From bd86dea69d96583f2a73a8519cfaca61fb61289c Mon Sep 17 00:00:00 2001 From: Geoffrey King Date: Wed, 19 Aug 1998 11:06:25 +0000 Subject: [PATCH] Add optional support for the CCC (Clear Command Channel) command. This command is dangerous, since it allows commands to be transmitted without integrity checking, so the default behavior without the -c option is still for the server to refuse to accept unprotected commands. * ftpd.c: Add a new command line option, -c, which tells the server to accept the CCC command. * ftpcmd.y: If the -c option was given, check to make sure the CCC command itself was integrity protected, and then set ccc_ok to allow future commands to be transmitted as cleartext. (getline): Now that CCC is potentially allowed, we must check to see if we are parsing an unprotected command even if a security context is established (i.e. auth_type is set). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10846 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gssftp/ftpd/ChangeLog | 12 ++++++++ src/appl/gssftp/ftpd/ftpcmd.y | 51 ++++++++++++++++++++++++---------- src/appl/gssftp/ftpd/ftpd.c | 6 ++++ 3 files changed, 55 insertions(+), 14 deletions(-) diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 508b3111c..21703b132 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,15 @@ +Wed Aug 19 06:47:46 1998 Geoffrey King + + * ftpd.c: Add a new command line option, -c, which tells the + server to accept the CCC command. + + * ftpcmd.y: If the -c option was given, check to make sure the CCC + command itself was integrity protected, and then set ccc_ok to + allow future commands to be transmitted as cleartext. + (getline): Now that CCC is potentially allowed, we must check to + see if we are parsing an unprotected command even if a security + context is established (i.e. auth_type is set). + Wed Aug 12 02:57:07 1998 Geoffrey King * ftpcmd.y, ftpd.c: Replace global variable level with clevel and diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index de064bb00..f237bb7c0 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -116,6 +116,10 @@ extern int type; extern int form; extern int clevel; extern int debug; + + +extern int allow_ccc; +extern int ccc_ok; extern int timeout; extern int maxtimeout; extern int pdata; @@ -234,7 +238,17 @@ cmd: USER SP username CRLF } | CCC CRLF = { - reply(534, "CCC not supported"); + if (!allow_ccc) { + reply(534, "CCC not supported"); + } + else { + if(clevel == PROT_C && !ccc_ok) { + reply(533, "CCC command must be integrity protected"); + } else { + reply(200, "CCC command successful."); + ccc_ok = 1; + } + } } | PBSZ SP STRING CRLF = { @@ -979,9 +993,29 @@ getline(s, n, iop) char out[sizeof(cbuf)], *cp; int len, mic; - if ((cs = strpbrk(s, " \r\n"))) - *cs++ = '\0'; + + /* Check to see if we have a protected command. */ + if (!((mic = strncmp(s, "ENC", 3)) && strncmp(s, "MIC", 3) +#ifndef NOCONFIDENTIAL + && strncmp(s, "CONF", 4) +#endif + ) && (cs = strpbrk(s, " \r\n"))) { + *cs++ = '\0'; /* If so, split it into s and cs. */ + } else { /* If not, check if unprotected commands are allowed. */ + if(ccc_ok) { + clevel = PROT_C; + upper(s); + return(s); + } else { + reply(533, "All commands must be protected."); + syslog(LOG_ERR, "Unprotected command received"); + *s = '\0'; + return(s); + } + } upper(s); + if (debug) + syslog(LOG_INFO, "command %s received (mic=%d)", s, mic); #ifdef NOCONFIDENTIAL if (!strcmp(s, "CONF")) { reply(537, "CONF protected commands not supported."); @@ -989,17 +1023,6 @@ getline(s, n, iop) return(s); } #endif - if ((mic = strcmp(s, "ENC")) && strcmp(s, "MIC") -#ifndef NOCONFIDENTIAL - && strcmp(s, "CONF") -#endif - ) { - reply(533, "All commands must be protected."); - syslog(LOG_ERR, "Unprotected command received"); - *s = '\0'; - return(s); - } else if (debug) - syslog(LOG_INFO, "command %s received (mic=%d)", s, mic); /* Some paranoid sites may want to require that commands be encrypted. */ #ifdef PARANOID if (mic) { diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index e897bd472..19d72fa53 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -172,6 +172,8 @@ sigjmp_buf urgcatch; int logged_in; struct passwd *pw; int debug; +int allow_ccc = 0; /* whether or not the CCC command is allowed */ +int ccc_ok = 0; /* whether or not to accept cleartext commands */ int timeout = 900; /* timeout after 15 minutes of inactivity */ int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ int logging; @@ -283,6 +285,10 @@ main(argc, argv, envp) authenticate = 1; break; + case 'c': + allow_ccc = 1; + break; + case 'p': if (*++cp != '\0') port = atoi(cp); -- 2.26.2