void sec_status(void)
{
if (ftp->sec_complete) {
printf(_("Using %s for authentication.\n"), ftp->mech->name);
printf(_("Using %s command channel.\n"),
level_to_name(ftp->command_prot));
printf(_("Using %s data channel.\n"), level_to_name(ftp->data_prot));
if (ftp->buffer_size > 0)
printf(_("Protection buffer size: %lu.\n"),
(unsigned long)ftp->buffer_size);
} else {
printf(_("Not using any security mechanism.\n"));
}
}
void cmd_prot(int argc, char **argv)
{
int level = -1;
OPT_HELP
("Set Kerberos protection level for command or data channel. Usage:\n"
" idle [options] [command|data] level\n" "Options:\n"
" -h, --help show this help\n"
"level should be one of the following:\n" " clear\n" " safe\n"
" confidential\n" " private\n");
minargs(optind);
maxargs(optind + 1);
if (!ftp->sec_complete) {
ftp_err(_("No security data exchange has taken place\n"));
return;
}
level = name_to_level(argv[argc - 1]);
if (level == -1) {
ftp_err(_("Unrecognized protection level %s\n"), argv[argc - 1]);
return;
}
if ((*ftp->mech->check_prot) (ftp->app_data, level)) {
ftp_err(_("%s does not implement %s protection\n"),
ftp->mech->name, level_to_name(level));
return;
}
if (argc == optind + 1 || strncasecmp(argv[optind], "data",
strlen(argv[optind])) == 0) {
if (sec_prot_internal(level) < 0) {
return;
}
} else if (strncasecmp(argv[optind], "command", strlen(argv[optind])) ==
0) set_command_prot(level);
else {
ftp_err(_("Syntax error, try %s --help for more information\n"),
argv[0]);
}
return;
}
static int sec_prot_internal(int level)
{
char *p;
unsigned int s = 1048576;
ftp_set_tmp_verbosity(vbError);
if (!ftp->sec_complete) {
ftp_err(_("No security data exchange has taken place.\n"));
return -1;
}
if (level) {
ftp_cmd("PBSZ %u", s);
if (ftp->code != ctComplete) {
ftp_err(_("Failed to set protection buffer size.\n"));
return -1;
}
ftp->buffer_size = s;
p = strstr(ftp->reply, "PBSZ=");
if (p)
sscanf(p, "PBSZ=%u", &s);
if (s < ftp->buffer_size)
ftp->buffer_size = s;
}
ftp_cmd("PROT %c", level["CSEP"]); /* XXX :-) */
if (ftp->code != ctComplete) {
ftp_err(_("Failed to set protection level.\n"));
return -1;
}
ftp->data_prot = (enum protection_level)level;
url_setprotlevel(ftp->url, level_to_name(ftp->data_prot));
return 0;
}
int ftp_login(const char *guessed_username, const char *anonpass)
{
int ptype, r;
static url_t *purl = 0;
if(!ftp_connected())
return 1;
if(!ftp->url)
return -1;
#ifdef HAVE_LIBSSH
if (ftp->session)
/* login authentication is performed by the ssh program */
return 0;
#endif
ptype = proxy_type(ftp->url);
if(purl) {
url_destroy(purl);
purl = 0;
}
if(ptype > 0)
purl = url_clone(gvProxyUrl);
r = get_username(ftp->url, guessed_username, false);
if(r != 0)
return r;
if(ptype > 1 && ptype < 7) {
r = get_username(purl, 0, true);
if(r != 0)
return r;
}
#ifdef SECFTP
ftp->sec_complete = false;
ftp->data_prot = prot_clear;
/* don't use secure stuff if anonymous
*/
if(!url_isanon(ftp->url)) {
list *mechlist;
/* request a protection level
*/
if(ftp->url->protlevel) {
if(sec_request_prot(ftp->url->protlevel) != 0)
ftp_err(_("Invalid protection level '%s'\n"),
ftp->url->protlevel);
}
/* get list of mechanisms to try
*/
mechlist = ftp->url->mech ? ftp->url->mech : gvDefaultMechanism;
if(mechlist) {
listitem *li = mechlist->first;
int ret = 0;
for(; li; li=li->next) {
const char *mech_name;
mech_name = secext_name((char *)li->data);
if(mech_name == 0) {
ftp_err(_("unknown mechanism '%s'\n"), (char *)li->data);
continue;
}
if(mech_unsupported(mech_name)) {
ftp_err(_("Yafc was not compiled with support for %s\n"),
mech_name);
continue;
}
ret = sec_login(host_getname(ftp->host), mech_name);
if(ret == -1) {
if(ftp->code == ctError
&& ftp->fullcode != 504 && ftp->fullcode != 534)
url_setmech(ftp->url, "none");
}
if(ret != 1)
break;
}
}
if(ftp->sec_complete)
ftp_err(_("Authentication successful.\n"));
else
ftp_err(_("*** Using plaintext username"
" and password ***\n"));
}
#endif
if(url_isanon(ftp->url))
fprintf(stderr, _("logging in anonymously...\n"));
ftp_set_tmp_verbosity(ftp->url->password ? vbError : vbCommand);
switch(ptype) {
case 0:
default:
ftp_cmd("USER %s", ftp->url->username);
break;
case 1:
ftp_cmd("USER %s@%s", ftp->url->username, ftp->url->hostname);
break;
case 2:
case 3:
case 4:
ftp_cmd("USER %s", purl->username);
if(ftp->code == ctContinue) {
r = get_password(purl, 0, true);
if(r != 0)
return 0;
ftp_cmd("PASS %s", purl->password);
/* FIXME: what reply code do we expect now? */
if(ftp->code < ctTransient) {
if(ptype == 2) {
ftp_cmd("USER %s@%s",
ftp->url->username, ftp->url->hostname);
} else {
if(ptype == 3)
ftp_cmd("SITE %s", purl->hostname);
else
ftp_cmd("OPEN %s", purl->hostname);
if(ftp->code < ctTransient)
ftp_cmd("USER %s", ftp->url->username);
}
}
}
break;
case 5:
ftp_cmd("USER %s@%s@%s",
ftp->url->username, purl->username, ftp->url->hostname);
break;
case 6:
ftp_cmd("USER %s@%s", purl->username, ftp->url->hostname);
if(ftp->code == ctContinue) {
r = get_password(purl, 0, true);
if(r != 0)
return 0;
ftp_cmd("PASS %s", purl->password);
if(ftp->code < ctTransient)
ftp_cmd("USER %s", ftp->url->username);
}
break;
case 7:
ftp_cmd("USER %s@%s:%i", ftp->url->username, ftp->url->hostname, ftp->url->port);
break;
}
if(ftp->code == ctContinue) {
ftp->loggedin = false;
r = get_password(ftp->url, anonpass, false);
if(r != 0)
return r;
if(ptype == 5) {
r = get_password(purl, 0, true);
if(r != 0) {
url_destroy(purl);
purl = 0;
return 0;
}
}
ftp_set_tmp_verbosity(vbCommand);
switch(ptype) {
default:
case 0:
case 1:
case 2:
case 3:
case 4:
case 6:
ftp_cmd("PASS %s", ftp->url->password);
break;
case 5:
ftp_cmd("PASS %s@%s", ftp->url->password, purl->password);
break;
}
}
url_destroy(purl);
purl = 0;
if(ftp->code > ctContinue) {
if(ftp->fullcode == 530 && ftp_loggedin()) {
/* this probable means '530 Already logged in' */
return 2;
}
ftp->loggedin = false;
return 1;
}
if(ftp->code == ctComplete) {
ftp->loggedin = true;
#ifdef SECFTP
/* we are logged in, now set the requested data protection level
* requested from the autologin information in the config file,
* if any, else uses default protection level 'clear', ie
* no protection on the data channel
*/
if(ftp->sec_complete) {
sec_set_protection_level();
fprintf(stderr, _("Data protection is %s\n"),
level_to_name(ftp->data_prot));
}
#endif
ftp->homedir = ftp_getcurdir();
ftp->curdir = xstrdup(ftp->homedir);
ftp->prevdir = xstrdup(ftp->homedir);
if(ftp->url->directory)
ftp_chdir(ftp->url->directory);
ftp_get_feat();
return 0;
}
if(ftp->code == ctTransient)
return 1;
return -1;
}
