void cmd_prot(int argc, char **argv) { int level = -1; OPT_HELP ("Set Kerberos protection level for command or data channel. Usage:\n" " idle [options] [command|data] level\n" "Options:\n" " -h, --help show this help\n" "level should be one of the following:\n" " clear\n" " safe\n" " confidential\n" " private\n"); minargs(optind); maxargs(optind + 1); if (!ftp->sec_complete) { ftp_err(_("No security data exchange has taken place\n")); return; } level = name_to_level(argv[argc - 1]); if (level == -1) { ftp_err(_("Unrecognized protection level %s\n"), argv[argc - 1]); return; } if ((*ftp->mech->check_prot) (ftp->app_data, level)) { ftp_err(_("%s does not implement %s protection\n"), ftp->mech->name, level_to_name(level)); return; } if (argc == optind + 1 || strncasecmp(argv[optind], "data", strlen(argv[optind])) == 0) { if (sec_prot_internal(level) < 0) { return; } } else if (strncasecmp(argv[optind], "command", strlen(argv[optind])) == 0) set_command_prot(level); else { ftp_err(_("Syntax error, try %s --help for more information\n"), argv[0]); } return; }
void kauth(int argc, char **argv) { int ret; char buf[1024]; des_cblock key; des_key_schedule schedule; KTEXT_ST tkt, tktcopy; char *name; char *p; int overbose; char passwd[100]; int tmp; int save; if(argc > 2){ printf("usage: %s [principal]\n", argv[0]); code = -1; return; } if(argc == 2) name = argv[1]; else name = username; overbose = verbose; verbose = 0; save = set_command_prot(prot_private); ret = command("SITE KAUTH %s", name); if(ret != CONTINUE){ verbose = overbose; set_command_prot(save); code = -1; return; } verbose = overbose; p = strstr(reply_string, "T="); if(!p){ printf("Bad reply from server.\n"); set_command_prot(save); code = -1; return; } p += 2; tmp = base64_decode(p, &tkt.dat); if(tmp < 0){ printf("Failed to decode base64 in reply.\n"); set_command_prot(save); code = -1; return; } tkt.length = tmp; tktcopy.length = tkt.length; p = strstr(reply_string, "P="); if(!p){ printf("Bad reply from server.\n"); verbose = overbose; set_command_prot(save); code = -1; return; } name = p + 2; for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); *p = 0; snprintf(buf, sizeof(buf), "Password for %s:", name); if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) *passwd = '\0'; des_string_to_key (passwd, &key); des_key_sched(&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, tkt.length, schedule, &key, DES_DECRYPT); if (strcmp ((char*)tktcopy.dat + 8, KRB_TICKET_GRANTING_TICKET) != 0) { afs_string_to_key (passwd, krb_realmofhost(hostname), &key); des_key_sched (&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, tkt.length, schedule, &key, DES_DECRYPT); } memset(key, 0, sizeof(key)); memset(schedule, 0, sizeof(schedule)); memset(passwd, 0, sizeof(passwd)); if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) { printf("Out of memory base64-encoding.\n"); set_command_prot(save); code = -1; return; } memset (tktcopy.dat, 0, tktcopy.length); ret = command("SITE KAUTH %s %s", name, p); free(p); set_command_prot(save); if(ret != COMPLETE){ code = -1; return; } code = 0; }