diff options
author | Dan Winship <danw@mit.edu> | 1998-01-30 00:57:03 +0000 |
---|---|---|
committer | Dan Winship <danw@mit.edu> | 1998-01-30 00:57:03 +0000 |
commit | 5f04a55959beba585481c44fb2c35cfeee6afc66 (patch) | |
tree | 62a7698f2e3e6a3a7c4a91c450fdb832b6395dc8 | |
parent | 519b3133fd556a2952372f736c42a6e81ef7ce6b (diff) | |
download | krb5-5f04a55959beba585481c44fb2c35cfeee6afc66.tar.gz krb5-5f04a55959beba585481c44fb2c35cfeee6afc66.tar.xz krb5-5f04a55959beba585481c44fb2c35cfeee6afc66.zip |
Add -x (automatically encrypt) and -f (forward credentials) options
Don't complain about missing ftp/hostname principal if there's a
usable host/hostname.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10387 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/appl/gssftp/ftp/ChangeLog | 12 | ||||
-rw-r--r-- | src/appl/gssftp/ftp/cmds.c | 15 | ||||
-rw-r--r-- | src/appl/gssftp/ftp/ftp.M | 12 | ||||
-rw-r--r-- | src/appl/gssftp/ftp/ftp.c | 6 | ||||
-rw-r--r-- | src/appl/gssftp/ftp/ftp_var.h | 2 | ||||
-rw-r--r-- | src/appl/gssftp/ftp/main.c | 10 |
6 files changed, 43 insertions, 14 deletions
diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 34d61bcd2e..2e42d579b6 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,15 @@ +Thu Jan 29 19:39:27 1998 Dan Winship <danw@mit.edu> + + * ftp.h: + * ftp.M: + * main.c (main): add options -f (forward credentials) and -x + (automatically negotiate encryption) + + * ftp.c (do_auth): implement -f. Also, don't complain that + ftp/hostname doesn't exist if host/hostname does. + + * cmds.c (setpeer): implement -x + Thu Dec 11 23:26:58 1997 Tom Yu <tlyu@mit.edu> * ftp.c: diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index 6759a25904..0cc82755f1 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -168,17 +168,16 @@ setpeer(argc, argv) stru = STRU_F; (void) strcpy(bytename, "8"), bytesize = 8; if (autologin) { - do_auth(); + if (do_auth() && autoencrypt) { + setpbsz(1<<20); + if (command("PROT P") == COMPLETE) + level = PROT_P; + else + fprintf(stderr, "ftp: couldn't enable encryption\n"); + } (void) login(argv[1]); } - if (0) { - setpbsz(1<<20); - level = PROT_P; - if (command("PROT P") != COMPLETE) - fprintf(stderr, "auto PROT P setting failed\n"); - } - #ifndef unix #ifdef _AIX #define unix diff --git a/src/appl/gssftp/ftp/ftp.M b/src/appl/gssftp/ftp/ftp.M index 39668436c9..499b587779 100644 --- a/src/appl/gssftp/ftp/ftp.M +++ b/src/appl/gssftp/ftp/ftp.M @@ -37,7 +37,7 @@ ftp \- ARPANET file transfer program .SH SYNOPSIS .B ftp [\fB\-v\fP] [\fB\-d\fP] [\fB\-i\fP] [\fB\-n\fP] [\fB\-g\fP] [\fB\-k\fP -\fIrealm\fP] [\fIhost\fP] [\fB\-forward\fP] +\fIrealm\fP] [\fB\-f\fP] [\fB\-x\fP] [\fIhost\fP] .SH DESCRIPTION .B FTP is the user interface to the @@ -89,11 +89,15 @@ Enables debugging. Disables file name globbing. .TP \fB\-k\fP \fIrealm\fP -When using Kerberos authentication, get tickets in +When using Kerberos v4 authentication, gets tickets in .IR realm . .TP -.B \-forward -Cause tickets to be forwarded to the remote host. +.B \-f +Causes credentials to be forwarded to the remote host. +.TP +.B \-x +Causes the client to attempt to negotiate encryption (protection level +`private') immediately after successfully authenticating. .SH COMMANDS The client host with which .B ftp diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index 3d2f07a368..2fbe8e468d 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -1912,7 +1912,8 @@ do_auth() &gcontext, target_name, GSS_C_NULL_OID, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | + (forward ? GSS_C_DELEG_FLAG : 0), 0, &chan, /* channel bindings */ token_ptr, @@ -1923,7 +1924,8 @@ do_auth() if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED){ - user_gss_error(maj_stat, min_stat, "initializing context"); + if (service_name == end_service_name) + user_gss_error(maj_stat, min_stat, "initializing context"); (void) gss_release_name(&min_stat, &target_name); /* could just be that we missed on the service name */ goto outer_loop; diff --git a/src/appl/gssftp/ftp/ftp_var.h b/src/appl/gssftp/ftp/ftp_var.h index 007ccdd53b..aa25b07564 100644 --- a/src/appl/gssftp/ftp/ftp_var.h +++ b/src/appl/gssftp/ftp/ftp_var.h @@ -55,6 +55,8 @@ extern int debug; /* debugging level */ extern int bell; /* ring bell on cmd completion */ extern int doglob; /* glob local file names */ extern int autologin; /* establish user account on connection */ +extern int autoencrypt; /* negotiate encryption on connection */ +extern int forward; /* forward credentials */ extern int proxy; /* proxy server connection active */ extern int proxflag; /* proxy connection exists */ extern int sunique; /* store files on server with unique name */ diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c index 6c6cfc5f12..7c5be075a7 100644 --- a/src/appl/gssftp/ftp/main.c +++ b/src/appl/gssftp/ftp/main.c @@ -101,6 +101,8 @@ main(argc, argv) doglob = 1; interactive = 1; autologin = 1; + forward = 0; + autoencrypt = 0; argc--, argv++; while (argc > 0 && **argv == '-') { for (cp = *argv + 1; *cp; cp++) @@ -144,6 +146,14 @@ main(argc, argv) doglob = 0; break; + case 'f': + forward = 1; + break; + + case 'x': + autoencrypt = 1; + break; + default: fprintf(stdout, "ftp: %c: unknown option\n", *cp); |