmds.c | 15 +++++++-------- src/appl/gssftp/ftp/ftp.M | 12 ++++++++---- src/appl/gssftp/ftp/ftp.c | 6 ++++-- src/appl/gssftp/ftp/ftp_var.h | 2 ++ src/appl/gssftp/ftp/main.c | 10 ++++++++++ 6 files changed, 43 insertions(+), 14 deletions(-) diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 34d61bcd2..2e42d579b 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,15 @@ +Thu Jan 29 19:39:27 1998 Dan Winship + + * ftp.h: + * ftp.M: + * main.c (main): add options -f (forward credentials) and -x + (automatically negotiate encryption) + + * ftp.c (do_auth): implement -f. Also, don't complain that + ftp/hostname doesn't exist if host/hostname does. + + * cmds.c (setpeer): implement -x + Thu Dec 11 23:26:58 1997 Tom Yu * ftp.c: diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index 6759a2590..0cc82755f 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -168,17 +168,16 @@ setpeer(argc, argv) stru = STRU_F; (void) strcpy(bytename, "8"), bytesize = 8; if (autologin) { - do_auth(); + if (do_auth() && autoencrypt) { + setpbsz(1<<20); + if (command("PROT P") == COMPLETE) + level = PROT_P; + else + fprintf(stderr, "ftp: couldn't enable encryption\n"); + } (void) login(argv[1]); } - if (0) { - setpbsz(1<<20); - level = PROT_P; - if (command("PROT P") != COMPLETE) - fprintf(stderr, "auto PROT P setting failed\n"); - } - #ifndef unix #ifdef _AIX #define unix diff --git a/src/appl/gssftp/ftp/ftp.M b/src/appl/gssftp/ftp/ftp.M index 39668436c..499b58777 100644 --- a/src/appl/gssftp/ftp/ftp.M +++ b/src/appl/gssftp/ftp/ftp.M @@ -37,7 +37,7 @@ ftp \- ARPANET file transfer program .SH SYNOPSIS .B ftp [\fB\-v\fP] [\fB\-d\fP] [\fB\-i\fP] [\fB\-n\fP] [\fB\-g\fP] [\fB\-k\fP -\fIrealm\fP] [\fIhost\fP] [\fB\-forward\fP] +\fIrealm\fP] [\fB\-f\fP] [\fB\-x\fP] [\fIhost\fP] .SH DESCRIPTION .B FTP is the user interface to the @@ -89,11 +89,15 @@ Enables debugging. Disables file name globbing. .TP \fB\-k\fP \fIrealm\fP -When using Kerberos authentication, get tickets in +When using Kerberos v4 authentication, gets tickets in .IR realm . .TP -.B \-forward -Cause tickets to be forwarded to the remote host. +.B \-f +Causes credentials to be forwarded to the remote host. +.TP +.B \-x +Causes the client to attempt to negotiate encryption (protection level +`private') immediately after successfully authenticating. .SH COMMANDS The client host with which .B ftp diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index 3d2f07a36..2fbe8e468 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -1912,7 +1912,8 @@ do_auth() &gcontext, target_name, GSS_C_NULL_OID, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | + (forward ? GSS_C_DELEG_FLAG : 0), 0, &chan, /* channel bindings */ token_ptr, @@ -1923,7 +1924,8 @@ do_auth() if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED){ - user_gss_error(maj_stat, min_stat, "initializing context"); + if (service_name == end_service_name) + user_gss_error(maj_stat, min_stat, "initializing context"); (void) gss_release_name(&min_stat, &target_name); /* could just be that we missed on the service name */ goto outer_loop; diff --git a/src/appl/gssftp/ftp/ftp_var.h b/src/appl/gssftp/ftp/ftp_var.h index 007ccdd53..aa25b0756 100644 --- a/src/appl/gssftp/ftp/ftp_var.h +++ b/src/appl/gssftp/ftp/ftp_var.h @@ -55,6 +55,8 @@ extern int debug; /* debugging level */ extern int bell; /* ring bell on cmd completion */ extern int doglob; /* glob local file names */ extern int autologin; /* establish user account on connection */ +extern int autoencrypt; /* negotiate encryption on connection */ +extern int forward; /* forward credentials */ extern int proxy; /* proxy server connection active */ extern int proxflag; /* proxy connection exists */ extern int sunique; /* store files on server with unique name */ diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c index 6c6cfc5f1..7c5be075a 100644 --- a/src/appl/gssftp/ftp/main.c +++ b/src/appl/gssftp/ftp/main.c @@ -101,6 +101,8 @@ main(argc, argv) doglob = 1; interactive = 1; autologin = 1; + forward = 0; + autoencrypt = 0; argc--, argv++; while (argc > 0 && **argv == '-') { for (cp = *argv + 1; *cp; cp++) @@ -144,6 +146,14 @@ main(argc, argv) doglob = 0; break; + case 'f': + forward = 1; + break; + + case 'x': + autoencrypt = 1; + break; + default: fprintf(stdout, "ftp: %c: unknown option\n", *cp); -- 2.26.2