[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Fw: [PATCH] AUTH TLS support for debian package ftp-ssl

Hello,

There is a patch to support AUTH TLS in ftp-ssl. I don't have any facilities to
test whether it work or not. Could somebody check these codes and test it
please?

PS: I don't subscribe to this list, please CC me.

Thanks,
Cai Qian
--- Begin Message --- 
Dear Cai Qian,

here comes a patch which i created to support TLS authentication and
(optional) data connection encryption according to
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-16.txt .

The default is to fall back to insecure authentication if AUTH TLS is
not supported by the server to match the current behaviour of the AUTH
SSL code.

If you specify "-z secure", then encryption of both the control and the
data connection are required.

I'd love to see this in Debian, because it allows me to log in securely
to pure-ftpd and there are probably more servers that don't support AUTH
SSL but TLS.

Regards,
Andreas

http://www.saftware.de/patches/ftp_tls.diff

--- netkit-ftp-ssl-0.17.12+0.2/ftp/ftp.c.orig	2005-10-07 09:05:21.733576736 +0200
+++ netkit-ftp-ssl-0.17.12+0.2/ftp/ftp.c	2005-10-07 09:31:33.717598840 +0200
@@ -1930,8 +1930,13 @@
 	int n;
 
 #ifdef USE_SSL
+        int use_tls = 0;
         if (ssl_enabled) {
 	    n = command("AUTH SSL");
+	    if (n == ERROR) {
+		use_tls = 1;
+		n = command("AUTH TLS");
+	    }
 	    if (n == ERROR) {		/* do normal USER/PASS */
 		printf("SSL not available\n");
 		/* spit the dummy as we will only talk ssl
@@ -1985,6 +1990,17 @@
 		    ssl_active_flag=1;
 		}
 
+		if (use_tls) {
+		    (void) command("PBSZ 0");
+		    if (command("PROT P") != COMPLETE)
+			ssl_encrypt_data = 0;
+		}
+
+		if (!ssl_encrypt_data && ssl_secure_flag) {
+		    fprintf(stderr, "Data connection security level refused.\n");
+		    return ERROR;
+		}
+
 		n = command("USER %s",u);
 		if (n == CONTINUE) {
 			if(p == NULL)

--- End Message ---
Reply to: