kerb-patch.txt

伯克利做的SFTP安全文件传输协议

*** ftpd.org.c      Thu Nov 11 00:35:16 1999
--- ftpd.c  Thu Nov 11 03:35:01 1999
***************
*** 211,216 ****
--- 211,252 ----
  int       swaitmax = SWAITMAX;
  int       swaitint = SWAITINT;

+
+ /*
+  * Scott McPeak's (smcpeak@acm.org) hack to get Kerberos' ftpd to cohabitate
+  * with SafeTP (http://safetp.cs.berkeley.edu/).
+  *
+  * Ideally, SafeTP would simply see "AUTH GSSAPI", connect to kftpd (on another
+  * port), relay the AUTH, and then forward data blindly.  However, kftpd checks
+  * the client and server's ideas about which ports are being used, and refuses
+  * to proceed if there's a mismatch.
+  *
+  * So there are at least two solutions:
+  *   1. Disable the port check.
+  *   2. Exec kftpd in sftpd's place (so it inherits the sockets).
+  *
+  * I chose the latter because:
+  *   - Avoids performance penalty of forwarding data.
+  *   - Leaves the port check in place (presumably there was some reason for it...)
+  *
+  * However, this has two drawbacks:
+  *   - kftpd's source has to be changed (true with either solution)
+  *   - kftpd must now be setuid root.  however, kftpd need not be readable nor
+  *     executable by anybody other than safetp, so drop the modified binary
+  *     into a directory only accessible to safetp
+  *
+  * Exec'ing naively won't work, because the client and server are not synchronized
+  * in their protocol streams.  We need a way to tell kftpd to pretend it has
+  * already sent its 220 message, and already received "AUTH GSSAPI".  This is
+  * easy, however -- we simply disable the 220 send, and set temp_auth_type
+  * (which is a string saying what AUTH it's seen).
+  *
+  * We do all this in response to a new command-line argument, S (for skip).
+  */
+ int dontSendInitial220 = 0;     /* set by -S processing */
+
+
+
  void      lostconn(), myoob();
  FILE      *getdatasock(), *dataconn();

***************
*** 372,377 ****
--- 408,420 ----
			}
			goto nextopt;
		}
+
+                 case 'S':
+                   /* Scott McPeak's SafeTP hack -- see above */
+                           dontSendInitial220 = 1;       /* pretend already sent 220 */
+                   temp_auth_type = "GSSAPI";    /* pretend already seen AUTH */
+                   break;
+
		default:
			fprintf(stderr, "ftpd: Unknown flag -%c ignored.\n",
			     *cp);
***************
*** 492,498 ****
--- 535,545 ----
	mode = MODE_S;
	tmpline[0] = '\0';
	(void) gethostname(hostname, sizeof (hostname));
+
+           if (!dontSendInitial220) {
		reply(220, "%s FTP server (%s) ready.", hostname, version);
+         }
+
	(void) setjmp(errcatch);
	for (;;)
		(void) yyparse();