#include "download.h"
#include "escape.h"
+#ifdef KRB4
+#include "security.h"
+#endif
+
/* returns last node in linked list */
static struct curl_slist *slist_get_last(struct curl_slist *list)
{
}
*ptr=0; /* zero terminate */
+#if KRB4
+ { /* handle the security-oriented responses 6xx ***/
+ /* FIXME: some errorchecking perhaps... ***/
+ if(strncmp(buf, "631", 3) == 0)
+ sec_read_msg(conn, buf, prot_safe);
+ else if(strncmp(buf, "632", 3) == 0)
+ sec_read_msg(conn, buf, prot_private);
+ else if(strncmp(buf, "633", 3) == 0)
+ sec_read_msg(conn, buf, prot_confidential);
+ nread = strlen(buf);
+ }
+#endif
+
if(data->bits.verbose && buf[0]) {
fputs("< ", data->err);
fwrite(buf, 1, nread, data->err);
return CURLE_FTP_WEIRD_SERVER_REPLY;
}
+#ifdef KRB4
+ /* if not anonymous login, try a secure login */
+ if(data->bits.krb4) {
+
+ /* request data protection level (default is 'clear') */
+ sec_request_prot(conn, "private");
+
+ /* We set private first as default, in case the line below fails to
+ set a valid level */
+ sec_request_prot(conn, data->krb4_level);
+
+ data->cmdchannel = fdopen(data->firstsocket, "w");
+
+ if(sec_login(conn) != 0)
+ infof(data, "Logging in with password in cleartext!\n");
+ else
+ infof(data, "Authentication successful\n");
+ }
+#endif
+
/* send USER */
- sendf(data->firstsocket, data, "USER %s\r\n", ftp->user);
+ ftpsendf(data->firstsocket, conn, "USER %s", ftp->user);
/* wait for feedback */
nread = GetLastResponse(data->firstsocket, buf, conn);
else if(!strncmp(buf, "331", 3)) {
/* 331 Password required for ...
(the server requires to send the user's password too) */
- sendf(data->firstsocket, data, "PASS %s\r\n", ftp->passwd);
+ ftpsendf(data->firstsocket, conn, "PASS %s", ftp->passwd);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
return CURLE_OPERATION_TIMEOUTED;
return CURLE_FTP_WEIRD_PASS_REPLY;
}
}
- else if(! strncmp(buf, "230", 3)) {
+ else if(/*! strncmp(buf, "230", 3)***/ buf[0] == '2') {
/* 230 User ... logged in.
(the user logged in without password) */
infof(data, "We have successfully logged in\n");
+#ifdef KRB4
+ /* we are logged in (with Kerberos)
+ * now set the requested protection level
+ */
+ if(conn->sec_complete)
+ sec_set_protection_level(conn);
+
+ /* we may need to issue a KAUTH here to have access to the files
+ * do it if user supplied a password
+ */
+ if(conn->data->passwd && *conn->data->passwd)
+ krb_kauth(conn);
+#endif
}
else {
failf(data, "Odd return code after USER");
while (qitem) {
/* Send string */
if (qitem->data) {
- sendf(data->firstsocket, data, "%s\r\n", qitem->data);
+ ftpsendf(data->firstsocket, conn, "%s", qitem->data);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
while (qitem) {
/* Send string */
if (qitem->data) {
- sendf(data->firstsocket, data, "%s\r\n", qitem->data);
+ ftpsendf(data->firstsocket, conn, "%s", qitem->data);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
/* change directory first! */
if(ftp->dir && ftp->dir[0]) {
- sendf(data->firstsocket, data, "CWD %s\r\n", ftp->dir);
+ ftpsendf(data->firstsocket, conn, "CWD %s", ftp->dir);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
return CURLE_OPERATION_TIMEOUTED;
may not support it! It is however the only way we have to get a file's
size! */
int filesize;
- sendf(data->firstsocket, data, "SIZE %s\r\n", ftp->file);
+ ftpsendf(data->firstsocket, conn, "SIZE %s", ftp->file);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
if(data->bits.ftp_use_port) {
struct sockaddr_in sa;
struct hostent *h=NULL;
+ char *hostdataptr=NULL;
size_t size;
unsigned short porttouse;
char myhost[256] = "";
if(data->ftpport) {
if(if2ip(data->ftpport, myhost, sizeof(myhost))) {
- h = GetHost(data, myhost, hostent_buf, sizeof(hostent_buf));
+ h = GetHost(data, myhost, &hostdataptr);
}
else {
if(strlen(data->ftpport)>1)
- h = GetHost(data, data->ftpport, hostent_buf, sizeof(hostent_buf));
+ h = GetHost(data, data->ftpport, &hostdataptr);
if(h)
- strcpy(myhost,data->ftpport);
+ strcpy(myhost, data->ftpport); /* buffer overflow risk */
}
}
if(! *myhost) {
- h=GetHost(data, getmyhost(myhost,sizeof(myhost)), hostent_buf, sizeof(hostent_buf));
+ h=GetHost(data, getmyhost(myhost, sizeof(myhost)), &hostdataptr);
}
infof(data, "We connect from %s\n", myhost);
if ( listen(portsock, 1) < 0 ) {
failf(data, "listen(2) failed on socket");
+ free(hostdataptr);
return CURLE_FTP_PORT_FAILED;
}
}
else {
failf(data, "bind(2) failed on socket");
+ free(hostdataptr);
return CURLE_FTP_PORT_FAILED;
}
}
else {
failf(data, "socket(2) failed (%s)");
+ free(hostdataptr);
return CURLE_FTP_PORT_FAILED;
}
}
sscanf( inet_ntoa(in), "%hu.%hu.%hu.%hu",
&ip[0], &ip[1], &ip[2], &ip[3]);
#endif
- sendf(data->firstsocket, data, "PORT %d,%d,%d,%d,%d,%d\r\n",
+ ftpsendf(data->firstsocket, conn, "PORT %d,%d,%d,%d,%d,%d",
ip[0], ip[1], ip[2], ip[3],
porttouse >> 8,
porttouse & 255);
}
else { /* we use the PASV command */
- sendf(data->firstsocket, data, "PASV\r\n");
+ ftpsendf(data->firstsocket, conn, "PASV");
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
char newhost[32];
struct hostent *he;
char *str=buf,*ip_addr;
+ char *hostdataptr=NULL;
/*
* New 227-parser June 3rd 1999.
}
else {
/* normal, direct, ftp connection */
- he = GetHost(data, newhost, hostent_buf, sizeof(hostent_buf));
+ he = GetHost(data, newhost, &hostdataptr);
if(!he) {
failf(data, "Can't resolve new host %s", newhost);
return CURLE_FTP_CANT_GET_HOST;
connectport);
}
+ if(hostdataptr)
+ free(hostdataptr);
+
if (connect(data->secondarysocket, (struct sockaddr *) &serv_addr,
sizeof(serv_addr)) < 0) {
switch(errno) {
if(data->bits.upload) {
/* Set type to binary (unless specified ASCII) */
- sendf(data->firstsocket, data, "TYPE %s\r\n",
+ ftpsendf(data->firstsocket, conn, "TYPE %s",
(data->bits.ftp_ascii)?"A":"I");
nread = GetLastResponse(data->firstsocket, buf, conn);
/* we could've got a specified offset from the command line,
but now we know we didn't */
- sendf(data->firstsocket, data, "SIZE %s\r\n", ftp->file);
+ ftpsendf(data->firstsocket, conn, "SIZE %s", ftp->file);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
infof(data, "Instructs server to resume from offset %d\n",
data->resume_from);
- sendf(data->firstsocket, data, "REST %d\r\n", data->resume_from);
+ ftpsendf(data->firstsocket, conn, "REST %d", data->resume_from);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
/* Send everything on data->in to the socket */
if(data->bits.ftp_append)
/* we append onto the file instead of rewriting it */
- sendf(data->firstsocket, data, "APPE %s\r\n", ftp->file);
+ ftpsendf(data->firstsocket, conn, "APPE %s", ftp->file);
else
- sendf(data->firstsocket, data, "STOR %s\r\n", ftp->file);
+ ftpsendf(data->firstsocket, conn, "STOR %s", ftp->file);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
dirlist = TRUE;
/* Set type to ASCII */
- sendf(data->firstsocket, data, "TYPE A\r\n");
+ ftpsendf(data->firstsocket, conn, "TYPE A");
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
better used since the LIST command output is not specified or
standard in any way */
- sendf(data->firstsocket, data, "%s\r\n",
+ ftpsendf(data->firstsocket, conn, "%s",
data->customrequest?data->customrequest:
(data->bits.ftp_list_only?"NLST":"LIST"));
}
else {
/* Set type to binary (unless specified ASCII) */
- sendf(data->firstsocket, data, "TYPE %s\r\n",
+ ftpsendf(data->firstsocket, conn, "TYPE %s",
(data->bits.ftp_list_only)?"A":"I");
nread = GetLastResponse(data->firstsocket, buf, conn);
* of the file we're gonna get. If we can get the size, this is by far
* the best way to know if we're trying to resume beyond the EOF. */
- sendf(data->firstsocket, data, "SIZE %s\r\n", ftp->file);
+ ftpsendf(data->firstsocket, conn, "SIZE %s", ftp->file);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
infof(data, "Instructs server to resume from offset %d\n",
data->resume_from);
- sendf(data->firstsocket, data, "REST %d\r\n", data->resume_from);
+ ftpsendf(data->firstsocket, conn, "REST %d", data->resume_from);
nread = GetLastResponse(data->firstsocket, buf, conn);
if(nread < 0)
}
}
- sendf(data->firstsocket, data, "RETR %s\r\n", ftp->file);
+ ftpsendf(data->firstsocket, conn, "RETR %s", ftp->file);
}
nread = GetLastResponse(data->firstsocket, buf, conn);
projects / thirdparty / curl.git / commitdiff
