[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-3-gaa0bc87
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-3-gaa0bc87 |
|
Date: |
Mon, 10 Feb 2014 23:08:05 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via aa0bc87caab6ddaf73aa1d99a613869b2e5c9450 (commit)
via 88bf3877829a3a8e4c9537ebcad42052e9648aa3 (commit)
from ae85332551569302e50a58ce64ea18244aa08848 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=aa0bc87caab6ddaf73aa1d99a613869b2e5c9450
commit aa0bc87caab6ddaf73aa1d99a613869b2e5c9450
Author: Mats Erik Andersson <address@hidden>
Date: Sun Feb 9 21:55:14 2014 +0100
ftp: Detect one-time passwords.
Follow RFC 2228 when reacting to a
challange-response password request.
diff --git a/ChangeLog b/ChangeLog
index 1d44a50..bb11459 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2013-02-09 Mats Erik Andersson <address@hidden>
+
+ ftp: Detect one-time passwords.
+ RFC 2228 reserves response code 336 for replies
+ used with challange-response authentication.
+
+ * ftp/cmds.c (user): React to response code 336 within
+ FTP command `USER', print its message, and possibly
+ discard an already supplied password.
+ * ftp/ftp.c (login): Likewise.
+
2014-02-09 Mats Erik Andersson <address@hidden>
ftpd: Parse commands of RFC 2228.
diff --git a/ftp/cmds.c b/ftp/cmds.c
index 544c0aa..ece6ef5 100644
--- a/ftp/cmds.c
+++ b/ftp/cmds.c
@@ -1683,8 +1683,20 @@ user (int argc, char **argv)
n = command ("USER %s", argv[1]);
if (n == CONTINUE)
{
+ /* Is this a case of challenge-response?
+ * RFC 2228 stipulates code 336 for this.
+ * Suppress message in verbose mode, since
+ * it has already been displayed.
+ */
+ if (code == 336 && !verbose)
+ printf ("%s\n", reply_string + strlen ("336 "));
+ /* In addition, any password given on the
+ * command line is irrelevant, so ignore it.
+ */
+ if (argc < 3 || code == 336)
+ argv[2] = getpass ("Password: ");
if (argc < 3)
- argv[2] = getpass ("Password: "), argc++;
+ argc++;
n = command ("PASS %s", argv[2]);
if (argv[2])
memset (argv[2], 0, strlen (argv[2]));
diff --git a/ftp/ftp.c b/ftp/ftp.c
index 1edded4..17ddd28 100644
--- a/ftp/ftp.c
+++ b/ftp/ftp.c
@@ -330,8 +330,18 @@ login (char *host)
n = command ("USER %s", user);
if (n == CONTINUE)
{
- if (pass == NULL)
- pass = getpass ("Password:");
+ /* Is this a case of challenge-response?
+ * RFC 2228 stipulates code 336 for this.
+ * Suppress the message in verbose mode,
+ * since it has already been displayed.
+ */
+ if (code == 336 && !verbose)
+ printf ("%s\n", reply_string + strlen ("336 "));
+ /* In addition, any password given on the
+ * command line is irrelevant, so ignore it.
+ */
+ if (pass == NULL || code == 336)
+ pass = getpass ("Password: ");
n = command ("PASS %s", pass);
if (pass)
memset (pass, 0, strlen (pass));
@@ -339,7 +349,7 @@ login (char *host)
if (n == CONTINUE)
{
aflag++;
- acct = getpass ("Account:");
+ acct = getpass ("Account: ");
n = command ("ACCT %s", acct);
if (acct)
memset (acct, 0, strlen (acct));
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=88bf3877829a3a8e4c9537ebcad42052e9648aa3
commit 88bf3877829a3a8e4c9537ebcad42052e9648aa3
Author: Mats Erik Andersson <address@hidden>
Date: Sun Feb 9 00:13:48 2014 +0100
ftpd: Parse commands in RFC 2228.
Let the parser recognize these security
extensions, but mark them as unimplemented.
diff --git a/ChangeLog b/ChangeLog
index e8e37c3..1d44a50 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2014-02-09 Mats Erik Andersson <address@hidden>
+
+ ftpd: Parse commands of RFC 2228.
+ Tokens are implemented, but no actions.
+
+ * ftpd/ftpcmd.y (ADAT, AUTH, CCC, CONF, ENC, MIC, PBSZ)
+ (PROT): New tokens.
+ (cmdtab): New entries `ADAT', `AUTH', `CCC', `CONF', `ENC',
+ `MIC', `PBSZ', and `PROT'. All are marked as unimplemented.
+
2013-12-23 Alfred M. Szmidt <address@hidden>
* doc/inetutils.texi (rsh invocation): Use @item for first entry
diff --git a/ftpd/ftpcmd.y b/ftpd/ftpcmd.y
index cac55ef..440a4e2 100644
--- a/ftpd/ftpcmd.y
+++ b/ftpd/ftpcmd.y
@@ -163,6 +163,9 @@ static void yyerror (const char *s);
EPRT EPSV LPRT LPSV
+ ADAT AUTH CCC CONF ENC MIC
+ PBSZ PROT
+
UMASK IDLE CHMOD
LEXERR
@@ -1382,6 +1385,16 @@ static struct tab cmdtab[] = {
/* Long addressing in RFC 1639. Obsoleted in RFC 5797. */
{ "LPRT", LPRT, ARGS, 1, "<sp> af,hal,h0..hn,2,p0,p1" },
{ "LPSV", LPSV, ARGS, 1, "(set server in long passive mode)" },
+ /* Security extensions in RFC 2228. */
+ { "ADAT", ADAT, OSTR, 0, "<sp> security-data" },
+ { "AUTH", AUTH, OSTR, 0, "<sp> mechanism" },
+ { "CCC", CCC, ARGS, 0, "(clear command channel)" },
+ { "CONF", CONF, OSTR, 0, "<sp> confidential-msg" },
+ { "ENC", ENC, OSTR, 0, "<sp> private-message" },
+ { "MIC", MIC, OSTR, 0, "<sp> safe-message" },
+ { "PBSZ", PBSZ, OSTR, 0, "<sp> buf-size" },
+ { "PROT", PROT, OSTR, 0, "<sp> char" },
+ /* End of list. */
{ NULL, 0, 0, 0, NULL }
};
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 21 +++++++++++++++++++++
ftp/cmds.c | 14 +++++++++++++-
ftp/ftp.c | 16 +++++++++++++---
ftpd/ftpcmd.y | 13 +++++++++++++
4 files changed, 60 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-3-gaa0bc87,
Mats Erik Andersson <=