void sec_status(void) { if (ftp->sec_complete) { printf(_("Using %s for authentication.\n"), ftp->mech->name); printf(_("Using %s command channel.\n"), level_to_name(ftp->command_prot)); printf(_("Using %s data channel.\n"), level_to_name(ftp->data_prot)); if (ftp->buffer_size > 0) printf(_("Protection buffer size: %lu.\n"), (unsigned long)ftp->buffer_size); } else { printf(_("Not using any security mechanism.\n")); } }
void cmd_prot(int argc, char **argv) { int level = -1; OPT_HELP ("Set Kerberos protection level for command or data channel. Usage:\n" " idle [options] [command|data] level\n" "Options:\n" " -h, --help show this help\n" "level should be one of the following:\n" " clear\n" " safe\n" " confidential\n" " private\n"); minargs(optind); maxargs(optind + 1); if (!ftp->sec_complete) { ftp_err(_("No security data exchange has taken place\n")); return; } level = name_to_level(argv[argc - 1]); if (level == -1) { ftp_err(_("Unrecognized protection level %s\n"), argv[argc - 1]); return; } if ((*ftp->mech->check_prot) (ftp->app_data, level)) { ftp_err(_("%s does not implement %s protection\n"), ftp->mech->name, level_to_name(level)); return; } if (argc == optind + 1 || strncasecmp(argv[optind], "data", strlen(argv[optind])) == 0) { if (sec_prot_internal(level) < 0) { return; } } else if (strncasecmp(argv[optind], "command", strlen(argv[optind])) == 0) set_command_prot(level); else { ftp_err(_("Syntax error, try %s --help for more information\n"), argv[0]); } return; }
static int sec_prot_internal(int level) { char *p; unsigned int s = 1048576; ftp_set_tmp_verbosity(vbError); if (!ftp->sec_complete) { ftp_err(_("No security data exchange has taken place.\n")); return -1; } if (level) { ftp_cmd("PBSZ %u", s); if (ftp->code != ctComplete) { ftp_err(_("Failed to set protection buffer size.\n")); return -1; } ftp->buffer_size = s; p = strstr(ftp->reply, "PBSZ="); if (p) sscanf(p, "PBSZ=%u", &s); if (s < ftp->buffer_size) ftp->buffer_size = s; } ftp_cmd("PROT %c", level["CSEP"]); /* XXX :-) */ if (ftp->code != ctComplete) { ftp_err(_("Failed to set protection level.\n")); return -1; } ftp->data_prot = (enum protection_level)level; url_setprotlevel(ftp->url, level_to_name(ftp->data_prot)); return 0; }
int ftp_login(const char *guessed_username, const char *anonpass) { int ptype, r; static url_t *purl = 0; if(!ftp_connected()) return 1; if(!ftp->url) return -1; #ifdef HAVE_LIBSSH if (ftp->session) /* login authentication is performed by the ssh program */ return 0; #endif ptype = proxy_type(ftp->url); if(purl) { url_destroy(purl); purl = 0; } if(ptype > 0) purl = url_clone(gvProxyUrl); r = get_username(ftp->url, guessed_username, false); if(r != 0) return r; if(ptype > 1 && ptype < 7) { r = get_username(purl, 0, true); if(r != 0) return r; } #ifdef SECFTP ftp->sec_complete = false; ftp->data_prot = prot_clear; /* don't use secure stuff if anonymous */ if(!url_isanon(ftp->url)) { list *mechlist; /* request a protection level */ if(ftp->url->protlevel) { if(sec_request_prot(ftp->url->protlevel) != 0) ftp_err(_("Invalid protection level '%s'\n"), ftp->url->protlevel); } /* get list of mechanisms to try */ mechlist = ftp->url->mech ? ftp->url->mech : gvDefaultMechanism; if(mechlist) { listitem *li = mechlist->first; int ret = 0; for(; li; li=li->next) { const char *mech_name; mech_name = secext_name((char *)li->data); if(mech_name == 0) { ftp_err(_("unknown mechanism '%s'\n"), (char *)li->data); continue; } if(mech_unsupported(mech_name)) { ftp_err(_("Yafc was not compiled with support for %s\n"), mech_name); continue; } ret = sec_login(host_getname(ftp->host), mech_name); if(ret == -1) { if(ftp->code == ctError && ftp->fullcode != 504 && ftp->fullcode != 534) url_setmech(ftp->url, "none"); } if(ret != 1) break; } } if(ftp->sec_complete) ftp_err(_("Authentication successful.\n")); else ftp_err(_("*** Using plaintext username" " and password ***\n")); } #endif if(url_isanon(ftp->url)) fprintf(stderr, _("logging in anonymously...\n")); ftp_set_tmp_verbosity(ftp->url->password ? vbError : vbCommand); switch(ptype) { case 0: default: ftp_cmd("USER %s", ftp->url->username); break; case 1: ftp_cmd("USER %s@%s", ftp->url->username, ftp->url->hostname); break; case 2: case 3: case 4: ftp_cmd("USER %s", purl->username); if(ftp->code == ctContinue) { r = get_password(purl, 0, true); if(r != 0) return 0; ftp_cmd("PASS %s", purl->password); /* FIXME: what reply code do we expect now? */ if(ftp->code < ctTransient) { if(ptype == 2) { ftp_cmd("USER %s@%s", ftp->url->username, ftp->url->hostname); } else { if(ptype == 3) ftp_cmd("SITE %s", purl->hostname); else ftp_cmd("OPEN %s", purl->hostname); if(ftp->code < ctTransient) ftp_cmd("USER %s", ftp->url->username); } } } break; case 5: ftp_cmd("USER %s@%s@%s", ftp->url->username, purl->username, ftp->url->hostname); break; case 6: ftp_cmd("USER %s@%s", purl->username, ftp->url->hostname); if(ftp->code == ctContinue) { r = get_password(purl, 0, true); if(r != 0) return 0; ftp_cmd("PASS %s", purl->password); if(ftp->code < ctTransient) ftp_cmd("USER %s", ftp->url->username); } break; case 7: ftp_cmd("USER %s@%s:%i", ftp->url->username, ftp->url->hostname, ftp->url->port); break; } if(ftp->code == ctContinue) { ftp->loggedin = false; r = get_password(ftp->url, anonpass, false); if(r != 0) return r; if(ptype == 5) { r = get_password(purl, 0, true); if(r != 0) { url_destroy(purl); purl = 0; return 0; } } ftp_set_tmp_verbosity(vbCommand); switch(ptype) { default: case 0: case 1: case 2: case 3: case 4: case 6: ftp_cmd("PASS %s", ftp->url->password); break; case 5: ftp_cmd("PASS %s@%s", ftp->url->password, purl->password); break; } } url_destroy(purl); purl = 0; if(ftp->code > ctContinue) { if(ftp->fullcode == 530 && ftp_loggedin()) { /* this probable means '530 Already logged in' */ return 2; } ftp->loggedin = false; return 1; } if(ftp->code == ctComplete) { ftp->loggedin = true; #ifdef SECFTP /* we are logged in, now set the requested data protection level * requested from the autologin information in the config file, * if any, else uses default protection level 'clear', ie * no protection on the data channel */ if(ftp->sec_complete) { sec_set_protection_level(); fprintf(stderr, _("Data protection is %s\n"), level_to_name(ftp->data_prot)); } #endif ftp->homedir = ftp_getcurdir(); ftp->curdir = xstrdup(ftp->homedir); ftp->prevdir = xstrdup(ftp->homedir); if(ftp->url->directory) ftp_chdir(ftp->url->directory); ftp_get_feat(); return 0; } if(ftp->code == ctTransient) return 1; return -1; }