[1780] in Kerberos-V5-bugs
assorted ftpd bugs
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Jan 18 15:30:15 1996
Date: Thu, 18 Jan 1996 15:29:53 -0500
From: Sam Hartman <hartmans@MIT.EDU>
To: eichin@cygnus.com
Cc: krb5-bugs@MIT.EDU
1) It fails to build on AIX because you want to include sys/select.h in ftp.c.
2) I believe the loop that checks for possible server names in ftpd.c was broken. I don't have a ftp/tertius.mit.edu entry in /etc/v5srvtab, although I do have host/tertius.mit.edu but it fails before trying that.
3) Getting a large file (/mit/krb5/arch/rs_aix32/sbin/ftpd) in
private or safe protection levels from a RISC/6000 to a Sun or
RISC/6000 fails as follows:
bash$ cd /mit/krb5/bin
bash$ ./ftp tertius
Connected to tertius.mit.edu.
220 tertius.mit.edu FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
Name (tertius:hartmans): hartmans
232 GSSAPI user hartmans@ATHENA.MIT.EDU is authorized as hartmans
230 User hartmans logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> safe
200 Protection level set to Safe.
ftp> get /mit/krb5/arch/@sys/sbin/ftpd /tmp/ftpd
227 Entering Passive Mode (18,245,0,93,10,25)
150 Opening BINARY mode data connection for /mit/krb5/arch/@sys/sbin/ftpd (1246231 bytes).
Length (1048628) of PROT buffer > PBSZ=1048576
426 Data connection: Invalid argument.
ftp> private
200 Protection level set to Private.
ftp> get /mit/krb5/arch/@sys/sbin/ftpd /tmp/ftpd
227 Entering Passive Mode (18,245,0,93,10,27)
150 Opening BINARY mode data connection for /mit/krb5/arch/@sys/sbin/ftpd (1246231 bytes).
Length (2294852) of PROT buffer > PBSZ=1048576
426 Data connection: Invalid argument.
ftp> quit
221 Goodbye.
bash$
4) You probably don't notice, but the ftp client is printing nulls at
the end of network responses.
Here is a patch that I will commit to the MIT tree for bugs 1
and 2.
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/gssftp/ftp/ChangeLog,v
retrieving revision 1.1
diff -c -r1.1 ChangeLog
*** ChangeLog 1996/01/14 08:32:37 1.1
--- ChangeLog 1996/01/18 16:57:02
***************
*** 1,3 ****
--- 1,9 ----
+ Thu Jan 18 11:55:50 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * configure.in: Check for sys/select.h
+
+ * ftp.c: Include sys/select.h if present.
+
Sun Jan 14 01:54:35 1996 Bill Schoofs <wjs@cray.com>
* Makefile.in (DEFINES): define NOCONFIDENTIAL for future use.
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/gssftp/ftp/configure.in,v
retrieving revision 1.1
diff -c -r1.1 configure.in
*** configure.in 1996/01/14 08:32:43 1.1
--- configure.in 1996/01/18 16:57:02
***************
*** 7,12 ****
--- 7,13 ----
CHECK_WAIT_TYPE
AC_FUNC_VFORK
AC_HAVE_FUNCS(getcwd getdtablesize)
+ AC_CHECK_HEADERS(sys/select.h)
AC_HEADER_CHECK(termios.h,AC_FUNC_CHECK(cfsetispeed,AC_DEFINE(POSIX_TERMIOS)))
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/gssftp/ftp/ftp.c,v
retrieving revision 1.1
diff -c -r1.1 ftp.c
*** ftp.c 1996/01/14 08:32:46 1.1
--- ftp.c 1996/01/18 16:57:03
***************
*** 41,46 ****
--- 41,49 ----
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/file.h>
+ #ifdef HAVE_SYS_SELECT_H
+ #include <sys/select.h>
+ #endif
#include <netinet/in.h>
#include <netinet/in_systm.h>
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/gssftp/ftpd/ChangeLog,v
retrieving revision 1.1
diff -c -r1.1 ChangeLog
*** ChangeLog 1996/01/14 08:33:02 1.1
--- ChangeLog 1996/01/18 19:57:41
***************
*** 1,3 ****
--- 1,7 ----
+ Thu Jan 18 14:55:42 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * ftpd.c : Only return an unable to acquire credentials error if all possible services fail.
+
Sun Jan 14 02:58:42 1996 Mark Eichin <eichin@cygnus.com>
* ftpd.c (auth_data): call gss_release_cred on the server_creds we
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/gssftp/ftpd/ftpd.c,v
retrieving revision 1.1
diff -c -r1.1 ftpd.c
*** ftpd.c 1996/01/14 08:33:09 1.1
--- ftpd.c 1996/01/18 19:57:44
***************
*** 1938,1944 ****
maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
&server_creds, NULL, NULL);
! if (maj_stat != GSS_S_COMPLETE) {
reply_gss_error(501, maj_stat, min_stat,
"acquiring credentials");
syslog(LOG_ERR, "gssapi error acquiring credentials");
--- 1938,1949 ----
maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
&server_creds, NULL, NULL);
! (void) gss_release_name(&min_stat, &server_name);
! if (maj_stat != GSS_S_COMPLETE)
! continue;
! }
! if (maj_stat != GSS_S_COMPLETE)
! {
reply_gss_error(501, maj_stat, min_stat,
"acquiring credentials");
syslog(LOG_ERR, "gssapi error acquiring credentials");
***************
*** 1947,1955 ****
if (server_creds == GSS_C_NO_CREDENTIAL) {
syslog(LOG_ERR, "acquire return GSS_C_NO_CREDENTIAL");
}
! (void) gss_release_name(&min_stat, &server_name);
! break;
! }
gcontext = GSS_C_NO_CONTEXT;
--- 1952,1958 ----
if (server_creds == GSS_C_NO_CREDENTIAL) {
syslog(LOG_ERR, "acquire return GSS_C_NO_CREDENTIAL");
}
!
gcontext = GSS_C_NO_CONTEXT;
