Add -x (automatically encrypt) and -f (forward credentials) options

Don't complain about missing ftp/hostname principal if there's a
usable host/hostname.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10387 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 43 insertions, 14 deletions

diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog
index 34d61bcd2e..2e42d579b6 100644
--- a/src/appl/gssftp/ftp/ChangeLog
+++ b/src/appl/gssftp/ftp/ChangeLog
@@ -1,3 +1,15 @@
+Thu Jan 29 19:39:27 1998  Dan Winship  <danw@mit.edu>
+
+	* ftp.h:
+	* ftp.M:
+	* main.c (main): add options -f (forward credentials) and -x
+	(automatically negotiate encryption)
+
+	* ftp.c (do_auth): implement -f. Also, don't complain that
+	ftp/hostname doesn't exist if host/hostname does.
+
+	* cmds.c (setpeer): implement -x
+
 Thu Dec 11 23:26:58 1997  Tom Yu  <tlyu@mit.edu>
 
 	* ftp.c:
diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c
index 6759a25904..0cc82755f1 100644
--- a/src/appl/gssftp/ftp/cmds.c
+++ b/src/appl/gssftp/ftp/cmds.c
@@ -168,17 +168,16 @@ setpeer(argc, argv)
 		stru = STRU_F;
 		(void) strcpy(bytename, "8"), bytesize = 8;
 		if (autologin) {
-			do_auth();
+			if (do_auth() && autoencrypt) {
+				setpbsz(1<<20);
+				if (command("PROT P") == COMPLETE)
+					level = PROT_P;
+				else
+					fprintf(stderr, "ftp: couldn't enable encryption\n");
+			}
 			(void) login(argv[1]);
 		}
 
-		if (0) {
-		  setpbsz(1<<20);
-		  level = PROT_P;
-		  if (command("PROT P") != COMPLETE)
-		    fprintf(stderr, "auto PROT P setting failed\n");
-		}
-
 #ifndef unix
 #ifdef _AIX
 #define unix
diff --git a/src/appl/gssftp/ftp/ftp.M b/src/appl/gssftp/ftp/ftp.M
index 39668436c9..499b587779 100644
--- a/src/appl/gssftp/ftp/ftp.M
+++ b/src/appl/gssftp/ftp/ftp.M
@@ -37,7 +37,7 @@ ftp \- ARPANET file transfer program
 .SH SYNOPSIS
 .B ftp
 [\fB\-v\fP] [\fB\-d\fP] [\fB\-i\fP] [\fB\-n\fP] [\fB\-g\fP] [\fB\-k\fP
-\fIrealm\fP] [\fIhost\fP] [\fB\-forward\fP]
+\fIrealm\fP] [\fB\-f\fP] [\fB\-x\fP] [\fIhost\fP]
 .SH DESCRIPTION
 .B FTP
 is the user interface to the
@@ -89,11 +89,15 @@ Enables debugging.
 Disables file name globbing.
 .TP
 \fB\-k\fP \fIrealm\fP
-When using Kerberos authentication, get tickets in
+When using Kerberos v4 authentication, gets tickets in
 .IR realm .
 .TP
-.B \-forward
-Cause tickets to be forwarded to the remote host.
+.B \-f
+Causes credentials to be forwarded to the remote host.
+.TP
+.B \-x
+Causes the client to attempt to negotiate encryption (protection level
+`private') immediately after successfully authenticating.
 .SH COMMANDS
 The client host with which
 .B ftp
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
index 3d2f07a368..2fbe8e468d 100644
--- a/src/appl/gssftp/ftp/ftp.c
+++ b/src/appl/gssftp/ftp/ftp.c
@@ -1912,7 +1912,8 @@ do_auth()
 				     &gcontext,
 				     target_name,
 				     GSS_C_NULL_OID,
-				     GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+				     GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+				     (forward ? GSS_C_DELEG_FLAG : 0),
 				     0,
 				     &chan,	/* channel bindings */
 				     token_ptr,
@@ -1923,7 +1924,8 @@ do_auth()
 	      
 
 	      if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED){
-		user_gss_error(maj_stat, min_stat, "initializing context");
+		if (service_name == end_service_name)
+		  user_gss_error(maj_stat, min_stat, "initializing context");
 		(void) gss_release_name(&min_stat, &target_name);
 		/* could just be that we missed on the service name */
 		goto outer_loop;
diff --git a/src/appl/gssftp/ftp/ftp_var.h b/src/appl/gssftp/ftp/ftp_var.h
index 007ccdd53b..aa25b07564 100644
--- a/src/appl/gssftp/ftp/ftp_var.h
+++ b/src/appl/gssftp/ftp/ftp_var.h
@@ -55,6 +55,8 @@ extern int	debug;		/* debugging level */
 extern int	bell;		/* ring bell on cmd completion */
 extern int	doglob;		/* glob local file names */
 extern int	autologin;	/* establish user account on connection */
+extern int	autoencrypt;	/* negotiate encryption on connection */
+extern int	forward;	/* forward credentials */
 extern int	proxy;		/* proxy server connection active */
 extern int	proxflag;	/* proxy connection exists */
 extern int	sunique;	/* store files on server with unique name */
diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c
index 6c6cfc5f12..7c5be075a7 100644
--- a/src/appl/gssftp/ftp/main.c
+++ b/src/appl/gssftp/ftp/main.c
@@ -101,6 +101,8 @@ main(argc, argv)
 	doglob = 1;
 	interactive = 1;
 	autologin = 1;
+	forward = 0;
+	autoencrypt = 0;
 	argc--, argv++;
 	while (argc > 0 && **argv == '-') {
 		for (cp = *argv + 1; *cp; cp++)
@@ -144,6 +146,14 @@ main(argc, argv)
 				doglob = 0;
 				break;
 
+			case 'f':
+				forward = 1;
+				break;
+
+			case 'x':
+				autoencrypt = 1;
+				break;
+
 			default:
 				fprintf(stdout,
 				  "ftp: %c: unknown option\n", *cp);