Ag Hatzim([EMAIL PROTECTED])@Sat, Aug 20, 2005 at 08:27:25PM +0300:
Just a small correction for anyone wants to try,if you apply the
netkit-ftp-0.17-ssl-0.2.patch
compiling will fail
In addition i attach the patches for anyone is interesting.
Some from gentoo,and 2 from fedora.
I applied with the following order
netkit-ftp-0.17-acct.patch
netkit-ftp-0.17-locale.patch
netkit-ftp-0.17-runique_mget.patch
netkit-ftp-0.17-security.patch
netkit-ftp-0.17+ssl-0.2.diff
netkit-ftp-0.17+ssl-0.2+auth.diff
Ripped from Fedora
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17353
--- netkit-ftp-0.17/ftp/ftp.c.acct Sun Jan 21 00:08:29 2001
+++ netkit-ftp-0.17/ftp/ftp.c Sun Jan 21 00:09:04 2001
@@ -254,7 +254,8 @@
if (n == CONTINUE) {
aflag++;
/* fflush(stdout); */
- zacct = getpass("Account:");
+ if(zacct==NULL)
+ zacct = getpass("Account:");
n = command("ACCT %s", zacct);
}
if (n != COMPLETE) {
ripped from Fedora
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142265
--- netkit-ftp-0.17/ftp/main.c.locale 2004-12-15 16:52:14.504193752 +0000
+++ netkit-ftp-0.17/ftp/main.c 2004-12-15 16:52:51.719133655 +0000
@@ -51,6 +51,7 @@
/* #include <arpa/ftp.h> <--- unused? */
+#include <locale.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
@@ -109,6 +110,7 @@
tick = 0;
+ setlocale (LC_ALL, "");
sp = getservbyname("ftp", "tcp");
if (sp == 0) {
fprintf(stderr, "ftp: ftp/tcp: unknown service\n");
ripped from Fedora
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=79367
--- netkit-ftp-0.17/ftp/ftp.c.runique_mget 2004-12-07 12:05:49.360133092
+0100
+++ netkit-ftp-0.17/ftp/ftp.c 2004-12-07 12:06:48.480883902 +0100
@@ -923,7 +923,9 @@
return;
}
}
- else if (runique && (local = gunique(local)) == NULL) {
+ else if (runique && (strcmp(cmd, "NLST") != 0) &&
+ (local = gunique(local)) == NULL)
+ {
(void) signal(SIGINT, oldintr);
code = -1;
return;
ripped from Fedora
diff -urN netkit-ftp-0.17-pre20000412/ftp/ftp.c
netkit-ftp-0.17-pre20000412.new/ftp/ftp.c
--- netkit-ftp-0.17-pre20000412/ftp/ftp.c Mon Dec 13 21:33:20 1999
+++ netkit-ftp-0.17-pre20000412.new/ftp/ftp.c Wed Aug 16 14:12:50 2000
@@ -883,7 +883,7 @@
}
if (fstat(fileno(fout), &st) < 0 || st.st_blksize == 0)
st.st_blksize = BUFSIZ;
- if (st.st_blksize > bufsize) {
+ if ((unsigned)st.st_blksize > bufsize) {
if (buf)
(void) free(buf);
buf = malloc((unsigned)st.st_blksize);
diff -u -r -N netkit-ftp-0.17/ftp/Makefile netkit-ftp-0.17+ssl-0.2/ftp/Makefile
--- netkit-ftp-0.17/ftp/Makefile Sun Aug 1 08:00:12 1999
+++ netkit-ftp-0.17+ssl-0.2/ftp/Makefile Mon Sep 25 23:36:51 2000
@@ -8,6 +8,9 @@
LIBS += -lreadline $(LIBTERMCAP)
endif
+CFLAGS += -DUSE_SSL -g
+LIBS += -lssl -lcrypto
+
ftp: cmds.o cmdtab.o domacro.o ftp.o glob.o main.o ruserpass.o
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
diff -u -r -N netkit-ftp-0.17/ftp/cmds.c netkit-ftp-0.17+ssl-0.2/ftp/cmds.c
--- netkit-ftp-0.17/ftp/cmds.c Sun Jul 23 03:36:59 2000
+++ netkit-ftp-0.17+ssl-0.2/ftp/cmds.c Sun Sep 24 15:09:15 2000
@@ -207,6 +207,32 @@
}
port = ftp_port;
if (argc > 2) {
+#ifdef USE_SSL
+ /* not really an SSL enhancement but something that
+ * should have always been here --tjh
+ */
+ if (!isdigit(argv[2][0])) {
+ struct servent *destsp;
+
+ destsp = getservbyname(argv[2], "tcp");
+
+ /* if lookup fails for ssl-ftp we fallback to
+ * the default (unofficial) port number
+ */
+ if ((strcmp(argv[2],"ssl-ftp")==0) && (destsp==NULL))
+ port = 150;
+ else {
+ if (destsp == NULL ) {
+ printf("%s: bad port name-- %s\n",argv[1],argv[2]);
+ printf ("usage: %s host-name [port]\n",argv[0]);
+ code = -1;
+ return;
+ } else {
+ port = ntohs(destsp->s_port);
+ }
+ }
+ } else
+#endif /* USE_SSL */
port = atoi(argv[2]);
if (port < 1) {
printf("%s: bad port number-- %s\n", argv[1], argv[2]);
diff -u -r -N netkit-ftp-0.17/ftp/ftp.1 netkit-ftp-0.17+ssl-0.2/ftp/ftp.1
--- netkit-ftp-0.17/ftp/ftp.1 Mon Jul 31 01:56:59 2000
+++ netkit-ftp-0.17+ssl-0.2/ftp/ftp.1 Sun May 13 14:10:22 2001
@@ -97,6 +97,52 @@
as report on data transfer statistics.
.It Fl d
Enables debugging.
+.It Fl z Ar option
+Set SSL (Secure Socket Layer) parameters. The default is to negotiate
+via ftp protocoll if SSL is availlable at server side and then to
+switch it on. In this mode you can connect to both conventional and
+SSL enhanced ftpd's.
+.Pp
+The SSL parameters are:
+.Bl -tag -width Fl
+.It Ic Ar debug
+Send SSL related debugging information to stderr.
+.It Ic Ar authdebug
+Enable authentication debugging.
+.It Ic Ar ssl
+Negotiate SSL at first, then use ftp protocol. ftp protocol
+negotiation goes encrypted. (Not yet implemented)
+.It Ic Ar nossl, Ar !ssl
+switch of SSL negotiation
+.It Ic Ar certrequired
+client certificate is mandatory
+.It Ic Ar secure
+Don't switch back to unencrypted mode (no SSL) if SSL is not available.
+.It Ic Ar verbose
+Be verbose about certificates etc.
+.It Ic Ar verify=int
+.\" TODO
+Set the SSL verify flags (SSL_VERIFY_* in
+.Ar ssl/ssl.h
+).
+.\" TODO
+.It Ic Ar cert=cert_file
+.\" TODO
+Use the certificate(s) in
+.Ar cert_file .
+.It Ic Ar key=key_file
+.\" TODO
+Use the key(s) in
+.Ar key_file .
+.It Ic Ar cipher=ciph_list
+.\" TODO
+Set the preferred ciphers to
+.Ar ciph_list .
+.\" TODO: possible values; comma-separated list?
+(See
+.Ar ssl/ssl.h
+).
+.El
.El
.Pp
The client host with which
diff -u -r -N netkit-ftp-0.17/ftp/ftp.c netkit-ftp-0.17+ssl-0.2/ftp/ftp.c
--- netkit-ftp-0.17/ftp/ftp.c Mon Dec 13 21:33:20 1999
+++ netkit-ftp-0.17+ssl-0.2/ftp/ftp.c Tue Sep 26 00:25:48 2000
@@ -1,3 +1,15 @@
+/*
+ * The modifications to support SSLeay were done by Tim Hudson
+ * [EMAIL PROTECTED]
+ *
+ * You can do whatever you like with these patches except pretend that
+ * you wrote them.
+ *
+ * Email [EMAIL PROTECTED] to get instructions on how to
+ * join the mailing list that discusses SSLeay and also these patches.
+ *
+ */
+
/*
* Copyright (c) 1985, 1989 Regents of the University of California.
* All rights reserved.
@@ -77,6 +89,17 @@
static sigjmp_buf ptabort;
static int ptabflg = 0;
static int abrtflag = 0;
+#ifdef USE_SSL
+static int pdata = -1;
+static int
+auth_user(char *u,char *p);
+static int
+ssl_getc(SSL *ssl_con);
+static int
+ssl_putc_flush(SSL *ssl_con);
+static int
+ssl_putc(SSL *ssl_con, int oneint);
+#endif
void lostpeer(int);
extern int connected;
@@ -243,14 +266,7 @@
else
luser = tmp;
}
- n = command("USER %s", luser);
- if (n == CONTINUE) {
- if (pass == NULL) {
- /* fflush(stdout); */
- pass = getpass("Password:");
- }
- n = command("PASS %s", pass);
- }
+ n = auth_user(luser,pass);
if (n == CONTINUE) {
aflag++;
/* fflush(stdout); */
@@ -296,6 +312,9 @@
va_list ap;
int r;
void (*oldintr)(int);
+#ifdef USE_SSL
+ char outputbuf[8192];
+#endif /* USE_SSL */
abrtflag = 0;
if (debug) {
@@ -316,10 +335,27 @@
}
oldintr = signal(SIGINT, cmdabort);
va_start(ap, fmt);
+#ifdef USE_SSL
+ /* assemble the output into a buffer */
+ vsnprintf(outputbuf,sizeof(outputbuf),fmt,ap);
+ strcat(outputbuf,"\r\n");
+ if (ssl_active_flag) {
+ SSL_write(ssl_con,outputbuf,strlen(outputbuf));
+ } else {
+ fprintf(cout,"%s",outputbuf);
+ fflush(cout);
+ }
+#else /* !USE_SSL */
vfprintf(cout, fmt, ap);
+#endif /* USE_SSL */
va_end(ap);
+
+#ifndef USE_SSL
+ /* we don't need this as we concatenated it above */
fprintf(cout, "\r\n");
(void) fflush(cout);
+#endif /* !USE_SSL */
+
cpend = 1;
r = getreply(!strcmp(fmt, "QUIT"));
if (abrtflag && oldintr != SIG_IGN)
@@ -343,25 +379,39 @@
int pflag = 0;
size_t px = 0;
size_t psize = sizeof(pasv);
+ char buf[16];
oldintr = signal(SIGINT, cmdabort);
for (;;) {
dig = n = code = 0;
cp = reply_string;
- while ((c = getc(cin)) != '\n') {
+ while ((c = GETC(cin)) != '\n') {
if (c == IAC) { /* handle telnet commands */
- switch (c = getc(cin)) {
+ switch (c = GETC(cin)) {
case WILL:
case WONT:
- c = getc(cin);
- fprintf(cout, "%c%c%c", IAC, DONT, c);
- (void) fflush(cout);
+ c = GETC(cin);
+ sprintf(buf,
+ "%c%c%c", IAC, DONT, c);
+#ifdef USE_SSL
+ if (ssl_active_flag)
+ SSL_write(ssl_con,buf,3);
+ else
+#endif /* !USE_SSL */
+ fwrite(buf,3,1,cout);
+ (void) FFLUSH(cout);
break;
case DO:
case DONT:
- c = getc(cin);
- fprintf(cout, "%c%c%c", IAC, WONT, c);
- (void) fflush(cout);
+ c = GETC(cin);
+ sprintf(buf, "%c%c%c", IAC, WONT, c);
+#ifdef USE_SSL
+ if (ssl_active_flag)
+ SSL_write(ssl_con,buf,3);
+ else
+#endif /* !USE_SSL */
+ fwrite(buf,3,1,cout);
+ (void) FFLUSH(cout);
break;
default:
break;
@@ -600,9 +650,18 @@
errno = d = 0;
while ((c = read(fileno(fin), buf, sizeof (buf))) > 0) {
bytes += c;
+#ifdef USE_SSL
+ if (ssl_data_active_flag) {
+ for (bufp = buf; c > 0; c -= d, bufp += d)
+ if ((d = SSL_write(ssl_data_con, bufp, c)) <= 0)
+ break;
+ } else
+#endif /* !USE_SSL */
+ {
for (bufp = buf; c > 0; c -= d, bufp += d)
if ((d = write(fileno(dout), bufp, c)) <= 0)
break;
+ }
if (hash) {
while (bytes >= hashbytes) {
(void) putchar('#');
@@ -654,16 +713,17 @@
}
if (ferror(dout))
break;
- (void) putc('\r', dout);
+ (void) DATAPUTC('\r', dout);
bytes++;
}
- (void) putc(c, dout);
+ (void) DATAPUTC(c, dout);
bytes++;
/* if (c == '\r') { */
/* (void) putc('\0', dout); (* this violates rfc */
/* bytes++; */
/* } */
}
+ DATAFLUSH(dout);
if (hash) {
if (bytes < hashbytes)
(void) putchar('#');
@@ -688,6 +748,15 @@
if (closefunc != NULL)
(*closefunc)(fin);
(void) fclose(dout);
+
+#ifdef USE_SSL
+ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
+ ssl_data_active_flag=0;
+ ssl_data_con=NULL;
+ }
+#endif /* USE_SSL */
+
/* closes data as well, so discard it */
data = -1;
(void) getreply(0);
@@ -714,6 +783,15 @@
(void) close(data);
data = -1;
}
+
+#ifdef USE_SSL
+ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
+ ssl_data_active_flag=0;
+ ssl_data_con=NULL;
+ }
+#endif /* USE_SSL */
+
(void) getreply(0);
code = -1;
if (closefunc != NULL && fin != NULL)
@@ -908,6 +986,33 @@
return;
}
errno = d = 0;
+#ifdef USE_SSL
+ if (ssl_data_active_flag) {
+ while ((c = SSL_read(ssl_data_con, buf, bufsize)) > 0) {
+ if ((d = write(fileno(fout), buf, c)) != c)
+ break;
+ bytes += c;
+ if (hash) {
+ while (bytes >= hashbytes) {
+ (void) putchar('#');
+ hashbytes += HASHBYTES;
+ }
+ (void) fflush(stdout);
+ }
+ }
+ if ( c < -1 ) {
+ static char errbuf[1024];
+
+ sprintf(errbuf,"ftp: SSL_read DATA error %s\n",
+ ERR_error_string(ERR_get_error(),NULL));
+
+ /* tell the user ... who else */
+ fprintf(stderr,"%s", errbuf);
+ fflush(stderr);
+ }
+ } else
+#endif /* !USE_SSL */
+ {
while ((c = read(fileno(din), buf, bufsize)) > 0) {
if ((d = write(fileno(fout), buf, c)) != c)
break;
@@ -927,6 +1032,7 @@
hashbytes += TICKBYTES;
}
}
+ }
if (hash && bytes > 0) {
if (bytes < HASHBYTES)
(void) putchar('#');
@@ -973,7 +1079,7 @@
return;
}
}
- while ((c = getc(din)) != EOF) {
+ while ((c = DATAGETC(din)) != EOF) {
if (c == '\n')
bare_lfs++;
while (c == '\r') {
@@ -991,7 +1097,7 @@
hashbytes += TICKBYTES;
}
bytes++;
- if ((c = getc(din)) != '\n' || tcrflag) {
+ if ((c = DATAGETC(din)) != '\n' || tcrflag) {
if (ferror(fout))
goto break2;
(void) putc('\r', fout);
@@ -1039,6 +1145,15 @@
(void) signal(SIGPIPE, oldintp);
(void) gettimeofday(&stop, (struct timezone *)0);
(void) fclose(din);
+
+#ifdef USE_SSL
+ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
+ ssl_data_active_flag=0;
+ ssl_data_con=NULL;
+ }
+#endif /* USE_SSL */
+
/* closes data as well, so discard it */
data = -1;
(void) getreply(0);
@@ -1071,6 +1186,15 @@
(void) close(data);
data = -1;
}
+
+#ifdef USE_SSL
+ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
+ ssl_data_active_flag=0;
+ ssl_data_con=NULL;
+ }
+#endif /* USE_SSL */
+
if (bytes > 0)
ptransfer("received", bytes, &start, &stop);
(void) signal(SIGINT, oldintr);
@@ -1207,6 +1331,7 @@
struct sockaddr_in from;
int s, tos;
socklen_t fromlen = sizeof(from);
+ int ret;
if (passivemode)
return (fdopen(data, lmode));
@@ -1224,6 +1349,67 @@
if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
perror("ftp: setsockopt TOS (ignored)");
#endif
+
+#ifdef USE_SSL
+ ssl_data_active_flag=0;
+ if (ssl_active_flag && ssl_encrypt_data) {
+ /* do SSL */
+ if (ssl_data_con!=NULL) {
+ SSL_free(ssl_data_con);
+ ssl_data_con=NULL;
+ }
+ ssl_data_con=(SSL *)SSL_new(ssl_ctx);
+
+ SSL_set_fd(ssl_data_con,data);
+ set_ssl_trace(ssl_data_con);
+
+ SSL_set_verify(ssl_data_con,ssl_verify_flag,NULL);
+
+ /* this is the "magic" call that makes
+ * this quick assuming Eric has this going
+ * okay! ;-)
+ */
+ SSL_copy_session_id(ssl_data_con,ssl_con);
+
+ /* we are doing I/O and not using select so
+ * it is "safe" to read ahead
+ */
+ /* SSL_set_read_ahead(ssl_data_con,1); */
+
+ if (debug) {
+ fprintf(stderr,"===>START SSL connect on DATA\n");
+ fflush(stderr);
+ }
+
+ if ((ret=SSL_connect(ssl_data_con))<=0) {
+ static char errbuf[1024];
+
+ sprintf(errbuf,"ftp: SSL_connect DATA error %d - %s\n",
+ ret,ERR_error_string(ERR_get_error(),NULL));
+
+ /* tell the user ... who else */
+ fprintf(stderr,"%s", errbuf);
+ fflush(stderr);
+
+ /* abort time methinks ... */
+ close(data);
+ return NULL;
+ } else {
+ if (ssl_debug_flag) {
+ BIO_printf(bio_err,"[SSL DATA Cipher %s]\n",
+ SSL_get_cipher(ssl_con));
+ }
+ ssl_data_active_flag=1;
+ }
+
+ if (debug) {
+ fprintf(stderr,"===>DONE SSL connect on DATA %d\n",data);
+ fflush(stderr);
+ }
+
+ }
+#endif /* USE_SSL */
+
return (fdopen(data, lmode));
}
@@ -1609,3 +1795,142 @@
}
(void) getreply(0);
}
+
+static int
+auth_user(char *u,char *p)
+{
+ int n;
+
+#ifdef USE_SSL
+ if (ssl_enabled) {
+ n = command("AUTH SSL");
+ if (n == ERROR) { /* do normal USER/PASS */
+ printf("SSL not available\n");
+ /* spit the dummy as we will only talk ssl
+ * when running in "secure" mode
+ */
+ if (ssl_secure_flag)
+ return ERROR;
+ } else if (n == CONTINUE ) {
+ /* do SSL */
+ ssl_con=(SSL *)SSL_new(ssl_ctx);
+
+ SSL_set_fd(ssl_con,fileno(cout));
+ set_ssl_trace(ssl_con);
+
+ SSL_set_verify(ssl_con,ssl_verify_flag,NULL);
+
+ /* Add in any certificates if you want to here ... */
+ if (my_ssl_cert_file) {
+ if (!SSL_use_certificate_file(ssl_con, my_ssl_cert_file,
+ X509_FILETYPE_PEM)) {
+ fprintf(stderr,"%s: ",my_ssl_cert_file);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ } else {
+ if (!my_ssl_key_file)
+ my_ssl_key_file = my_ssl_cert_file;
+ if (!SSL_use_RSAPrivateKey_file(ssl_con,
my_ssl_key_file,
+ X509_FILETYPE_PEM)) {
+ fprintf(stderr,"%s: ", my_ssl_key_file);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ }
+ }
+
+ if (SSL_connect(ssl_con)<=0) {
+ static char errbuf[1024];
+
+ sprintf(errbuf,"ftp: SSL_connect error %s\n",
+ ERR_error_string(ERR_get_error(),NULL));
+ perror(errbuf);
+ /* abort time methinks ... */
+ exit(1);
+ } else {
+ fprintf(stderr,"[SSL Cipher %s]\n",SSL_get_cipher(ssl_con));
+ fflush(stderr);
+ ssl_active_flag=1;
+ }
+
+ n = command("USER %s",u);
+ if (n == CONTINUE) {
+ if(p == NULL)
+ p = getpass("Password:");
+ n = command("PASS %s",p);
+ }
+ return (n);
+ }
+ }
+#endif /* USE_SSL */
+ n = command("USER %s",u);
+ if (n == CONTINUE) {
+ if(p == NULL)
+ p = getpass("Password:");
+ n = command("PASS %s",p);
+ }
+ return(n);
+}
+
+#ifdef USE_SSL
+
+/* we really shouldn't have code like this! --tjh */
+static int
+ssl_getc(SSL *ssl_con)
+{
+ char onebyte;
+ int ret;
+
+ if ((ret=SSL_read(ssl_con,&onebyte,1))!=1) {
+ /* we want to know this stuff! */
+ if (ssl_debug_flag || (ret!=0)) {
+ fprintf(stderr,"ssl_getc: SSL_read failed %d = %d\n",ret,errno);
+ fflush(stderr);
+ }
+ return -1;
+ } else {
+ if (ssl_debug_flag) {
+ BIO_printf(bio_err,"ssl_getc: SSL_read %d (%c) ",onebyte &
0xff,isprint(onebyte)?onebyte:'.');
+ }
+ return onebyte & 0xff;
+ }
+}
+
+
+/* got back to this an implemented some rather "simple" buffering */
+static char putc_buf[BUFSIZ];
+static int putc_buf_pos=0;
+
+static int
+ssl_putc_flush(SSL *ssl_con)
+{
+ if (putc_buf_pos>0) {
+ if (SSL_write(ssl_con,putc_buf,putc_buf_pos)!=putc_buf_pos) {
+ if (ssl_debug_flag) {
+ BIO_printf(bio_err,"ssl_putc_flush: WRITE FAILED\n");
+ }
+ putc_buf_pos=0;
+ return -1;
+ }
+ }
+ putc_buf_pos=0;
+ return 0;
+}
+
+int
+ssl_putc(SSL *ssl_con,int oneint)
+{
+ char onebyte;
+
+ onebyte = oneint & 0xff;
+
+ /* make sure there is space */
+ if (putc_buf_pos>=BUFSIZ)
+ if (ssl_putc_flush(ssl_con)!=0)
+ return EOF;
+ putc_buf[putc_buf_pos++]=onebyte;
+
+ return onebyte;
+}
+
+#endif /* USE_SSL */
diff -u -r -N netkit-ftp-0.17/ftp/ftp_var.h
netkit-ftp-0.17+ssl-0.2/ftp/ftp_var.h
--- netkit-ftp-0.17/ftp/ftp_var.h Sat Oct 2 20:39:17 1999
+++ netkit-ftp-0.17+ssl-0.2/ftp/ftp_var.h Sun Sep 24 15:48:48 2000
@@ -158,3 +158,6 @@
void setpeer(int argc, char *argv[]);
void quit(void);
void changetype(int newtype, int show);
+
+#include "sslapp.h"
+#include "ssl_port.h"
diff -u -r -N netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17+ssl-0.2/ftp/main.c
--- netkit-ftp-0.17/ftp/main.c Sat Oct 2 15:25:23 1999
+++ netkit-ftp-0.17+ssl-0.2/ftp/main.c Thu May 3 20:42:41 2001
@@ -1,3 +1,15 @@
+/*
+ * The modifications to support SSLeay were done by Tim Hudson
+ * [EMAIL PROTECTED]
+ *
+ * You can do whatever you like with these patches except pretend that
+ * you wrote them.
+ *
+ * Email [EMAIL PROTECTED] to get instructions on how to
+ * join the mailing list that discusses SSLeay and also these patches.
+ *
+ */
+
/*
* Copyright (c) 1985, 1989 Regents of the University of California.
* All rights reserved.
@@ -82,6 +94,75 @@
static void cmdscanner(int top);
static char *slurpstring(void);
+#ifdef USE_SSL
+
+/* icky way of doing things ... */
+#include "sslapp.c"
+
+/*
+#include "ssl_err.h"
+*/
+
+SSL *ssl_con;
+SSL *ssl_data_con;
+int ssl_data_active_flag=0;
+
+/* for the moment this is a compile time option only --tjh */
+int ssl_encrypt_data=1;
+int ssl_enabled=1;
+
+char *my_ssl_key_file=NULL;
+char *my_ssl_cert_file=NULL;
+
+BIO *bio_err=NULL;
+
+static long
+bio_dump_cb(BIO *bio,
+ int cmd,
+ char *argp,
+ int argi,
+ long argl,
+ long ret)
+ {
+ BIO *out;
+
+/*
+ out=(BIO *)BIO_get_callback_arg(bio);
+*/
+ out=bio_err;
+ if (out == NULL) return(ret);
+
+ if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"read from %08X (%d bytes => %ld (%X))\n",
+ bio,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ BIO_flush(out);
+ }
+ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"write to %08X (%d bytes => %ld (%X))\n",
+ bio,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ BIO_flush(out);
+ }
+ return( (cmd & BIO_CB_RETURN) ? ret : 1);
+ }
+
+int
+set_ssl_trace(SSL *con)
+{
+ if (con!=NULL) {
+ if (ssl_debug_flag) {
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback_arg(SSL_get_rbio(con),bio_err);
+ }
+ }
+ return 0;
+}
+
+#endif /* USE_SSL */
+
static
void
usage(void)
@@ -106,6 +187,7 @@
int top;
struct passwd *pw = NULL;
char homedir[MAXPATHLEN];
+ char *optarg;
tick = 0;
@@ -134,6 +216,7 @@
argc--, argv++;
while (argc > 0 && **argv == '-') {
+ optarg=*(argv+1);
for (cp = *argv + 1; *cp; cp++)
switch (*cp) {
@@ -174,6 +257,44 @@
usage();
exit(0);
+#ifdef USE_SSL
+ case 'z':
+ if (strcmp(optarg, "debug") == 0 ) {
+ ssl_debug_flag=1;
+ }
+ if (strcmp(optarg, "ssl") == 0 ) {
+ ssl_only_flag=1;
+ }
+ /* disable *all* ssl stuff */
+ if ( (strcmp(optarg, "!ssl") == 0 ) ||
+ (strcmp(optarg, "nossl") == 0 ) ) {
+ ssl_enabled=0;
+ }
+ if (strcmp(optarg, "secure") == 0 ) {
+ ssl_secure_flag=1;
+ }
+ if (strcmp(optarg, "certsok") == 0 ) {
+ ssl_certsok_flag=1;
+ }
+ if (strcmp(optarg, "verbose") == 0 ) {
+ ssl_verbose_flag=1;
+ }
+ if (strncmp(optarg, "verify=",
strlen("verify=")) == 0 ) {
+
ssl_verify_flag=atoi(optarg+strlen("verify="));
+ }
+ if (strncmp(optarg, "cert=", strlen("cert="))
== 0 ) {
+ my_ssl_cert_file=optarg+strlen("cert=");
+ }
+ if (strncmp(optarg, "key=", strlen("key=")) ==
0 ) {
+ my_ssl_key_file=optarg+strlen("key=");
+ }
+
+ /* we have swallowed an extra arg */
+ argc--;
+ argv++;
+ break;
+#endif /* USE_SSL */
+
default:
fprintf(stdout,
"ftp: %c: unknown option\n", *cp);
@@ -202,6 +323,18 @@
homedir[sizeof(homedir)-1] = 0;
home = homedir;
}
+
+#ifdef USE_SSL
+ if (ssl_enabled) {
+ if (!do_ssleay_init(0)) {
+ fprintf(stderr,"ftp: SSLeay initialisation failed\n");
+ fflush(stderr);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ }
+#endif /* USE_SSL */
+
if (argc > 0) {
if (sigsetjmp(toplevel, 1))
exit(0);
diff -u -r -N netkit-ftp-0.17/ftp/main.c.~1~
netkit-ftp-0.17+ssl-0.2/ftp/main.c.~1~
--- netkit-ftp-0.17/ftp/main.c.~1~ Thu Jan 1 01:00:00 1970
+++ netkit-ftp-0.17+ssl-0.2/ftp/main.c.~1~ Sun Sep 24 16:30:36 2000
@@ -0,0 +1,735 @@
+/*
+ * The modifications to support SSLeay were done by Tim Hudson
+ * [EMAIL PROTECTED]
+ *
+ * You can do whatever you like with these patches except pretend that
+ * you wrote them.
+ *
+ * Email [EMAIL PROTECTED] to get instructions on how to
+ * join the mailing list that discusses SSLeay and also these patches.
+ *
+ */
+
+/*
+ * Copyright (c) 1985, 1989 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+char copyright[] =
+ "@(#) Copyright (c) 1985, 1989 Regents of the University of California.\n"
+ "All rights reserved.\n";
+
+/*
+ * from: @(#)main.c 5.18 (Berkeley) 3/1/91
+ */
+char main_rcsid[] =
+ "$Id: netkit-ftp-0.17+ssl-0.2.diff,v 1.2 2005/07/29 01:38:43 vapier Exp $";
+
+
+/*
+ * FTP User Program -- Command Interface.
+ */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+
+/* #include <arpa/ftp.h> <--- unused? */
+
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <pwd.h>
+#ifdef __USE_READLINE__
+#include <readline/readline.h>
+#include <readline/history.h>
+#endif
+
+#define Extern
+#include "ftp_var.h"
+int traceflag = 0;
+const char *home = "/";
+
+extern FILE *cout;
+extern int data;
+extern struct cmd cmdtab[];
+extern int NCMDS;
+
+void intr(int);
+void lostpeer(int);
+void help(int argc, char *argv[]);
+
+static void cmdscanner(int top);
+static char *slurpstring(void);
+
+#ifdef USE_SSL
+
+/* icky way of doing things ... */
+#include "sslapp.c"
+
+/*
+#include "ssl_err.h"
+*/
+
+SSL *ssl_con;
+SSL *ssl_data_con;
+int ssl_data_active_flag=0;
+
+/* for the moment this is a compile time option only --tjh */
+int ssl_encrypt_data=1;
+int ssl_enabled=1;
+
+char *my_ssl_key_file=NULL;
+char *my_ssl_cert_file=NULL;
+
+BIO *bio_err=NULL;
+
+static long
+bio_dump_cb(BIO *bio,
+ int cmd,
+ char *argp,
+ int argi,
+ long argl,
+ long ret)
+ {
+ BIO *out;
+
+/*
+ out=(BIO *)BIO_get_callback_arg(bio);
+*/
+ out=bio_err;
+ if (out == NULL) return(ret);
+
+ if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"read from %08X (%d bytes => %ld (%X))\n",
+ bio,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ BIO_flush(out);
+ }
+ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
+ {
+ BIO_printf(out,"write to %08X (%d bytes => %ld (%X))\n",
+ bio,argi,ret,ret);
+ BIO_dump(out,argp,(int)ret);
+ BIO_flush(out);
+ }
+ return( (cmd & BIO_CB_RETURN) ? ret : 1);
+ }
+
+int
+set_ssl_trace(SSL *con)
+{
+ if (con!=NULL) {
+ if (ssl_debug_flag) {
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback_arg(SSL_get_rbio(con),bio_err);
+ }
+ }
+ return 0;
+}
+
+#endif /* USE_SSL */
+
+static
+void
+usage(void)
+{
+ printf("\n\tUsage: { ftp | pftp } [-pinegvtd] [hostname]\n");
+ printf("\t -p: enable passive mode (default for pftp)\n");
+ printf("\t -i: turn off prompting during mget\n");
+ printf("\t -n: inhibit auto-login\n");
+ printf("\t -e: disable readline support, if present\n");
+ printf("\t -g: disable filename globbing\n");
+ printf("\t -v: verbose mode\n");
+ printf("\t -t: enable packet tracing [nonfunctional]\n");
+ printf("\t -d: enable debugging\n");
+ printf("\n");
+}
+
+int
+main(volatile int argc, char **volatile argv)
+{
+ register char *cp;
+ struct servent *sp;
+ int top;
+ struct passwd *pw = NULL;
+ char homedir[MAXPATHLEN];
+
+ tick = 0;
+
+ sp = getservbyname("ftp", "tcp");
+ if (sp == 0) {
+ fprintf(stderr, "ftp: ftp/tcp: unknown service\n");
+ exit(1);
+ }
+ ftp_port = sp->s_port;
+ doglob = 1;
+ interactive = 1;
+ autologin = 1;
+ passivemode = 0;
+
+ cp = strrchr(argv[0], '/');
+ cp = (cp == NULL) ? argv[0] : cp+1;
+ if (strcmp(cp, "pftp") == 0)
+ passivemode = 1;
+
+#ifdef __USE_READLINE__
+ /*
+ * Set terminal type so libreadline can parse .inputrc correctly
+ */
+ rl_terminal_name = getenv("TERM");
+#endif
+
+ argc--, argv++;
+ while (argc > 0 && **argv == '-') {
+ for (cp = *argv + 1; *cp; cp++)
+ switch (*cp) {
+
+ case 'd':
+ options |= SO_DEBUG;
+ debug++;
+ break;
+
+ case 'v':
+ verbose++;
+ break;
+
+ case 't':
+ traceflag++;
+ break;
+
+ case 'i':
+ interactive = 0;
+ break;
+
+ case 'n':
+ autologin = 0;
+ break;
+
+ case 'p':
+ passivemode = 1;
+ break;
+
+ case 'g':
+ doglob = 0;
+ break;
+
+ case 'e':
+ rl_inhibit = 1;
+ break;
+
+ case 'h':
+ usage();
+ exit(0);
+
+#ifdef USE_SSL
+ case 'z':
+ if (strcmp(optarg, "debug") == 0 ) {
+ ssl_debug_flag=1;
+ }
+ if (strcmp(optarg, "ssl") == 0 ) {
+ ssl_only_flag=1;
+ }
+ /* disable *all* ssl stuff */
+ if ( (strcmp(optarg, "!ssl") == 0 ) ||
+ (strcmp(optarg, "nossl") == 0 ) ) {
+ ssl_enabled=0;
+ }
+ if (strcmp(optarg, "secure") == 0 ) {
+ ssl_secure_flag=1;
+ }
+ if (strcmp(optarg, "certsok") == 0 ) {
+ ssl_certsok_flag=1;
+ }
+ if (strcmp(optarg, "verbose") == 0 ) {
+ ssl_verbose_flag=1;
+ }
+ if (strncmp(optarg, "verify=",
strlen("verify=")) == 0 ) {
+
ssl_verify_flag=atoi(optarg+strlen("verify="));
+ }
+ if (strncmp(optarg, "cert=", strlen("cert="))
== 0 ) {
+ my_ssl_cert_file=optarg+strlen("cert=");
+ }
+ if (strncmp(optarg, "key=", strlen("key=")) ==
0 ) {
+ my_ssl_key_file=optarg+strlen("key=");
+ }
+
+ /* we have swallowed an extra arg */
+ argc--;
+ argv++;
+ break;
+#endif /* USE_SSL */
+
+ default:
+ fprintf(stdout,
+ "ftp: %c: unknown option\n", *cp);
+ exit(1);
+ }
+ argc--, argv++;
+ }
+ fromatty = isatty(fileno(stdin));
+ if (fromatty)
+ verbose++;
+ cpend = 0; /* no pending replies */
+ proxy = 0; /* proxy not active */
+ crflag = 1; /* strip c.r. on ascii gets */
+ sendport = -1; /* not using ports */
+ /*
+ * Set up the home directory in case we're globbing.
+ */
+ cp = getlogin();
+ if (cp != NULL) {
+ pw = getpwnam(cp);
+ }
+ if (pw == NULL)
+ pw = getpwuid(getuid());
+ if (pw != NULL) {
+ strncpy(homedir, pw->pw_dir, sizeof(homedir));
+ homedir[sizeof(homedir)-1] = 0;
+ home = homedir;
+ }
+
+#ifdef USE_SSL
+ if (ssl_enabled) {
+ if (!do_ssleay_init(0)) {
+ fprintf(stderr,"ftp: SSLeay initialisation failed\n");
+ fflush(stderr);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ }
+#endif /* USE_SSL */
+
+ if (argc > 0) {
+ if (sigsetjmp(toplevel, 1))
+ exit(0);
+ (void) signal(SIGINT, intr);
+ (void) signal(SIGPIPE, lostpeer);
+ setpeer(argc + 1, argv - 1);
+ }
+ top = sigsetjmp(toplevel, 1) == 0;
+ if (top) {
+ (void) signal(SIGINT, intr);
+ (void) signal(SIGPIPE, lostpeer);
+ }
+ for (;;) {
+ cmdscanner(top);
+ top = 1;
+ }
+}
+
+void
+intr(int ignore)
+{
+ (void)ignore;
+ siglongjmp(toplevel, 1);
+}
+
+void
+lostpeer(int ignore)
+{
+ (void)ignore;
+
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), 1+1);
+ fclose(cout);
+ cout = NULL;
+ }
+ if (data >= 0) {
+ shutdown(data, 1+1);
+ close(data);
+ data = -1;
+ }
+ connected = 0;
+ }
+ pswitch(1);
+ if (connected) {
+ if (cout != NULL) {
+ shutdown(fileno(cout), 1+1);
+ fclose(cout);
+ cout = NULL;
+ }
+ connected = 0;
+ }
+ proxflag = 0;
+ pswitch(0);
+}
+
+/*char *
+tail(filename)
+ char *filename;
+{
+ register char *s;
+
+ while (*filename) {
+ s = rindex(filename, '/');
+ if (s == NULL)
+ break;
+ if (s[1])
+ return (s + 1);
+ *s = '\0';
+ }
+ return (filename);
+}
+*/
+
+static char *get_input_line(char *buf, int buflen)
+{
+#ifdef __USE_READLINE__
+ if (fromatty && !rl_inhibit) {
+ char *lineread = readline("ftp> ");
+ if (!lineread) return NULL;
+ strncpy(buf, lineread, buflen);
+ buf[buflen-1] = 0;
+ if (lineread[0]) add_history(lineread);
+ free(lineread);
+ return buf;
+ }
+#endif
+ if (fromatty) {
+ printf("ftp> ");
+ fflush(stdout);
+ }
+ return fgets(buf, buflen, stdin);
+}
+
+
+/*
+ * Command parser.
+ */
+static void
+cmdscanner(int top)
+{
+ int margc;
+ char *marg;
+ char **margv;
+ register struct cmd *c;
+ register int l;
+
+ if (!top)
+ (void) putchar('\n');
+ for (;;) {
+ if (!get_input_line(line, sizeof(line))) {
+ quit();
+ }
+ l = strlen(line);
+ if (l == 0)
+ break;
+ if (line[--l] == '\n') {
+ if (l == 0)
+ break;
+ line[l] = '\0';
+ }
+ else if (l == sizeof(line) - 2) {
+ printf("sorry, input line too long\n");
+ while ((l = getchar()) != '\n' && l != EOF)
+ /* void */;
+ break;
+ } /* else it was a line without a newline */
+ margv = makeargv(&margc, &marg);
+ if (margc == 0) {
+ continue;
+ }
+ c = getcmd(margv[0]);
+ if (c == (struct cmd *)-1) {
+ printf("?Ambiguous command\n");
+ continue;
+ }
+ if (c == NULL) {
+ printf("?Invalid command\n");
+ continue;
+ }
+ if (c->c_conn && !connected) {
+ printf("Not connected.\n");
+ continue;
+ }
+ if (c->c_handler_v) c->c_handler_v(margc, margv);
+ else if (c->c_handler_0) c->c_handler_0();
+ else c->c_handler_1(marg);
+
+ if (bell && c->c_bell) putchar('\007');
+ if (c->c_handler_v != help)
+ break;
+ }
+ (void) signal(SIGINT, intr);
+ (void) signal(SIGPIPE, lostpeer);
+}
+
+struct cmd *
+getcmd(const char *name)
+{
+ const char *p, *q;
+ struct cmd *c, *found;
+ int nmatches, longest;
+
+ longest = 0;
+ nmatches = 0;
+ found = 0;
+ for (c = cmdtab; (p = c->c_name) != NULL; c++) {
+ for (q = name; *q == *p++; q++)
+ if (*q == 0) /* exact match? */
+ return (c);
+ if (!*q) { /* the name was a prefix */
+ if (q - name > longest) {
+ longest = q - name;
+ nmatches = 1;
+ found = c;
+ } else if (q - name == longest)
+ nmatches++;
+ }
+ }
+ if (nmatches > 1)
+ return ((struct cmd *)-1);
+ return (found);
+}
+
+/*
+ * Slice a string up into argc/argv.
+ */
+
+int slrflag;
+
+char **
+makeargv(int *pargc, char **parg)
+{
+ static char *rargv[20];
+ int rargc = 0;
+ char **argp;
+
+ argp = rargv;
+ stringbase = line; /* scan from first of buffer */
+ argbase = argbuf; /* store from first of buffer */
+ slrflag = 0;
+ while ((*argp++ = slurpstring())!=NULL)
+ rargc++;
+
+ *pargc = rargc;
+ if (parg) *parg = altarg;
+ return rargv;
+}
+
+/*
+ * Parse string into argbuf;
+ * implemented with FSM to
+ * handle quoting and strings
+ */
+static
+char *
+slurpstring(void)
+{
+ static char excl[] = "!", dols[] = "$";
+
+ int got_one = 0;
+ register char *sb = stringbase;
+ register char *ap = argbase;
+ char *tmp = argbase; /* will return this if token found */
+
+ if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */
+ switch (slrflag) { /* and $ as token for macro invoke */
+ case 0:
+ slrflag++;
+ stringbase++;
+ return ((*sb == '!') ? excl : dols);
+ /* NOTREACHED */
+ case 1:
+ slrflag++;
+ altarg = stringbase;
+ break;
+ default:
+ break;
+ }
+ }
+
+S0:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ case ' ':
+ case '\t':
+ sb++; goto S0;
+
+ default:
+ switch (slrflag) {
+ case 0:
+ slrflag++;
+ break;
+ case 1:
+ slrflag++;
+ altarg = sb;
+ break;
+ default:
+ break;
+ }
+ goto S1;
+ }
+
+S1:
+ switch (*sb) {
+
+ case ' ':
+ case '\t':
+ case '\0':
+ goto OUT; /* end of token */
+
+ case '\\':
+ sb++; goto S2; /* slurp next character */
+
+ case '"':
+ sb++; goto S3; /* slurp quoted string */
+
+ default:
+ *ap++ = *sb++; /* add character to token */
+ got_one = 1;
+ goto S1;
+ }
+
+S2:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ default:
+ *ap++ = *sb++;
+ got_one = 1;
+ goto S1;
+ }
+
+S3:
+ switch (*sb) {
+
+ case '\0':
+ goto OUT;
+
+ case '"':
+ sb++; goto S1;
+
+ default:
+ *ap++ = *sb++;
+ got_one = 1;
+ goto S3;
+ }
+
+OUT:
+ if (got_one)
+ *ap++ = '\0';
+ argbase = ap; /* update storage pointer */
+ stringbase = sb; /* update scan pointer */
+ if (got_one) {
+ return(tmp);
+ }
+ switch (slrflag) {
+ case 0:
+ slrflag++;
+ break;
+ case 1:
+ slrflag++;
+ altarg = NULL;
+ break;
+ default:
+ break;
+ }
+ return NULL;
+}
+
+#define HELPINDENT ((int) sizeof ("directory"))
+
+/*
+ * Help command.
+ * Call each command handler with argc == 0 and argv[0] == name.
+ */
+void
+help(int argc, char *argv[])
+{
+ struct cmd *c;
+
+ if (argc == 1) {
+ int i, j, w;
+ unsigned k;
+ int columns, width = 0, lines;
+
+ printf("Commands may be abbreviated. Commands are:\n\n");
+ for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
+ int len = strlen(c->c_name);
+
+ if (len > width)
+ width = len;
+ }
+ width = (width + 8) &~ 7;
+ columns = 80 / width;
+ if (columns == 0)
+ columns = 1;
+ lines = (NCMDS + columns - 1) / columns;
+ for (i = 0; i < lines; i++) {
+ for (j = 0; j < columns; j++) {
+ c = cmdtab + j * lines + i;
+ if (c->c_name && (!proxy || c->c_proxy)) {
+ printf("%s", c->c_name);
+ }
+ else if (c->c_name) {
+ for (k=0; k < strlen(c->c_name); k++) {
+ (void) putchar(' ');
+ }
+ }
+ if (c + lines >= &cmdtab[NCMDS]) {
+ printf("\n");
+ break;
+ }
+ w = strlen(c->c_name);
+ while (w < width) {
+ w = (w + 8) &~ 7;
+ (void) putchar('\t');
+ }
+ }
+ }
+ return;
+ }
+ while (--argc > 0) {
+ register char *arg;
+ arg = *++argv;
+ c = getcmd(arg);
+ if (c == (struct cmd *)-1)
+ printf("?Ambiguous help command %s\n", arg);
+ else if (c == NULL)
+ printf("?Invalid help command %s\n", arg);
+ else
+ printf("%-*s\t%s\n", HELPINDENT,
+ c->c_name, c->c_help);
+ }
+}
diff -u -r -N netkit-ftp-0.17/ftp/ssl_port.h
netkit-ftp-0.17+ssl-0.2/ftp/ssl_port.h
--- netkit-ftp-0.17/ftp/ssl_port.h Thu Jan 1 01:00:00 1970
+++ netkit-ftp-0.17+ssl-0.2/ftp/ssl_port.h Sun Sep 24 15:46:02 2000
@@ -0,0 +1,85 @@
+/* ssl_port.h - standard porting things
+ *
+ * The modifications to support SSLeay were done by Tim Hudson
+ * [EMAIL PROTECTED]
+ *
+ * You can do whatever you like with these patches except pretend that
+ * you wrote them.
+ *
+ * Email [EMAIL PROTECTED] to get instructions on how to
+ * join the mailing list that discusses SSLeay and also these patches.
+ *
+ */
+
+#ifndef HEADER_SSL_PORT_H
+#define HEADER_SSL_PORT_H
+
+#ifdef USE_SSL
+
+#include <stdio.h>
+
+#define OLDPROTO NOPROTO
+#define NOPROTO
+#include <openssl/buffer.h>
+#undef NOPROTO
+#define NOPROTO OLDPROTO
+
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+extern SSL *ssl_con;
+extern SSL_CTX *ssl_ctx;
+extern int ssl_debug_flag;
+extern int ssl_only_flag;
+extern int ssl_active_flag;
+extern int ssl_verify_flag;
+extern int ssl_secure_flag;
+extern int ssl_enabled;
+
+extern int ssl_encrypt_data;
+extern SSL *ssl_data_con;
+extern int ssl_data_active_flag;
+
+extern char *my_ssl_cert_file;
+extern char *my_ssl_key_file;
+extern int ssl_certsok_flag;
+
+extern int set_ssl_trace(SSL *s);
+
+extern FILE *cin, *cout;
+
+#define is_ssl_fd(X,Y) ( (SSL_get_fd((X))==0) || \
+ (SSL_get_fd((X))==1) || \
+ (SSL_get_fd((X))==pdata) || \
+ (SSL_get_fd((X))==(Y)) \
+ )
+
+#define is_ssl_fp(X,Y) ( ( (SSL_get_fd((X))==0) && (fileno((Y))==0) ) || \
+ ( (SSL_get_fd((X))==1) && (fileno((Y))==1) ) || \
+ ( (SSL_get_fd((X))==pdata) && \
+ (fileno((Y))==pdata) ) || \
+ (SSL_get_fd((X))==fileno(Y)) \
+ )
+
+/* these macros make things much easier to handle ... */
+
+#define FFLUSH(X) (ssl_active_flag && (((X)==cin)||((X)==cout)) ? 1 :
fflush((X)) )
+
+#define GETC(X) (ssl_active_flag && (((X)==cin)||((X)==cout)) ?
ssl_getc(ssl_con) : getc((X)) )
+
+#define DATAGETC(X) (ssl_data_active_flag &&
((fileno(X)==data)||(fileno(X)==pdata)) ? ssl_getc(ssl_data_con) : getc((X)) )
+#define DATAPUTC(X,Y) (ssl_data_active_flag &&
((fileno(Y)==data)||(fileno(Y)==pdata)) ? ssl_putc(ssl_data_con,(X)) :
putc((X),(Y)) )
+#define DATAFLUSH(X) (ssl_data_active_flag &&
((fileno(X)==data)||(fileno(X)==pdata)) ? ssl_putc_flush(ssl_data_con) :
fflush((X)) )
+
+#else
+
+#define GETC(X) getc((X))
+#define DATAGETC(X) getc((X))
+#define DATAPUTC(X,Y) putc((X),(Y))
+#define DATAFLUSH(X) fflush((X))
+#define FFLUSH(X) fflush((X))
+
+#endif /* USE_SSL */
+
+#endif /* HEADER_SSL_PORT_H */
diff -u -r -N netkit-ftp-0.17/ftp/sslapp.c netkit-ftp-0.17+ssl-0.2/ftp/sslapp.c
--- netkit-ftp-0.17/ftp/sslapp.c Thu Jan 1 01:00:00 1970
+++ netkit-ftp-0.17+ssl-0.2/ftp/sslapp.c Sun Sep 24 18:07:23 2000
@@ -0,0 +1,186 @@
+/* sslapp.c - ssl application code */
+
+/*
+ * The modifications to support SSLeay were done by Tim Hudson
+ * [EMAIL PROTECTED]
+ *
+ * You can do whatever you like with these patches except pretend that
+ * you wrote them.
+ *
+ * Email [EMAIL PROTECTED] to get instructions on how to
+ * join the mailing list that discusses SSLeay and also these patches.
+ *
+ */
+
+#ifdef USE_SSL
+
+#include "sslapp.h"
+
+SSL_CTX *ssl_ctx;
+SSL *ssl_con;
+int ssl_debug_flag=0;
+int ssl_only_flag=0;
+int ssl_active_flag=0;
+int ssl_verify_flag=SSL_VERIFY_NONE;
+int ssl_secure_flag=0;
+int ssl_certsok_flag=0;
+int ssl_cert_required=0;
+int ssl_verbose_flag=0;
+int ssl_disabled_flag=0;
+char *ssl_cert_file=NULL;
+char *ssl_key_file=NULL;
+char *ssl_cipher_list=NULL;
+char *ssl_log_file=NULL;
+
+/* fwd decl */
+static void
+client_info_callback(SSL *s, int where, int ret);
+
+int
+do_ssleay_init(int server)
+{
+ char *p;
+
+ /* make sure we have somewhere we can log errors to */
+ if (bio_err==NULL) {
+ if ((bio_err=BIO_new(BIO_s_file()))!=NULL) {
+ if (ssl_log_file==NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+ else {
+ if (BIO_write_filename(bio_err,ssl_log_file)<=0) {
+ /* not a lot we can do */
+ }
+ }
+ }
+ }
+
+ /* rather simple things these days ... the old SSL_LOG and SSL_ERR
+ * vars are long gone now SSLeay8 has rolled around and we have
+ * a clean interface for doing things
+ */
+ if (ssl_debug_flag)
+ BIO_printf(bio_err,"SSL_DEBUG_FLAG on\r\n");
+
+
+ /* init things so we will get meaningful error messages
+ * rather than numbers
+ */
+ SSL_load_error_strings();
+
+ SSLeay_add_ssl_algorithms();
+ ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_method());
+
+ /* we may require a temp 512 bit RSA key because of the
+ * wonderful way export things work ... if so we generate
+ * one now!
+ */
+ if (server) {
+ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
+ RSA *rsa;
+
+ if (ssl_debug_flag)
+ BIO_printf(bio_err,"Generating temp (512 bit) RSA key ...\r\n");
+ rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
+ if (ssl_debug_flag)
+ BIO_printf(bio_err,"Generation of temp (512 bit) RSA key done\r\n");
+
+ if (!SSL_CTX_set_tmp_rsa(ssl_ctx,rsa)) {
+ BIO_printf(bio_err,"Failed to assign generated temp RSA key!\r\n");
+ }
+ RSA_free(rsa);
+ if (ssl_debug_flag)
+ BIO_printf(bio_err,"Assigned temp (512 bit) RSA key\r\n");
+ }
+ }
+
+ /* also switch on all the interoperability and bug
+ * workarounds so that we will communicate with people
+ * that cannot read poorly written specs :-)
+ */
+ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL);
+
+ /* the user can set whatever ciphers they want to use */
+ if (ssl_cipher_list==NULL) {
+ p=getenv("SSL_CIPHER");
+ if (p!=NULL)
+ SSL_CTX_set_cipher_list(ssl_ctx,p);
+ } else
+ SSL_CTX_set_cipher_list(ssl_ctx,ssl_cipher_list);
+
+ /* for verbose we use the 0.6.x info callback that I got
+ * eric to finally add into the code :-) --tjh
+ */
+ if (ssl_verbose_flag) {
+ SSL_CTX_set_info_callback(ssl_ctx,client_info_callback);
+ }
+
+ /* Add in any certificates if you want to here ... */
+ if (ssl_cert_file) {
+ if (!SSL_CTX_use_certificate_file(ssl_ctx, ssl_cert_file,
+ X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err,"Error loading %s: ",ssl_cert_file);
+ ERR_print_errors(bio_err);
+ BIO_printf(bio_err,"\r\n");
+ return(0);
+ } else {
+ if (!ssl_key_file)
+ ssl_key_file = ssl_cert_file;
+ if (!SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, ssl_key_file,
+ X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err,"Error loading %s: ",ssl_key_file);
+ ERR_print_errors(bio_err);
+ BIO_printf(bio_err,"\r\n");
+ return(0);
+ }
+ }
+ }
+
+ /* make sure we will find certificates in the standard
+ * location ... otherwise we don't look anywhere for
+ * these things which is going to make client certificate
+ * exchange rather useless :-)
+ */
+ SSL_CTX_set_default_verify_paths(ssl_ctx);
+
+ /* now create a connection */
+ ssl_con=(SSL *)SSL_new(ssl_ctx);
+ SSL_set_verify(ssl_con,ssl_verify_flag,NULL);
+
+#if 0
+ SSL_set_verify(ssl_con,ssl_verify_flag,client_verify_callback);
+#endif
+
+ return(1);
+}
+
+
+static void
+client_info_callback(SSL *s, int where, int ret)
+{
+ if (where==SSL_CB_CONNECT_LOOP) {
+ BIO_printf(bio_err,"SSL_connect:%s %s\r\n",
+ SSL_state_string(s),SSL_state_string_long(s));
+ } else if (where==SSL_CB_CONNECT_EXIT) {
+ if (ret == 0) {
+ BIO_printf(bio_err,"SSL_connect:failed in %s %s\r\n",
+ SSL_state_string(s),SSL_state_string_long(s));
+ } else if (ret < 0) {
+ BIO_printf(bio_err,"SSL_connect:error in %s %s\r\n",
+ SSL_state_string(s),SSL_state_string_long(s));
+ }
+ }
+}
+
+
+#else /* !USE_SSL */
+
+/* something here to stop warnings if we build without SSL support */
+static int dummy_func()
+{
+ int i;
+
+ i++;
+}
+
+#endif /* USE_SSL */
+
diff -u -r -N netkit-ftp-0.17/ftp/sslapp.h netkit-ftp-0.17+ssl-0.2/ftp/sslapp.h
--- netkit-ftp-0.17/ftp/sslapp.h Thu Jan 1 01:00:00 1970
+++ netkit-ftp-0.17+ssl-0.2/ftp/sslapp.h Sun Sep 24 18:07:48 2000
@@ -0,0 +1,63 @@
+/* sslapp.h - ssl application code */
+
+/*
+ * The modifications to support SSLeay were done by Tim Hudson
+ * [EMAIL PROTECTED]
+ *
+ * You can do whatever you like with these patches except pretend that
+ * you wrote them.
+ *
+ * Email [EMAIL PROTECTED] to get instructions on how to
+ * join the mailing list that discusses SSLeay and also these patches.
+ *
+ */
+
+#ifdef USE_SSL
+
+#include <stdio.h>
+
+#include <openssl/crypto.h>
+
+#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
+#define ONELINE_NAME(X) X509_NAME_oneline(X,NULL,0)
+
+#define OLDPROTO NOPROTO
+#define NOPROTO
+#include <openssl/bio.h>
+#undef NOPROTO
+#define NOPROTO OLDPROTO
+#undef OLDPROTO
+#include <openssl/buffer.h>
+
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+extern BIO *bio_err;
+extern SSL *ssl_con;
+extern SSL_CTX *ssl_ctx;
+extern int ssl_debug_flag;
+extern int ssl_only_flag;
+extern int ssl_active_flag;
+extern int ssl_verify_flag;
+extern int ssl_secure_flag;
+extern int ssl_verbose_flag;
+extern int ssl_disabled_flag;
+extern int ssl_cert_required;
+extern int ssl_certsok_flag;
+
+extern char *ssl_log_file;
+extern char *ssl_cert_file;
+extern char *ssl_key_file;
+extern char *ssl_cipher_list;
+
+/* we hide all the initialisation code in a separate file now */
+extern int do_ssleay_init(int server);
+
+/*extern int display_connect_details();
+extern int server_verify_callback();
+extern int client_verify_callback();*/
+
+#endif /* USE_SSL */
+
+
diff -urN netkit-ftp-0.17.old/ftp/ftp.c netkit-ftp-0.17.new/ftp/ftp.c
--- netkit-ftp-0.17.old/ftp/ftp.c 2003-03-18 18:33:49.000000000 -0300
+++ netkit-ftp-0.17.new/ftp/ftp.c 2003-03-18 18:37:17.000000000 -0300
@@ -1811,7 +1811,7 @@
*/
if (ssl_secure_flag)
return ERROR;
- } else if (n == CONTINUE ) {
+ } else if (n == CONTINUE || n == COMPLETE) {
/* do SSL */
ssl_con=(SSL *)SSL_new(ssl_ctx);
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
