diff options
Diffstat (limited to 'net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff')
| -rw-r--r-- | net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff | 1896 |
1 files changed, 1896 insertions, 0 deletions
diff --git a/net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff b/net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff new file mode 100644 index 000000000000..86c15833a90c --- /dev/null +++ b/net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff @@ -0,0 +1,1896 @@ +diff -u -r -N netkit-ftp-0.17/ftp/Makefile netkit-ftp-0.17+ssl-0.2/ftp/Makefile +--- netkit-ftp-0.17/ftp/Makefile Sun Aug 1 08:00:12 1999 ++++ netkit-ftp-0.17+ssl-0.2/ftp/Makefile Mon Sep 25 23:36:51 2000 +@@ -8,6 +8,9 @@ + LIBS += -lreadline $(LIBTERMCAP) + endif + ++CFLAGS += -DUSE_SSL -g ++LIBS += -lssl -lcrypto ++ + ftp: cmds.o cmdtab.o domacro.o ftp.o glob.o main.o ruserpass.o + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + +diff -u -r -N netkit-ftp-0.17/ftp/cmds.c netkit-ftp-0.17+ssl-0.2/ftp/cmds.c +--- netkit-ftp-0.17/ftp/cmds.c Sun Jul 23 03:36:59 2000 ++++ netkit-ftp-0.17+ssl-0.2/ftp/cmds.c Sun Sep 24 15:09:15 2000 +@@ -207,6 +207,32 @@ + } + port = ftp_port; + if (argc > 2) { ++#ifdef USE_SSL ++ /* not really an SSL enhancement but something that ++ * should have always been here --tjh ++ */ ++ if (!isdigit(argv[2][0])) { ++ struct servent *destsp; ++ ++ destsp = getservbyname(argv[2], "tcp"); ++ ++ /* if lookup fails for ssl-ftp we fallback to ++ * the default (unofficial) port number ++ */ ++ if ((strcmp(argv[2],"ssl-ftp")==0) && (destsp==NULL)) ++ port = 150; ++ else { ++ if (destsp == NULL ) { ++ printf("%s: bad port name-- %s\n",argv[1],argv[2]); ++ printf ("usage: %s host-name [port]\n",argv[0]); ++ code = -1; ++ return; ++ } else { ++ port = ntohs(destsp->s_port); ++ } ++ } ++ } else ++#endif /* USE_SSL */ + port = atoi(argv[2]); + if (port < 1) { + printf("%s: bad port number-- %s\n", argv[1], argv[2]); +diff -u -r -N netkit-ftp-0.17/ftp/ftp.1 netkit-ftp-0.17+ssl-0.2/ftp/ftp.1 +--- netkit-ftp-0.17/ftp/ftp.1 Mon Jul 31 01:56:59 2000 ++++ netkit-ftp-0.17+ssl-0.2/ftp/ftp.1 Sun May 13 14:10:22 2001 +@@ -97,6 +97,52 @@ + as report on data transfer statistics. + .It Fl d + Enables debugging. ++.It Fl z Ar option ++Set SSL (Secure Socket Layer) parameters. The default is to negotiate ++via ftp protocoll if SSL is availlable at server side and then to ++switch it on. In this mode you can connect to both conventional and ++SSL enhanced ftpd's. ++.Pp ++The SSL parameters are: ++.Bl -tag -width Fl ++.It Ic Ar debug ++Send SSL related debugging information to stderr. ++.It Ic Ar authdebug ++Enable authentication debugging. ++.It Ic Ar ssl ++Negotiate SSL at first, then use ftp protocol. ftp protocol ++negotiation goes encrypted. (Not yet implemented) ++.It Ic Ar nossl, Ar !ssl ++switch of SSL negotiation ++.It Ic Ar certrequired ++client certificate is mandatory ++.It Ic Ar secure ++Don't switch back to unencrypted mode (no SSL) if SSL is not available. ++.It Ic Ar verbose ++Be verbose about certificates etc. ++.It Ic Ar verify=int ++.\" TODO ++Set the SSL verify flags (SSL_VERIFY_* in ++.Ar ssl/ssl.h ++). ++.\" TODO ++.It Ic Ar cert=cert_file ++.\" TODO ++Use the certificate(s) in ++.Ar cert_file . ++.It Ic Ar key=key_file ++.\" TODO ++Use the key(s) in ++.Ar key_file . ++.It Ic Ar cipher=ciph_list ++.\" TODO ++Set the preferred ciphers to ++.Ar ciph_list . ++.\" TODO: possible values; comma-separated list? ++(See ++.Ar ssl/ssl.h ++). ++.El + .El + .Pp + The client host with which +diff -u -r -N netkit-ftp-0.17/ftp/ftp.c netkit-ftp-0.17+ssl-0.2/ftp/ftp.c +--- netkit-ftp-0.17/ftp/ftp.c Mon Dec 13 21:33:20 1999 ++++ netkit-ftp-0.17+ssl-0.2/ftp/ftp.c Tue Sep 26 00:25:48 2000 +@@ -1,3 +1,15 @@ ++/* ++ * The modifications to support SSLeay were done by Tim Hudson ++ * tjh@cryptsoft.com ++ * ++ * You can do whatever you like with these patches except pretend that ++ * you wrote them. ++ * ++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to ++ * join the mailing list that discusses SSLeay and also these patches. ++ * ++ */ ++ + /* + * Copyright (c) 1985, 1989 Regents of the University of California. + * All rights reserved. +@@ -77,6 +89,17 @@ + static sigjmp_buf ptabort; + static int ptabflg = 0; + static int abrtflag = 0; ++#ifdef USE_SSL ++static int pdata = -1; ++static int ++auth_user(char *u,char *p); ++static int ++ssl_getc(SSL *ssl_con); ++static int ++ssl_putc_flush(SSL *ssl_con); ++static int ++ssl_putc(SSL *ssl_con, int oneint); ++#endif + + void lostpeer(int); + extern int connected; +@@ -243,14 +266,7 @@ + else + luser = tmp; + } +- n = command("USER %s", luser); +- if (n == CONTINUE) { +- if (pass == NULL) { +- /* fflush(stdout); */ +- pass = getpass("Password:"); +- } +- n = command("PASS %s", pass); +- } ++ n = auth_user(luser,pass); + if (n == CONTINUE) { + aflag++; + /* fflush(stdout); */ +@@ -296,6 +312,9 @@ + va_list ap; + int r; + void (*oldintr)(int); ++#ifdef USE_SSL ++ char outputbuf[2048]; /* allow for a 2k command string */ ++#endif /* USE_SSL */ + + abrtflag = 0; + if (debug) { +@@ -316,10 +335,27 @@ + } + oldintr = signal(SIGINT, cmdabort); + va_start(ap, fmt); ++#ifdef USE_SSL ++ /* assemble the output into a buffer */ ++ vsprintf(outputbuf,fmt,ap); ++ strcat(outputbuf,"\r\n"); ++ if (ssl_active_flag) { ++ SSL_write(ssl_con,outputbuf,strlen(outputbuf)); ++ } else { ++ fprintf(cout,"%s",outputbuf); ++ fflush(cout); ++ } ++#else /* !USE_SSL */ + vfprintf(cout, fmt, ap); ++#endif /* USE_SSL */ + va_end(ap); ++ ++#ifndef USE_SSL ++ /* we don't need this as we concatenated it above */ + fprintf(cout, "\r\n"); + (void) fflush(cout); ++#endif /* !USE_SSL */ ++ + cpend = 1; + r = getreply(!strcmp(fmt, "QUIT")); + if (abrtflag && oldintr != SIG_IGN) +@@ -343,25 +379,39 @@ + int pflag = 0; + size_t px = 0; + size_t psize = sizeof(pasv); ++ char buf[16]; + + oldintr = signal(SIGINT, cmdabort); + for (;;) { + dig = n = code = 0; + cp = reply_string; +- while ((c = getc(cin)) != '\n') { ++ while ((c = GETC(cin)) != '\n') { + if (c == IAC) { /* handle telnet commands */ +- switch (c = getc(cin)) { ++ switch (c = GETC(cin)) { + case WILL: + case WONT: +- c = getc(cin); +- fprintf(cout, "%c%c%c", IAC, DONT, c); +- (void) fflush(cout); ++ c = GETC(cin); ++ sprintf(buf, ++ "%c%c%c", IAC, DONT, c); ++#ifdef USE_SSL ++ if (ssl_active_flag) ++ SSL_write(ssl_con,buf,3); ++ else ++#endif /* !USE_SSL */ ++ fwrite(buf,3,1,cout); ++ (void) FFLUSH(cout); + break; + case DO: + case DONT: +- c = getc(cin); +- fprintf(cout, "%c%c%c", IAC, WONT, c); +- (void) fflush(cout); ++ c = GETC(cin); ++ sprintf(buf, "%c%c%c", IAC, WONT, c); ++#ifdef USE_SSL ++ if (ssl_active_flag) ++ SSL_write(ssl_con,buf,3); ++ else ++#endif /* !USE_SSL */ ++ fwrite(buf,3,1,cout); ++ (void) FFLUSH(cout); + break; + default: + break; +@@ -600,9 +650,18 @@ + errno = d = 0; + while ((c = read(fileno(fin), buf, sizeof (buf))) > 0) { + bytes += c; ++#ifdef USE_SSL ++ if (ssl_data_active_flag) { ++ for (bufp = buf; c > 0; c -= d, bufp += d) ++ if ((d = SSL_write(ssl_data_con, bufp, c)) <= 0) ++ break; ++ } else ++#endif /* !USE_SSL */ ++ { + for (bufp = buf; c > 0; c -= d, bufp += d) + if ((d = write(fileno(dout), bufp, c)) <= 0) + break; ++ } + if (hash) { + while (bytes >= hashbytes) { + (void) putchar('#'); +@@ -654,16 +713,17 @@ + } + if (ferror(dout)) + break; +- (void) putc('\r', dout); ++ (void) DATAPUTC('\r', dout); + bytes++; + } +- (void) putc(c, dout); ++ (void) DATAPUTC(c, dout); + bytes++; + /* if (c == '\r') { */ + /* (void) putc('\0', dout); (* this violates rfc */ + /* bytes++; */ + /* } */ + } ++ DATAFLUSH(dout); + if (hash) { + if (bytes < hashbytes) + (void) putchar('#'); +@@ -688,6 +748,15 @@ + if (closefunc != NULL) + (*closefunc)(fin); + (void) fclose(dout); ++ ++#ifdef USE_SSL ++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) { ++ SSL_free(ssl_data_con); ++ ssl_data_active_flag=0; ++ ssl_data_con=NULL; ++ } ++#endif /* USE_SSL */ ++ + /* closes data as well, so discard it */ + data = -1; + (void) getreply(0); +@@ -714,6 +783,15 @@ + (void) close(data); + data = -1; + } ++ ++#ifdef USE_SSL ++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) { ++ SSL_free(ssl_data_con); ++ ssl_data_active_flag=0; ++ ssl_data_con=NULL; ++ } ++#endif /* USE_SSL */ ++ + (void) getreply(0); + code = -1; + if (closefunc != NULL && fin != NULL) +@@ -908,6 +986,33 @@ + return; + } + errno = d = 0; ++#ifdef USE_SSL ++ if (ssl_data_active_flag) { ++ while ((c = SSL_read(ssl_data_con, buf, bufsize)) > 0) { ++ if ((d = write(fileno(fout), buf, c)) != c) ++ break; ++ bytes += c; ++ if (hash) { ++ while (bytes >= hashbytes) { ++ (void) putchar('#'); ++ hashbytes += HASHBYTES; ++ } ++ (void) fflush(stdout); ++ } ++ } ++ if ( c < -1 ) { ++ static char errbuf[1024]; ++ ++ sprintf(errbuf,"ftp: SSL_read DATA error %s\n", ++ ERR_error_string(ERR_get_error(),NULL)); ++ ++ /* tell the user ... who else */ ++ fprintf(stderr,"%s", errbuf); ++ fflush(stderr); ++ } ++ } else ++#endif /* !USE_SSL */ ++ { + while ((c = read(fileno(din), buf, bufsize)) > 0) { + if ((d = write(fileno(fout), buf, c)) != c) + break; +@@ -927,6 +1032,7 @@ + hashbytes += TICKBYTES; + } + } ++ } + if (hash && bytes > 0) { + if (bytes < HASHBYTES) + (void) putchar('#'); +@@ -973,7 +1079,7 @@ + return; + } + } +- while ((c = getc(din)) != EOF) { ++ while ((c = DATAGETC(din)) != EOF) { + if (c == '\n') + bare_lfs++; + while (c == '\r') { +@@ -991,7 +1097,7 @@ + hashbytes += TICKBYTES; + } + bytes++; +- if ((c = getc(din)) != '\n' || tcrflag) { ++ if ((c = DATAGETC(din)) != '\n' || tcrflag) { + if (ferror(fout)) + goto break2; + (void) putc('\r', fout); +@@ -1039,6 +1145,15 @@ + (void) signal(SIGPIPE, oldintp); + (void) gettimeofday(&stop, (struct timezone *)0); + (void) fclose(din); ++ ++#ifdef USE_SSL ++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) { ++ SSL_free(ssl_data_con); ++ ssl_data_active_flag=0; ++ ssl_data_con=NULL; ++ } ++#endif /* USE_SSL */ ++ + /* closes data as well, so discard it */ + data = -1; + (void) getreply(0); +@@ -1071,6 +1186,15 @@ + (void) close(data); + data = -1; + } ++ ++#ifdef USE_SSL ++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) { ++ SSL_free(ssl_data_con); ++ ssl_data_active_flag=0; ++ ssl_data_con=NULL; ++ } ++#endif /* USE_SSL */ ++ + if (bytes > 0) + ptransfer("received", bytes, &start, &stop); + (void) signal(SIGINT, oldintr); +@@ -1207,6 +1331,7 @@ + struct sockaddr_in from; + int s, tos; + socklen_t fromlen = sizeof(from); ++ int ret; + + if (passivemode) + return (fdopen(data, lmode)); +@@ -1224,6 +1349,67 @@ + if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) + perror("ftp: setsockopt TOS (ignored)"); + #endif ++ ++#ifdef USE_SSL ++ ssl_data_active_flag=0; ++ if (ssl_active_flag && ssl_encrypt_data) { ++ /* do SSL */ ++ if (ssl_data_con!=NULL) { ++ SSL_free(ssl_data_con); ++ ssl_data_con=NULL; ++ } ++ ssl_data_con=(SSL *)SSL_new(ssl_ctx); ++ ++ SSL_set_fd(ssl_data_con,data); ++ set_ssl_trace(ssl_data_con); ++ ++ SSL_set_verify(ssl_data_con,ssl_verify_flag,NULL); ++ ++ /* this is the "magic" call that makes ++ * this quick assuming Eric has this going ++ * okay! ;-) ++ */ ++ SSL_copy_session_id(ssl_data_con,ssl_con); ++ ++ /* we are doing I/O and not using select so ++ * it is "safe" to read ahead ++ */ ++ /* SSL_set_read_ahead(ssl_data_con,1); */ ++ ++ if (debug) { ++ fprintf(stderr,"===>START SSL connect on DATA\n"); ++ fflush(stderr); ++ } ++ ++ if ((ret=SSL_connect(ssl_data_con))<=0) { ++ static char errbuf[1024]; ++ ++ sprintf(errbuf,"ftp: SSL_connect DATA error %d - %s\n", ++ ret,ERR_error_string(ERR_get_error(),NULL)); ++ ++ /* tell the user ... who else */ ++ fprintf(stderr,"%s", errbuf); ++ fflush(stderr); ++ ++ /* abort time methinks ... */ ++ close(data); ++ return NULL; ++ } else { ++ if (ssl_debug_flag) { ++ BIO_printf(bio_err,"[SSL DATA Cipher %s]\n", ++ SSL_get_cipher(ssl_con)); ++ } ++ ssl_data_active_flag=1; ++ } ++ ++ if (debug) { ++ fprintf(stderr,"===>DONE SSL connect on DATA %d\n",data); ++ fflush(stderr); ++ } ++ ++ } ++#endif /* USE_SSL */ ++ + return (fdopen(data, lmode)); + } + +@@ -1609,3 +1795,142 @@ + } + (void) getreply(0); + } ++ ++static int ++auth_user(char *u,char *p) ++{ ++ int n; ++ ++#ifdef USE_SSL ++ if (ssl_enabled) { ++ n = command("AUTH SSL"); ++ if (n == ERROR) { /* do normal USER/PASS */ ++ printf("SSL not available\n"); ++ /* spit the dummy as we will only talk ssl ++ * when running in "secure" mode ++ */ ++ if (ssl_secure_flag) ++ return ERROR; ++ } else if (n == CONTINUE ) { ++ /* do SSL */ ++ ssl_con=(SSL *)SSL_new(ssl_ctx); ++ ++ SSL_set_fd(ssl_con,fileno(cout)); ++ set_ssl_trace(ssl_con); ++ ++ SSL_set_verify(ssl_con,ssl_verify_flag,NULL); ++ ++ /* Add in any certificates if you want to here ... */ ++ if (my_ssl_cert_file) { ++ if (!SSL_use_certificate_file(ssl_con, my_ssl_cert_file, ++ X509_FILETYPE_PEM)) { ++ fprintf(stderr,"%s: ",my_ssl_cert_file); ++ ERR_print_errors_fp(stderr); ++ exit(1); ++ } else { ++ if (!my_ssl_key_file) ++ my_ssl_key_file = my_ssl_cert_file; ++ if (!SSL_use_RSAPrivateKey_file(ssl_con, my_ssl_key_file, ++ X509_FILETYPE_PEM)) { ++ fprintf(stderr,"%s: ", my_ssl_key_file); ++ ERR_print_errors_fp(stderr); ++ exit(1); ++ } ++ } ++ } ++ ++ if (SSL_connect(ssl_con)<=0) { ++ static char errbuf[1024]; ++ ++ sprintf(errbuf,"ftp: SSL_connect error %s\n", ++ ERR_error_string(ERR_get_error(),NULL)); ++ perror(errbuf); ++ /* abort time methinks ... */ ++ exit(1); ++ } else { ++ fprintf(stderr,"[SSL Cipher %s]\n",SSL_get_cipher(ssl_con)); ++ fflush(stderr); ++ ssl_active_flag=1; ++ } ++ ++ n = command("USER %s",u); ++ if (n == CONTINUE) { ++ if(p == NULL) ++ p = getpass("Password:"); ++ n = command("PASS %s",p); ++ } ++ return (n); ++ } ++ } ++#endif /* USE_SSL */ ++ n = command("USER %s",u); ++ if (n == CONTINUE) { ++ if(p == NULL) ++ p = getpass("Password:"); ++ n = command("PASS %s",p); ++ } ++ return(n); ++} ++ ++#ifdef USE_SSL ++ ++/* we really shouldn't have code like this! --tjh */ ++static int ++ssl_getc(SSL *ssl_con) ++{ ++ char onebyte; ++ int ret; ++ ++ if ((ret=SSL_read(ssl_con,&onebyte,1))!=1) { ++ /* we want to know this stuff! */ ++ if (ssl_debug_flag || (ret!=0)) { ++ fprintf(stderr,"ssl_getc: SSL_read failed %d = %d\n",ret,errno); ++ fflush(stderr); ++ } ++ return -1; ++ } else { ++ if (ssl_debug_flag) { ++ BIO_printf(bio_err,"ssl_getc: SSL_read %d (%c) ",onebyte & 0xff,isprint(onebyte)?onebyte:'.'); ++ } ++ return onebyte & 0xff; ++ } ++} ++ ++ ++/* got back to this an implemented some rather "simple" buffering */ ++static char putc_buf[BUFSIZ]; ++static int putc_buf_pos=0; ++ ++static int ++ssl_putc_flush(SSL *ssl_con) ++{ ++ if (putc_buf_pos>0) { ++ if (SSL_write(ssl_con,putc_buf,putc_buf_pos)!=putc_buf_pos) { ++ if (ssl_debug_flag) { ++ BIO_printf(bio_err,"ssl_putc_flush: WRITE FAILED\n"); ++ } ++ putc_buf_pos=0; ++ return -1; ++ } ++ } ++ putc_buf_pos=0; ++ return 0; ++} ++ ++int ++ssl_putc(SSL *ssl_con,int oneint) ++{ ++ char onebyte; ++ ++ onebyte = oneint & 0xff; ++ ++ /* make sure there is space */ ++ if (putc_buf_pos>=BUFSIZ) ++ if (ssl_putc_flush(ssl_con)!=0) ++ return EOF; ++ putc_buf[putc_buf_pos++]=onebyte; ++ ++ return onebyte; ++} ++ ++#endif /* USE_SSL */ +diff -u -r -N netkit-ftp-0.17/ftp/ftp_var.h netkit-ftp-0.17+ssl-0.2/ftp/ftp_var.h +--- netkit-ftp-0.17/ftp/ftp_var.h Sat Oct 2 20:39:17 1999 ++++ netkit-ftp-0.17+ssl-0.2/ftp/ftp_var.h Sun Sep 24 15:48:48 2000 +@@ -158,3 +158,6 @@ + void setpeer(int argc, char *argv[]); + void quit(void); + void changetype(int newtype, int show); ++ ++#include "sslapp.h" ++#include "ssl_port.h" +diff -u -r -N netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17+ssl-0.2/ftp/main.c +--- netkit-ftp-0.17/ftp/main.c Sat Oct 2 15:25:23 1999 ++++ netkit-ftp-0.17+ssl-0.2/ftp/main.c Thu May 3 20:42:41 2001 +@@ -1,3 +1,15 @@ ++/* ++ * The modifications to support SSLeay were done by Tim Hudson ++ * tjh@cryptsoft.com ++ * ++ * You can do whatever you like with these patches except pretend that ++ * you wrote them. ++ * ++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to ++ * join the mailing list that discusses SSLeay and also these patches. ++ * ++ */ ++ + /* + * Copyright (c) 1985, 1989 Regents of the University of California. + * All rights reserved. +@@ -82,6 +94,75 @@ + static void cmdscanner(int top); + static char *slurpstring(void); + ++#ifdef USE_SSL ++ ++/* icky way of doing things ... */ ++#include "sslapp.c" ++ ++/* ++#include "ssl_err.h" ++*/ ++ ++SSL *ssl_con; ++SSL *ssl_data_con; ++int ssl_data_active_flag=0; ++ ++/* for the moment this is a compile time option only --tjh */ ++int ssl_encrypt_data=1; ++int ssl_enabled=1; ++ ++char *my_ssl_key_file=NULL; ++char *my_ssl_cert_file=NULL; ++ ++BIO *bio_err=NULL; ++ ++static long ++bio_dump_cb(BIO *bio, ++ int cmd, ++ char *argp, ++ int argi, ++ long argl, ++ long ret) ++ { ++ BIO *out; ++ ++/* ++ out=(BIO *)BIO_get_callback_arg(bio); ++*/ ++ out=bio_err; ++ if (out == NULL) return(ret); ++ ++ if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) ++ { ++ BIO_printf(out,"read from %08X (%d bytes => %ld (%X))\n", ++ bio,argi,ret,ret); ++ BIO_dump(out,argp,(int)ret); ++ BIO_flush(out); ++ } ++ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) ++ { ++ BIO_printf(out,"write to %08X (%d bytes => %ld (%X))\n", ++ bio,argi,ret,ret); ++ BIO_dump(out,argp,(int)ret); ++ BIO_flush(out); ++ } ++ return( (cmd & BIO_CB_RETURN) ? ret : 1); ++ } ++ ++int ++set_ssl_trace(SSL *con) ++{ ++ if (con!=NULL) { ++ if (ssl_debug_flag) { ++ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); ++ BIO_set_callback_arg(SSL_get_rbio(con),bio_err); ++ } ++ } ++ return 0; ++} ++ ++#endif /* USE_SSL */ ++ + static + void + usage(void) +@@ -106,6 +187,7 @@ + int top; + struct passwd *pw = NULL; + char homedir[MAXPATHLEN]; ++ char *optarg; + + tick = 0; + +@@ -134,6 +216,7 @@ + + argc--, argv++; + while (argc > 0 && **argv == '-') { ++ optarg=*(argv+1); + for (cp = *argv + 1; *cp; cp++) + switch (*cp) { + +@@ -174,6 +257,44 @@ + usage(); + exit(0); + ++#ifdef USE_SSL ++ case 'z': ++ if (strcmp(optarg, "debug") == 0 ) { ++ ssl_debug_flag=1; ++ } ++ if (strcmp(optarg, "ssl") == 0 ) { ++ ssl_only_flag=1; ++ } ++ /* disable *all* ssl stuff */ ++ if ( (strcmp(optarg, "!ssl") == 0 ) || ++ (strcmp(optarg, "nossl") == 0 ) ) { ++ ssl_enabled=0; ++ } ++ if (strcmp(optarg, "secure") == 0 ) { ++ ssl_secure_flag=1; ++ } ++ if (strcmp(optarg, "certsok") == 0 ) { ++ ssl_certsok_flag=1; ++ } ++ if (strcmp(optarg, "verbose") == 0 ) { ++ ssl_verbose_flag=1; ++ } ++ if (strncmp(optarg, "verify=", strlen("verify=")) == 0 ) { ++ ssl_verify_flag=atoi(optarg+strlen("verify=")); ++ } ++ if (strncmp(optarg, "cert=", strlen("cert=")) == 0 ) { ++ my_ssl_cert_file=optarg+strlen("cert="); ++ } ++ if (strncmp(optarg, "key=", strlen("key=")) == 0 ) { ++ my_ssl_key_file=optarg+strlen("key="); ++ } ++ ++ /* we have swallowed an extra arg */ ++ argc--; ++ argv++; ++ break; ++#endif /* USE_SSL */ ++ + default: + fprintf(stdout, + "ftp: %c: unknown option\n", *cp); +@@ -202,6 +323,18 @@ + homedir[sizeof(homedir)-1] = 0; + home = homedir; + } ++ ++#ifdef USE_SSL ++ if (ssl_enabled) { ++ if (!do_ssleay_init(0)) { ++ fprintf(stderr,"ftp: SSLeay initialisation failed\n"); ++ fflush(stderr); ++ ERR_print_errors_fp(stderr); ++ exit(1); ++ } ++ } ++#endif /* USE_SSL */ ++ + if (argc > 0) { + if (sigsetjmp(toplevel, 1)) + exit(0); +diff -u -r -N netkit-ftp-0.17/ftp/main.c.~1~ netkit-ftp-0.17+ssl-0.2/ftp/main.c.~1~ +--- netkit-ftp-0.17/ftp/main.c.~1~ Thu Jan 1 01:00:00 1970 ++++ netkit-ftp-0.17+ssl-0.2/ftp/main.c.~1~ Sun Sep 24 16:30:36 2000 +@@ -0,0 +1,735 @@ ++/* ++ * The modifications to support SSLeay were done by Tim Hudson ++ * tjh@cryptsoft.com ++ * ++ * You can do whatever you like with these patches except pretend that ++ * you wrote them. ++ * ++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to ++ * join the mailing list that discusses SSLeay and also these patches. ++ * ++ */ ++ ++/* ++ * Copyright (c) 1985, 1989 Regents of the University of California. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the University of ++ * California, Berkeley and its contributors. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++char copyright[] = ++ "@(#) Copyright (c) 1985, 1989 Regents of the University of California.\n" ++ "All rights reserved.\n"; ++ ++/* ++ * from: @(#)main.c 5.18 (Berkeley) 3/1/91 ++ */ ++char main_rcsid[] = ++ "$Id: netkit-ftp-0.17+ssl-0.2.diff,v 1.1 2002/11/23 07:31:44 raker Exp $"; ++ ++ ++/* ++ * FTP User Program -- Command Interface. ++ */ ++#include <sys/types.h> ++#include <sys/socket.h> ++#include <sys/ioctl.h> ++ ++/* #include <arpa/ftp.h> <--- unused? */ ++ ++#include <signal.h> ++#include <unistd.h> ++#include <string.h> ++#include <stdlib.h> ++#include <stdio.h> ++#include <errno.h> ++#include <ctype.h> ++#include <netdb.h> ++#include <pwd.h> ++#ifdef __USE_READLINE__ ++#include <readline/readline.h> ++#include <readline/history.h> ++#endif ++ ++#define Extern ++#include "ftp_var.h" ++int traceflag = 0; ++const char *home = "/"; ++ ++extern FILE *cout; ++extern int data; ++extern struct cmd cmdtab[]; ++extern int NCMDS; ++ ++void intr(int); ++void lostpeer(int); ++void help(int argc, char *argv[]); ++ ++static void cmdscanner(int top); ++static char *slurpstring(void); ++ ++#ifdef USE_SSL ++ ++/* icky way of doing things ... */ ++#include "sslapp.c" ++ ++/* ++#include "ssl_err.h" ++*/ ++ ++SSL *ssl_con; ++SSL *ssl_data_con; ++int ssl_data_active_flag=0; ++ ++/* for the moment this is a compile time option only --tjh */ ++int ssl_encrypt_data=1; ++int ssl_enabled=1; ++ ++char *my_ssl_key_file=NULL; ++char *my_ssl_cert_file=NULL; ++ ++BIO *bio_err=NULL; ++ ++static long ++bio_dump_cb(BIO *bio, ++ int cmd, ++ char *argp, ++ int argi, ++ long argl, ++ long ret) ++ { ++ BIO *out; ++ ++/* ++ out=(BIO *)BIO_get_callback_arg(bio); ++*/ ++ out=bio_err; ++ if (out == NULL) return(ret); ++ ++ if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) ++ { ++ BIO_printf(out,"read from %08X (%d bytes => %ld (%X))\n", ++ bio,argi,ret,ret); ++ BIO_dump(out,argp,(int)ret); ++ BIO_flush(out); ++ } ++ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) ++ { ++ BIO_printf(out,"write to %08X (%d bytes => %ld (%X))\n", ++ bio,argi,ret,ret); ++ BIO_dump(out,argp,(int)ret); ++ BIO_flush(out); ++ } ++ return( (cmd & BIO_CB_RETURN) ? ret : 1); ++ } ++ ++int ++set_ssl_trace(SSL *con) ++{ ++ if (con!=NULL) { ++ if (ssl_debug_flag) { ++ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); ++ BIO_set_callback_arg(SSL_get_rbio(con),bio_err); ++ } ++ } ++ return 0; ++} ++ ++#endif /* USE_SSL */ ++ ++static ++void ++usage(void) ++{ ++ printf("\n\tUsage: { ftp | pftp } [-pinegvtd] [hostname]\n"); ++ printf("\t -p: enable passive mode (default for pftp)\n"); ++ printf("\t -i: turn off prompting during mget\n"); ++ printf("\t -n: inhibit auto-login\n"); ++ printf("\t -e: disable readline support, if present\n"); ++ printf("\t -g: disable filename globbing\n"); ++ printf("\t -v: verbose mode\n"); ++ printf("\t -t: enable packet tracing [nonfunctional]\n"); ++ printf("\t -d: enable debugging\n"); ++ printf("\n"); ++} ++ ++int ++main(volatile int argc, char **volatile argv) ++{ ++ register char *cp; ++ struct servent *sp; ++ int top; ++ struct passwd *pw = NULL; ++ char homedir[MAXPATHLEN]; ++ ++ tick = 0; ++ ++ sp = getservbyname("ftp", "tcp"); ++ if (sp == 0) { ++ fprintf(stderr, "ftp: ftp/tcp: unknown service\n"); ++ exit(1); ++ } ++ ftp_port = sp->s_port; ++ doglob = 1; ++ interactive = 1; ++ autologin = 1; ++ passivemode = 0; ++ ++ cp = strrchr(argv[0], '/'); ++ cp = (cp == NULL) ? argv[0] : cp+1; ++ if (strcmp(cp, "pftp") == 0) ++ passivemode = 1; ++ ++#ifdef __USE_READLINE__ ++ /* ++ * Set terminal type so libreadline can parse .inputrc correctly ++ */ ++ rl_terminal_name = getenv("TERM"); ++#endif ++ ++ argc--, argv++; ++ while (argc > 0 && **argv == '-') { ++ for (cp = *argv + 1; *cp; cp++) ++ switch (*cp) { ++ ++ case 'd': ++ options |= SO_DEBUG; ++ debug++; ++ break; ++ ++ case 'v': ++ verbose++; ++ break; ++ ++ case 't': ++ traceflag++; ++ break; ++ ++ case 'i': ++ interactive = 0; ++ break; ++ ++ case 'n': ++ autologin = 0; ++ break; ++ ++ case 'p': ++ passivemode = 1; ++ break; ++ ++ case 'g': ++ doglob = 0; ++ break; ++ ++ case 'e': ++ rl_inhibit = 1; ++ break; ++ ++ case 'h': ++ usage(); ++ exit(0); ++ ++#ifdef USE_SSL ++ case 'z': ++ if (strcmp(optarg, "debug") == 0 ) { ++ ssl_debug_flag=1; ++ } ++ if (strcmp(optarg, "ssl") == 0 ) { ++ ssl_only_flag=1; ++ } ++ /* disable *all* ssl stuff */ ++ if ( (strcmp(optarg, "!ssl") == 0 ) || ++ (strcmp(optarg, "nossl") == 0 ) ) { ++ ssl_enabled=0; ++ } ++ if (strcmp(optarg, "secure") == 0 ) { ++ ssl_secure_flag=1; ++ } ++ if (strcmp(optarg, "certsok") == 0 ) { ++ ssl_certsok_flag=1; ++ } ++ if (strcmp(optarg, "verbose") == 0 ) { ++ ssl_verbose_flag=1; ++ } ++ if (strncmp(optarg, "verify=", strlen("verify=")) == 0 ) { ++ ssl_verify_flag=atoi(optarg+strlen("verify=")); ++ } ++ if (strncmp(optarg, "cert=", strlen("cert=")) == 0 ) { ++ my_ssl_cert_file=optarg+strlen("cert="); ++ } ++ if (strncmp(optarg, "key=", strlen("key=")) == 0 ) { ++ my_ssl_key_file=optarg+strlen("key="); ++ } ++ ++ /* we have swallowed an extra arg */ ++ argc--; ++ argv++; ++ break; ++#endif /* USE_SSL */ ++ ++ default: ++ fprintf(stdout, ++ "ftp: %c: unknown option\n", *cp); ++ exit(1); ++ } ++ argc--, argv++; ++ } ++ fromatty = isatty(fileno(stdin)); ++ if (fromatty) ++ verbose++; ++ cpend = 0; /* no pending replies */ ++ proxy = 0; /* proxy not active */ ++ crflag = 1; /* strip c.r. on ascii gets */ ++ sendport = -1; /* not using ports */ ++ /* ++ * Set up the home directory in case we're globbing. ++ */ ++ cp = getlogin(); ++ if (cp != NULL) { ++ pw = getpwnam(cp); ++ } ++ if (pw == NULL) ++ pw = getpwuid(getuid()); ++ if (pw != NULL) { ++ strncpy(homedir, pw->pw_dir, sizeof(homedir)); ++ homedir[sizeof(homedir)-1] = 0; ++ home = homedir; ++ } ++ ++#ifdef USE_SSL ++ if (ssl_enabled) { ++ if (!do_ssleay_init(0)) { ++ fprintf(stderr,"ftp: SSLeay initialisation failed\n"); ++ fflush(stderr); ++ ERR_print_errors_fp(stderr); ++ exit(1); ++ } ++ } ++#endif /* USE_SSL */ ++ ++ if (argc > 0) { ++ if (sigsetjmp(toplevel, 1)) ++ exit(0); ++ (void) signal(SIGINT, intr); ++ (void) signal(SIGPIPE, lostpeer); ++ setpeer(argc + 1, argv - 1); ++ } ++ top = sigsetjmp(toplevel, 1) == 0; ++ if (top) { ++ (void) signal(SIGINT, intr); ++ (void) signal(SIGPIPE, lostpeer); ++ } ++ for (;;) { ++ cmdscanner(top); ++ top = 1; ++ } ++} ++ ++void ++intr(int ignore) ++{ ++ (void)ignore; ++ siglongjmp(toplevel, 1); ++} ++ ++void ++lostpeer(int ignore) ++{ ++ (void)ignore; ++ ++ if (connected) { ++ if (cout != NULL) { ++ shutdown(fileno(cout), 1+1); ++ fclose(cout); ++ cout = NULL; ++ } ++ if (data >= 0) { ++ shutdown(data, 1+1); ++ close(data); ++ data = -1; ++ } ++ connected = 0; ++ } ++ pswitch(1); ++ if (connected) { ++ if (cout != NULL) { ++ shutdown(fileno(cout), 1+1); ++ fclose(cout); ++ cout = NULL; ++ } ++ connected = 0; ++ } ++ proxflag = 0; ++ pswitch(0); ++} ++ ++/*char * ++tail(filename) ++ char *filename; ++{ ++ register char *s; ++ ++ while (*filename) { ++ s = rindex(filename, '/'); ++ if (s == NULL) ++ break; ++ if (s[1]) ++ return (s + 1); ++ *s = '\0'; ++ } ++ return (filename); ++} ++*/ ++ ++static char *get_input_line(char *buf, int buflen) ++{ ++#ifdef __USE_READLINE__ ++ if (fromatty && !rl_inhibit) { ++ char *lineread = readline("ftp> "); ++ if (!lineread) return NULL; ++ strncpy(buf, lineread, buflen); ++ buf[buflen-1] = 0; ++ if (lineread[0]) add_history(lineread); ++ free(lineread); ++ return buf; ++ } ++#endif ++ if (fromatty) { ++ printf("ftp> "); ++ fflush(stdout); ++ } ++ return fgets(buf, buflen, stdin); ++} ++ ++ ++/* ++ * Command parser. ++ */ ++static void ++cmdscanner(int top) ++{ ++ int margc; ++ char *marg; ++ char **margv; ++ register struct cmd *c; ++ register int l; ++ ++ if (!top) ++ (void) putchar('\n'); ++ for (;;) { ++ if (!get_input_line(line, sizeof(line))) { ++ quit(); ++ } ++ l = strlen(line); ++ if (l == 0) ++ break; ++ if (line[--l] == '\n') { ++ if (l == 0) ++ break; ++ line[l] = '\0'; ++ } ++ else if (l == sizeof(line) - 2) { ++ printf("sorry, input line too long\n"); ++ while ((l = getchar()) != '\n' && l != EOF) ++ /* void */; ++ break; ++ } /* else it was a line without a newline */ ++ margv = makeargv(&margc, &marg); ++ if (margc == 0) { ++ continue; ++ } ++ c = getcmd(margv[0]); ++ if (c == (struct cmd *)-1) { ++ printf("?Ambiguous command\n"); ++ continue; ++ } ++ if (c == NULL) { ++ printf("?Invalid command\n"); ++ continue; ++ } ++ if (c->c_conn && !connected) { ++ printf("Not connected.\n"); ++ continue; ++ } ++ if (c->c_handler_v) c->c_handler_v(margc, margv); ++ else if (c->c_handler_0) c->c_handler_0(); ++ else c->c_handler_1(marg); ++ ++ if (bell && c->c_bell) putchar('\007'); ++ if (c->c_handler_v != help) ++ break; ++ } ++ (void) signal(SIGINT, intr); ++ (void) signal(SIGPIPE, lostpeer); ++} ++ ++struct cmd * ++getcmd(const char *name) ++{ ++ const char *p, *q; ++ struct cmd *c, *found; ++ int nmatches, longest; ++ ++ longest = 0; ++ nmatches = 0; ++ found = 0; ++ for (c = cmdtab; (p = c->c_name) != NULL; c++) { ++ for (q = name; *q == *p++; q++) ++ if (*q == 0) /* exact match? */ ++ return (c); ++ if (!*q) { /* the name was a prefix */ ++ if (q - name > longest) { ++ longest = q - name; ++ nmatches = 1; ++ found = c; ++ } else if (q - name == longest) ++ nmatches++; ++ } ++ } ++ if (nmatches > 1) ++ return ((struct cmd *)-1); ++ return (found); ++} ++ ++/* ++ * Slice a string up into argc/argv. ++ */ ++ ++int slrflag; ++ ++char ** ++makeargv(int *pargc, char **parg) ++{ ++ static char *rargv[20]; ++ int rargc = 0; ++ char **argp; ++ ++ argp = rargv; ++ stringbase = line; /* scan from first of buffer */ ++ argbase = argbuf; /* store from first of buffer */ ++ slrflag = 0; ++ while ((*argp++ = slurpstring())!=NULL) ++ rargc++; ++ ++ *pargc = rargc; ++ if (parg) *parg = altarg; ++ return rargv; ++} ++ ++/* ++ * Parse string into argbuf; ++ * implemented with FSM to ++ * handle quoting and strings ++ */ ++static ++char * ++slurpstring(void) ++{ ++ static char excl[] = "!", dols[] = "$"; ++ ++ int got_one = 0; ++ register char *sb = stringbase; ++ register char *ap = argbase; ++ char *tmp = argbase; /* will return this if token found */ ++ ++ if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */ ++ switch (slrflag) { /* and $ as token for macro invoke */ ++ case 0: ++ slrflag++; ++ stringbase++; ++ return ((*sb == '!') ? excl : dols); ++ /* NOTREACHED */ ++ case 1: ++ slrflag++; ++ altarg = stringbase; ++ break; ++ default: ++ break; ++ } ++ } ++ ++S0: ++ switch (*sb) { ++ ++ case '\0': ++ goto OUT; ++ ++ case ' ': ++ case '\t': ++ sb++; goto S0; ++ ++ default: ++ switch (slrflag) { ++ case 0: ++ slrflag++; ++ break; ++ case 1: ++ slrflag++; ++ altarg = sb; ++ break; ++ default: ++ break; ++ } ++ goto S1; ++ } ++ ++S1: ++ switch (*sb) { ++ ++ case ' ': ++ case '\t': ++ case '\0': ++ goto OUT; /* end of token */ ++ ++ case '\\': ++ sb++; goto S2; /* slurp next character */ ++ ++ case '"': ++ sb++; goto S3; /* slurp quoted string */ ++ ++ default: ++ *ap++ = *sb++; /* add character to token */ ++ got_one = 1; ++ goto S1; ++ } ++ ++S2: ++ switch (*sb) { ++ ++ case '\0': ++ goto OUT; ++ ++ default: ++ *ap++ = *sb++; ++ got_one = 1; ++ goto S1; ++ } ++ ++S3: ++ switch (*sb) { ++ ++ case '\0': ++ goto OUT; ++ ++ case '"': ++ sb++; goto S1; ++ ++ default: ++ *ap++ = *sb++; ++ got_one = 1; ++ goto S3; ++ } ++ ++OUT: ++ if (got_one) ++ *ap++ = '\0'; ++ argbase = ap; /* update storage pointer */ ++ stringbase = sb; /* update scan pointer */ ++ if (got_one) { ++ return(tmp); ++ } ++ switch (slrflag) { ++ case 0: ++ slrflag++; ++ break; ++ case 1: ++ slrflag++; ++ altarg = NULL; ++ break; ++ default: ++ break; ++ } ++ return NULL; ++} ++ ++#define HELPINDENT ((int) sizeof ("directory")) ++ ++/* ++ * Help command. ++ * Call each command handler with argc == 0 and argv[0] == name. ++ */ ++void ++help(int argc, char *argv[]) ++{ ++ struct cmd *c; ++ ++ if (argc == 1) { ++ int i, j, w; ++ unsigned k; ++ int columns, width = 0, lines; ++ ++ printf("Commands may be abbreviated. Commands are:\n\n"); ++ for (c = cmdtab; c < &cmdtab[NCMDS]; c++) { ++ int len = strlen(c->c_name); ++ ++ if (len > width) ++ width = len; ++ } ++ width = (width + 8) &~ 7; ++ columns = 80 / width; ++ if (columns == 0) ++ columns = 1; ++ lines = (NCMDS + columns - 1) / columns; ++ for (i = 0; i < lines; i++) { ++ for (j = 0; j < columns; j++) { ++ c = cmdtab + j * lines + i; ++ if (c->c_name && (!proxy || c->c_proxy)) { ++ printf("%s", c->c_name); ++ } ++ else if (c->c_name) { ++ for (k=0; k < strlen(c->c_name); k++) { ++ (void) putchar(' '); ++ } ++ } ++ if (c + lines >= &cmdtab[NCMDS]) { ++ printf("\n"); ++ break; ++ } ++ w = strlen(c->c_name); ++ while (w < width) { ++ w = (w + 8) &~ 7; ++ (void) putchar('\t'); ++ } ++ } ++ } ++ return; ++ } ++ while (--argc > 0) { ++ register char *arg; ++ arg = *++argv; ++ c = getcmd(arg); ++ if (c == (struct cmd *)-1) ++ printf("?Ambiguous help command %s\n", arg); ++ else if (c == NULL) ++ printf("?Invalid help command %s\n", arg); ++ else ++ printf("%-*s\t%s\n", HELPINDENT, ++ c->c_name, c->c_help); ++ } ++} +diff -u -r -N netkit-ftp-0.17/ftp/ssl_port.h netkit-ftp-0.17+ssl-0.2/ftp/ssl_port.h +--- netkit-ftp-0.17/ftp/ssl_port.h Thu Jan 1 01:00:00 1970 ++++ netkit-ftp-0.17+ssl-0.2/ftp/ssl_port.h Sun Sep 24 15:46:02 2000 +@@ -0,0 +1,85 @@ ++/* ssl_port.h - standard porting things ++ * ++ * The modifications to support SSLeay were done by Tim Hudson ++ * tjh@mincom.oz.au ++ * ++ * You can do whatever you like with these patches except pretend that ++ * you wrote them. ++ * ++ * Email ssl-users-request@mincom.oz.au to get instructions on how to ++ * join the mailing list that discusses SSLeay and also these patches. ++ * ++ */ ++ ++#ifndef HEADER_SSL_PORT_H ++#define HEADER_SSL_PORT_H ++ ++#ifdef USE_SSL ++ ++#include <stdio.h> ++ ++#define OLDPROTO NOPROTO ++#define NOPROTO ++#include <openssl/buffer.h> ++#undef NOPROTO ++#define NOPROTO OLDPROTO ++ ++#include <openssl/x509.h> ++#include <openssl/ssl.h> ++#include <openssl/err.h> ++ ++extern SSL *ssl_con; ++extern SSL_CTX *ssl_ctx; ++extern int ssl_debug_flag; ++extern int ssl_only_flag; ++extern int ssl_active_flag; ++extern int ssl_verify_flag; ++extern int ssl_secure_flag; ++extern int ssl_enabled; ++ ++extern int ssl_encrypt_data; ++extern SSL *ssl_data_con; ++extern int ssl_data_active_flag; ++ ++extern char *my_ssl_cert_file; ++extern char *my_ssl_key_file; ++extern int ssl_certsok_flag; ++ ++extern int set_ssl_trace(SSL *s); ++ ++extern FILE *cin, *cout; ++ ++#define is_ssl_fd(X,Y) ( (SSL_get_fd((X))==0) || \ ++ (SSL_get_fd((X))==1) || \ ++ (SSL_get_fd((X))==pdata) || \ ++ (SSL_get_fd((X))==(Y)) \ ++ ) ++ ++#define is_ssl_fp(X,Y) ( ( (SSL_get_fd((X))==0) && (fileno((Y))==0) ) || \ ++ ( (SSL_get_fd((X))==1) && (fileno((Y))==1) ) || \ ++ ( (SSL_get_fd((X))==pdata) && \ ++ (fileno((Y))==pdata) ) || \ ++ (SSL_get_fd((X))==fileno(Y)) \ ++ ) ++ ++/* these macros make things much easier to handle ... */ ++ ++#define FFLUSH(X) (ssl_active_flag && (((X)==cin)||((X)==cout)) ? 1 : fflush((X)) ) ++ ++#define GETC(X) (ssl_active_flag && (((X)==cin)||((X)==cout)) ? ssl_getc(ssl_con) : getc((X)) ) ++ ++#define DATAGETC(X) (ssl_data_active_flag && ((fileno(X)==data)||(fileno(X)==pdata)) ? ssl_getc(ssl_data_con) : getc((X)) ) ++#define DATAPUTC(X,Y) (ssl_data_active_flag && ((fileno(Y)==data)||(fileno(Y)==pdata)) ? ssl_putc(ssl_data_con,(X)) : putc((X),(Y)) ) ++#define DATAFLUSH(X) (ssl_data_active_flag && ((fileno(X)==data)||(fileno(X)==pdata)) ? ssl_putc_flush(ssl_data_con) : fflush((X)) ) ++ ++#else ++ ++#define GETC(X) getc((X)) ++#define DATAGETC(X) getc((X)) ++#define DATAPUTC(X,Y) putc((X),(Y)) ++#define DATAFLUSH(X) fflush((X)) ++#define FFLUSH(X) fflush((X)) ++ ++#endif /* USE_SSL */ ++ ++#endif /* HEADER_SSL_PORT_H */ +diff -u -r -N netkit-ftp-0.17/ftp/sslapp.c netkit-ftp-0.17+ssl-0.2/ftp/sslapp.c +--- netkit-ftp-0.17/ftp/sslapp.c Thu Jan 1 01:00:00 1970 ++++ netkit-ftp-0.17+ssl-0.2/ftp/sslapp.c Sun Sep 24 18:07:23 2000 +@@ -0,0 +1,186 @@ ++/* sslapp.c - ssl application code */ ++ ++/* ++ * The modifications to support SSLeay were done by Tim Hudson ++ * tjh@cryptsoft.com ++ * ++ * You can do whatever you like with these patches except pretend that ++ * you wrote them. ++ * ++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to ++ * join the mailing list that discusses SSLeay and also these patches. ++ * ++ */ ++ ++#ifdef USE_SSL ++ ++#include "sslapp.h" ++ ++SSL_CTX *ssl_ctx; ++SSL *ssl_con; ++int ssl_debug_flag=0; ++int ssl_only_flag=0; ++int ssl_active_flag=0; ++int ssl_verify_flag=SSL_VERIFY_NONE; ++int ssl_secure_flag=0; ++int ssl_certsok_flag=0; ++int ssl_cert_required=0; ++int ssl_verbose_flag=0; ++int ssl_disabled_flag=0; ++char *ssl_cert_file=NULL; ++char *ssl_key_file=NULL; ++char *ssl_cipher_list=NULL; ++char *ssl_log_file=NULL; ++ ++/* fwd decl */ ++static void ++client_info_callback(SSL *s, int where, int ret); ++ ++int ++do_ssleay_init(int server) ++{ ++ char *p; ++ ++ /* make sure we have somewhere we can log errors to */ ++ if (bio_err==NULL) { ++ if ((bio_err=BIO_new(BIO_s_file()))!=NULL) { ++ if (ssl_log_file==NULL) ++ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); ++ else { ++ if (BIO_write_filename(bio_err,ssl_log_file)<=0) { ++ /* not a lot we can do */ ++ } ++ } ++ } ++ } ++ ++ /* rather simple things these days ... the old SSL_LOG and SSL_ERR ++ * vars are long gone now SSLeay8 has rolled around and we have ++ * a clean interface for doing things ++ */ ++ if (ssl_debug_flag) ++ BIO_printf(bio_err,"SSL_DEBUG_FLAG on\r\n"); ++ ++ ++ /* init things so we will get meaningful error messages ++ * rather than numbers ++ */ ++ SSL_load_error_strings(); ++ ++ SSLeay_add_ssl_algorithms(); ++ ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_method()); ++ ++ /* we may require a temp 512 bit RSA key because of the ++ * wonderful way export things work ... if so we generate ++ * one now! ++ */ ++ if (server) { ++ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) { ++ RSA *rsa; ++ ++ if (ssl_debug_flag) ++ BIO_printf(bio_err,"Generating temp (512 bit) RSA key ...\r\n"); ++ rsa=RSA_generate_key(512,RSA_F4,NULL,NULL); ++ if (ssl_debug_flag) ++ BIO_printf(bio_err,"Generation of temp (512 bit) RSA key done\r\n"); ++ ++ if (!SSL_CTX_set_tmp_rsa(ssl_ctx,rsa)) { ++ BIO_printf(bio_err,"Failed to assign generated temp RSA key!\r\n"); ++ } ++ RSA_free(rsa); ++ if (ssl_debug_flag) ++ BIO_printf(bio_err,"Assigned temp (512 bit) RSA key\r\n"); ++ } ++ } ++ ++ /* also switch on all the interoperability and bug ++ * workarounds so that we will communicate with people ++ * that cannot read poorly written specs :-) ++ */ ++ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); ++ ++ /* the user can set whatever ciphers they want to use */ ++ if (ssl_cipher_list==NULL) { ++ p=getenv("SSL_CIPHER"); ++ if (p!=NULL) ++ SSL_CTX_set_cipher_list(ssl_ctx,p); ++ } else ++ SSL_CTX_set_cipher_list(ssl_ctx,ssl_cipher_list); ++ ++ /* for verbose we use the 0.6.x info callback that I got ++ * eric to finally add into the code :-) --tjh ++ */ ++ if (ssl_verbose_flag) { ++ SSL_CTX_set_info_callback(ssl_ctx,client_info_callback); ++ } ++ ++ /* Add in any certificates if you want to here ... */ ++ if (ssl_cert_file) { ++ if (!SSL_CTX_use_certificate_file(ssl_ctx, ssl_cert_file, ++ X509_FILETYPE_PEM)) { ++ BIO_printf(bio_err,"Error loading %s: ",ssl_cert_file); ++ ERR_print_errors(bio_err); ++ BIO_printf(bio_err,"\r\n"); ++ return(0); ++ } else { ++ if (!ssl_key_file) ++ ssl_key_file = ssl_cert_file; ++ if (!SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, ssl_key_file, ++ X509_FILETYPE_PEM)) { ++ BIO_printf(bio_err,"Error loading %s: ",ssl_key_file); ++ ERR_print_errors(bio_err); ++ BIO_printf(bio_err,"\r\n"); ++ return(0); ++ } ++ } ++ } ++ ++ /* make sure we will find certificates in the standard ++ * location ... otherwise we don't look anywhere for ++ * these things which is going to make client certificate ++ * exchange rather useless :-) ++ */ ++ SSL_CTX_set_default_verify_paths(ssl_ctx); ++ ++ /* now create a connection */ ++ ssl_con=(SSL *)SSL_new(ssl_ctx); ++ SSL_set_verify(ssl_con,ssl_verify_flag,NULL); ++ ++#if 0 ++ SSL_set_verify(ssl_con,ssl_verify_flag,client_verify_callback); ++#endif ++ ++ return(1); ++} ++ ++ ++static void ++client_info_callback(SSL *s, int where, int ret) ++{ ++ if (where==SSL_CB_CONNECT_LOOP) { ++ BIO_printf(bio_err,"SSL_connect:%s %s\r\n", ++ SSL_state_string(s),SSL_state_string_long(s)); ++ } else if (where==SSL_CB_CONNECT_EXIT) { ++ if (ret == 0) { ++ BIO_printf(bio_err,"SSL_connect:failed in %s %s\r\n", ++ SSL_state_string(s),SSL_state_string_long(s)); ++ } else if (ret < 0) { ++ BIO_printf(bio_err,"SSL_connect:error in %s %s\r\n", ++ SSL_state_string(s),SSL_state_string_long(s)); ++ } ++ } ++} ++ ++ ++#else /* !USE_SSL */ ++ ++/* something here to stop warnings if we build without SSL support */ ++static int dummy_func() ++{ ++ int i; ++ ++ i++; ++} ++ ++#endif /* USE_SSL */ ++ +diff -u -r -N netkit-ftp-0.17/ftp/sslapp.h netkit-ftp-0.17+ssl-0.2/ftp/sslapp.h +--- netkit-ftp-0.17/ftp/sslapp.h Thu Jan 1 01:00:00 1970 ++++ netkit-ftp-0.17+ssl-0.2/ftp/sslapp.h Sun Sep 24 18:07:48 2000 +@@ -0,0 +1,63 @@ ++/* sslapp.h - ssl application code */ ++ ++/* ++ * The modifications to support SSLeay were done by Tim Hudson ++ * tjh@cryptsoft.com ++ * ++ * You can do whatever you like with these patches except pretend that ++ * you wrote them. ++ * ++ * Email ssl-users-request@mincom.oz.au to get instructions on how to ++ * join the mailing list that discusses SSLeay and also these patches. ++ * ++ */ ++ ++#ifdef USE_SSL ++ ++#include <stdio.h> ++ ++#include <openssl/crypto.h> ++ ++#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) ++#define ONELINE_NAME(X) X509_NAME_oneline(X,NULL,0) ++ ++#define OLDPROTO NOPROTO ++#define NOPROTO ++#include <openssl/bio.h> ++#undef NOPROTO ++#define NOPROTO OLDPROTO ++#undef OLDPROTO ++#include <openssl/buffer.h> ++ ++#include <openssl/x509.h> ++#include <openssl/ssl.h> ++#include <openssl/err.h> ++ ++extern BIO *bio_err; ++extern SSL *ssl_con; ++extern SSL_CTX *ssl_ctx; ++extern int ssl_debug_flag; ++extern int ssl_only_flag; ++extern int ssl_active_flag; ++extern int ssl_verify_flag; ++extern int ssl_secure_flag; ++extern int ssl_verbose_flag; ++extern int ssl_disabled_flag; ++extern int ssl_cert_required; ++extern int ssl_certsok_flag; ++ ++extern char *ssl_log_file; ++extern char *ssl_cert_file; ++extern char *ssl_key_file; ++extern char *ssl_cipher_list; ++ ++/* we hide all the initialisation code in a separate file now */ ++extern int do_ssleay_init(int server); ++ ++/*extern int display_connect_details(); ++extern int server_verify_callback(); ++extern int client_verify_callback();*/ ++ ++#endif /* USE_SSL */ ++ ++ |