void cmd_prot(int argc, char **argv)
{
int level = -1;
OPT_HELP
("Set Kerberos protection level for command or data channel. Usage:\n"
" idle [options] [command|data] level\n" "Options:\n"
" -h, --help show this help\n"
"level should be one of the following:\n" " clear\n" " safe\n"
" confidential\n" " private\n");
minargs(optind);
maxargs(optind + 1);
if (!ftp->sec_complete) {
ftp_err(_("No security data exchange has taken place\n"));
return;
}
level = name_to_level(argv[argc - 1]);
if (level == -1) {
ftp_err(_("Unrecognized protection level %s\n"), argv[argc - 1]);
return;
}
if ((*ftp->mech->check_prot) (ftp->app_data, level)) {
ftp_err(_("%s does not implement %s protection\n"),
ftp->mech->name, level_to_name(level));
return;
}
if (argc == optind + 1 || strncasecmp(argv[optind], "data",
strlen(argv[optind])) == 0) {
if (sec_prot_internal(level) < 0) {
return;
}
} else if (strncasecmp(argv[optind], "command", strlen(argv[optind])) ==
0) set_command_prot(level);
else {
ftp_err(_("Syntax error, try %s --help for more information\n"),
argv[0]);
}
return;
}
void
kauth(int argc, char **argv)
{
int ret;
char buf[1024];
des_cblock key;
des_key_schedule schedule;
KTEXT_ST tkt, tktcopy;
char *name;
char *p;
int overbose;
char passwd[100];
int tmp;
int save;
if(argc > 2){
printf("usage: %s [principal]\n", argv[0]);
code = -1;
return;
}
if(argc == 2)
name = argv[1];
else
name = username;
overbose = verbose;
verbose = 0;
save = set_command_prot(prot_private);
ret = command("SITE KAUTH %s", name);
if(ret != CONTINUE){
verbose = overbose;
set_command_prot(save);
code = -1;
return;
}
verbose = overbose;
p = strstr(reply_string, "T=");
if(!p){
printf("Bad reply from server.\n");
set_command_prot(save);
code = -1;
return;
}
p += 2;
tmp = base64_decode(p, &tkt.dat);
if(tmp < 0){
printf("Failed to decode base64 in reply.\n");
set_command_prot(save);
code = -1;
return;
}
tkt.length = tmp;
tktcopy.length = tkt.length;
p = strstr(reply_string, "P=");
if(!p){
printf("Bad reply from server.\n");
verbose = overbose;
set_command_prot(save);
code = -1;
return;
}
name = p + 2;
for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
*p = 0;
snprintf(buf, sizeof(buf), "Password for %s:", name);
if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
*passwd = '\0';
des_string_to_key (passwd, &key);
des_key_sched(&key, schedule);
des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
tkt.length,
schedule, &key, DES_DECRYPT);
if (strcmp ((char*)tktcopy.dat + 8,
KRB_TICKET_GRANTING_TICKET) != 0) {
afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
des_key_sched (&key, schedule);
des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
tkt.length,
schedule, &key, DES_DECRYPT);
}
memset(key, 0, sizeof(key));
memset(schedule, 0, sizeof(schedule));
memset(passwd, 0, sizeof(passwd));
if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
printf("Out of memory base64-encoding.\n");
set_command_prot(save);
code = -1;
return;
}
memset (tktcopy.dat, 0, tktcopy.length);
ret = command("SITE KAUTH %s %s", name, p);
free(p);
set_command_prot(save);
if(ret != COMPLETE){
code = -1;
return;
}
code = 0;
}
