summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Hadaway <raker@gentoo.org>2002-11-23 07:31:44 +0000
committerNick Hadaway <raker@gentoo.org>2002-11-23 07:31:44 +0000
commit0a12a408f406be61df3d4ec84fbe406b4f5bd520 (patch)
tree87f42860723ff300bb9fd9bc8d168d10d51a3e51 /net-ftp
parentsmall fix (diff)
downloadgentoo-2-0a12a408f406be61df3d4ec84fbe406b4f5bd520.tar.gz
gentoo-2-0a12a408f406be61df3d4ec84fbe406b4f5bd520.tar.bz2
gentoo-2-0a12a408f406be61df3d4ec84fbe406b4f5bd520.zip
New build which adds optional ssl support.
Diffstat (limited to 'net-ftp')
-rw-r--r--net-ftp/ftp/ChangeLog11
-rw-r--r--net-ftp/ftp/files/digest-ftp-0.17-r21
-rw-r--r--net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff1896
-rw-r--r--net-ftp/ftp/ftp-0.17-r2.ebuild39
4 files changed, 1946 insertions, 1 deletions
diff --git a/net-ftp/ftp/ChangeLog b/net-ftp/ftp/ChangeLog
index 5283af9dc466..b268adacee52 100644
--- a/net-ftp/ftp/ChangeLog
+++ b/net-ftp/ftp/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for net-ftp/ftp
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftp/ChangeLog,v 1.1 2002/02/01 21:53:32 gbevin Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftp/ChangeLog,v 1.2 2002/11/23 07:31:44 raker Exp $
+
+*ftp-0.17-r2 (12 Nov 2002)
+
+ 23 Nov 2002; Nick Hadaway <raker@gentoo.org> ftp-0.17-r2.ebuild,
+ files/digest-ftp-0.17-r2, files/netkit-ftp-0.17+ssl-0.2.diff :
+ Fixed a typo, marked unstable, and added to portage.
+
+ 12 Nov 2002; T.Sager <moixa@gmx.ch> ChangeLog :
+ Added patch for SSL support.
*ftp-0.17-r1 (1 Feb 2002)
diff --git a/net-ftp/ftp/files/digest-ftp-0.17-r2 b/net-ftp/ftp/files/digest-ftp-0.17-r2
new file mode 100644
index 000000000000..d98bdd29a960
--- /dev/null
+++ b/net-ftp/ftp/files/digest-ftp-0.17-r2
@@ -0,0 +1 @@
+MD5 94441610c9b86ef45c4c6ec609444060 netkit-ftp-0.17.tar.gz 53934
diff --git a/net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff b/net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff
new file mode 100644
index 000000000000..86c15833a90c
--- /dev/null
+++ b/net-ftp/ftp/files/netkit-ftp-0.17+ssl-0.2.diff
@@ -0,0 +1,1896 @@
+diff -u -r -N netkit-ftp-0.17/ftp/Makefile netkit-ftp-0.17+ssl-0.2/ftp/Makefile
+--- netkit-ftp-0.17/ftp/Makefile Sun Aug 1 08:00:12 1999
++++ netkit-ftp-0.17+ssl-0.2/ftp/Makefile Mon Sep 25 23:36:51 2000
+@@ -8,6 +8,9 @@
+ LIBS += -lreadline $(LIBTERMCAP)
+ endif
+
++CFLAGS += -DUSE_SSL -g
++LIBS += -lssl -lcrypto
++
+ ftp: cmds.o cmdtab.o domacro.o ftp.o glob.o main.o ruserpass.o
+ $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
+
+diff -u -r -N netkit-ftp-0.17/ftp/cmds.c netkit-ftp-0.17+ssl-0.2/ftp/cmds.c
+--- netkit-ftp-0.17/ftp/cmds.c Sun Jul 23 03:36:59 2000
++++ netkit-ftp-0.17+ssl-0.2/ftp/cmds.c Sun Sep 24 15:09:15 2000
+@@ -207,6 +207,32 @@
+ }
+ port = ftp_port;
+ if (argc > 2) {
++#ifdef USE_SSL
++ /* not really an SSL enhancement but something that
++ * should have always been here --tjh
++ */
++ if (!isdigit(argv[2][0])) {
++ struct servent *destsp;
++
++ destsp = getservbyname(argv[2], "tcp");
++
++ /* if lookup fails for ssl-ftp we fallback to
++ * the default (unofficial) port number
++ */
++ if ((strcmp(argv[2],"ssl-ftp")==0) && (destsp==NULL))
++ port = 150;
++ else {
++ if (destsp == NULL ) {
++ printf("%s: bad port name-- %s\n",argv[1],argv[2]);
++ printf ("usage: %s host-name [port]\n",argv[0]);
++ code = -1;
++ return;
++ } else {
++ port = ntohs(destsp->s_port);
++ }
++ }
++ } else
++#endif /* USE_SSL */
+ port = atoi(argv[2]);
+ if (port < 1) {
+ printf("%s: bad port number-- %s\n", argv[1], argv[2]);
+diff -u -r -N netkit-ftp-0.17/ftp/ftp.1 netkit-ftp-0.17+ssl-0.2/ftp/ftp.1
+--- netkit-ftp-0.17/ftp/ftp.1 Mon Jul 31 01:56:59 2000
++++ netkit-ftp-0.17+ssl-0.2/ftp/ftp.1 Sun May 13 14:10:22 2001
+@@ -97,6 +97,52 @@
+ as report on data transfer statistics.
+ .It Fl d
+ Enables debugging.
++.It Fl z Ar option
++Set SSL (Secure Socket Layer) parameters. The default is to negotiate
++via ftp protocoll if SSL is availlable at server side and then to
++switch it on. In this mode you can connect to both conventional and
++SSL enhanced ftpd's.
++.Pp
++The SSL parameters are:
++.Bl -tag -width Fl
++.It Ic Ar debug
++Send SSL related debugging information to stderr.
++.It Ic Ar authdebug
++Enable authentication debugging.
++.It Ic Ar ssl
++Negotiate SSL at first, then use ftp protocol. ftp protocol
++negotiation goes encrypted. (Not yet implemented)
++.It Ic Ar nossl, Ar !ssl
++switch of SSL negotiation
++.It Ic Ar certrequired
++client certificate is mandatory
++.It Ic Ar secure
++Don't switch back to unencrypted mode (no SSL) if SSL is not available.
++.It Ic Ar verbose
++Be verbose about certificates etc.
++.It Ic Ar verify=int
++.\" TODO
++Set the SSL verify flags (SSL_VERIFY_* in
++.Ar ssl/ssl.h
++).
++.\" TODO
++.It Ic Ar cert=cert_file
++.\" TODO
++Use the certificate(s) in
++.Ar cert_file .
++.It Ic Ar key=key_file
++.\" TODO
++Use the key(s) in
++.Ar key_file .
++.It Ic Ar cipher=ciph_list
++.\" TODO
++Set the preferred ciphers to
++.Ar ciph_list .
++.\" TODO: possible values; comma-separated list?
++(See
++.Ar ssl/ssl.h
++).
++.El
+ .El
+ .Pp
+ The client host with which
+diff -u -r -N netkit-ftp-0.17/ftp/ftp.c netkit-ftp-0.17+ssl-0.2/ftp/ftp.c
+--- netkit-ftp-0.17/ftp/ftp.c Mon Dec 13 21:33:20 1999
++++ netkit-ftp-0.17+ssl-0.2/ftp/ftp.c Tue Sep 26 00:25:48 2000
+@@ -1,3 +1,15 @@
++/*
++ * The modifications to support SSLeay were done by Tim Hudson
++ * tjh@cryptsoft.com
++ *
++ * You can do whatever you like with these patches except pretend that
++ * you wrote them.
++ *
++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to
++ * join the mailing list that discusses SSLeay and also these patches.
++ *
++ */
++
+ /*
+ * Copyright (c) 1985, 1989 Regents of the University of California.
+ * All rights reserved.
+@@ -77,6 +89,17 @@
+ static sigjmp_buf ptabort;
+ static int ptabflg = 0;
+ static int abrtflag = 0;
++#ifdef USE_SSL
++static int pdata = -1;
++static int
++auth_user(char *u,char *p);
++static int
++ssl_getc(SSL *ssl_con);
++static int
++ssl_putc_flush(SSL *ssl_con);
++static int
++ssl_putc(SSL *ssl_con, int oneint);
++#endif
+
+ void lostpeer(int);
+ extern int connected;
+@@ -243,14 +266,7 @@
+ else
+ luser = tmp;
+ }
+- n = command("USER %s", luser);
+- if (n == CONTINUE) {
+- if (pass == NULL) {
+- /* fflush(stdout); */
+- pass = getpass("Password:");
+- }
+- n = command("PASS %s", pass);
+- }
++ n = auth_user(luser,pass);
+ if (n == CONTINUE) {
+ aflag++;
+ /* fflush(stdout); */
+@@ -296,6 +312,9 @@
+ va_list ap;
+ int r;
+ void (*oldintr)(int);
++#ifdef USE_SSL
++ char outputbuf[2048]; /* allow for a 2k command string */
++#endif /* USE_SSL */
+
+ abrtflag = 0;
+ if (debug) {
+@@ -316,10 +335,27 @@
+ }
+ oldintr = signal(SIGINT, cmdabort);
+ va_start(ap, fmt);
++#ifdef USE_SSL
++ /* assemble the output into a buffer */
++ vsprintf(outputbuf,fmt,ap);
++ strcat(outputbuf,"\r\n");
++ if (ssl_active_flag) {
++ SSL_write(ssl_con,outputbuf,strlen(outputbuf));
++ } else {
++ fprintf(cout,"%s",outputbuf);
++ fflush(cout);
++ }
++#else /* !USE_SSL */
+ vfprintf(cout, fmt, ap);
++#endif /* USE_SSL */
+ va_end(ap);
++
++#ifndef USE_SSL
++ /* we don't need this as we concatenated it above */
+ fprintf(cout, "\r\n");
+ (void) fflush(cout);
++#endif /* !USE_SSL */
++
+ cpend = 1;
+ r = getreply(!strcmp(fmt, "QUIT"));
+ if (abrtflag && oldintr != SIG_IGN)
+@@ -343,25 +379,39 @@
+ int pflag = 0;
+ size_t px = 0;
+ size_t psize = sizeof(pasv);
++ char buf[16];
+
+ oldintr = signal(SIGINT, cmdabort);
+ for (;;) {
+ dig = n = code = 0;
+ cp = reply_string;
+- while ((c = getc(cin)) != '\n') {
++ while ((c = GETC(cin)) != '\n') {
+ if (c == IAC) { /* handle telnet commands */
+- switch (c = getc(cin)) {
++ switch (c = GETC(cin)) {
+ case WILL:
+ case WONT:
+- c = getc(cin);
+- fprintf(cout, "%c%c%c", IAC, DONT, c);
+- (void) fflush(cout);
++ c = GETC(cin);
++ sprintf(buf,
++ "%c%c%c", IAC, DONT, c);
++#ifdef USE_SSL
++ if (ssl_active_flag)
++ SSL_write(ssl_con,buf,3);
++ else
++#endif /* !USE_SSL */
++ fwrite(buf,3,1,cout);
++ (void) FFLUSH(cout);
+ break;
+ case DO:
+ case DONT:
+- c = getc(cin);
+- fprintf(cout, "%c%c%c", IAC, WONT, c);
+- (void) fflush(cout);
++ c = GETC(cin);
++ sprintf(buf, "%c%c%c", IAC, WONT, c);
++#ifdef USE_SSL
++ if (ssl_active_flag)
++ SSL_write(ssl_con,buf,3);
++ else
++#endif /* !USE_SSL */
++ fwrite(buf,3,1,cout);
++ (void) FFLUSH(cout);
+ break;
+ default:
+ break;
+@@ -600,9 +650,18 @@
+ errno = d = 0;
+ while ((c = read(fileno(fin), buf, sizeof (buf))) > 0) {
+ bytes += c;
++#ifdef USE_SSL
++ if (ssl_data_active_flag) {
++ for (bufp = buf; c > 0; c -= d, bufp += d)
++ if ((d = SSL_write(ssl_data_con, bufp, c)) <= 0)
++ break;
++ } else
++#endif /* !USE_SSL */
++ {
+ for (bufp = buf; c > 0; c -= d, bufp += d)
+ if ((d = write(fileno(dout), bufp, c)) <= 0)
+ break;
++ }
+ if (hash) {
+ while (bytes >= hashbytes) {
+ (void) putchar('#');
+@@ -654,16 +713,17 @@
+ }
+ if (ferror(dout))
+ break;
+- (void) putc('\r', dout);
++ (void) DATAPUTC('\r', dout);
+ bytes++;
+ }
+- (void) putc(c, dout);
++ (void) DATAPUTC(c, dout);
+ bytes++;
+ /* if (c == '\r') { */
+ /* (void) putc('\0', dout); (* this violates rfc */
+ /* bytes++; */
+ /* } */
+ }
++ DATAFLUSH(dout);
+ if (hash) {
+ if (bytes < hashbytes)
+ (void) putchar('#');
+@@ -688,6 +748,15 @@
+ if (closefunc != NULL)
+ (*closefunc)(fin);
+ (void) fclose(dout);
++
++#ifdef USE_SSL
++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
++ SSL_free(ssl_data_con);
++ ssl_data_active_flag=0;
++ ssl_data_con=NULL;
++ }
++#endif /* USE_SSL */
++
+ /* closes data as well, so discard it */
+ data = -1;
+ (void) getreply(0);
+@@ -714,6 +783,15 @@
+ (void) close(data);
+ data = -1;
+ }
++
++#ifdef USE_SSL
++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
++ SSL_free(ssl_data_con);
++ ssl_data_active_flag=0;
++ ssl_data_con=NULL;
++ }
++#endif /* USE_SSL */
++
+ (void) getreply(0);
+ code = -1;
+ if (closefunc != NULL && fin != NULL)
+@@ -908,6 +986,33 @@
+ return;
+ }
+ errno = d = 0;
++#ifdef USE_SSL
++ if (ssl_data_active_flag) {
++ while ((c = SSL_read(ssl_data_con, buf, bufsize)) > 0) {
++ if ((d = write(fileno(fout), buf, c)) != c)
++ break;
++ bytes += c;
++ if (hash) {
++ while (bytes >= hashbytes) {
++ (void) putchar('#');
++ hashbytes += HASHBYTES;
++ }
++ (void) fflush(stdout);
++ }
++ }
++ if ( c < -1 ) {
++ static char errbuf[1024];
++
++ sprintf(errbuf,"ftp: SSL_read DATA error %s\n",
++ ERR_error_string(ERR_get_error(),NULL));
++
++ /* tell the user ... who else */
++ fprintf(stderr,"%s", errbuf);
++ fflush(stderr);
++ }
++ } else
++#endif /* !USE_SSL */
++ {
+ while ((c = read(fileno(din), buf, bufsize)) > 0) {
+ if ((d = write(fileno(fout), buf, c)) != c)
+ break;
+@@ -927,6 +1032,7 @@
+ hashbytes += TICKBYTES;
+ }
+ }
++ }
+ if (hash && bytes > 0) {
+ if (bytes < HASHBYTES)
+ (void) putchar('#');
+@@ -973,7 +1079,7 @@
+ return;
+ }
+ }
+- while ((c = getc(din)) != EOF) {
++ while ((c = DATAGETC(din)) != EOF) {
+ if (c == '\n')
+ bare_lfs++;
+ while (c == '\r') {
+@@ -991,7 +1097,7 @@
+ hashbytes += TICKBYTES;
+ }
+ bytes++;
+- if ((c = getc(din)) != '\n' || tcrflag) {
++ if ((c = DATAGETC(din)) != '\n' || tcrflag) {
+ if (ferror(fout))
+ goto break2;
+ (void) putc('\r', fout);
+@@ -1039,6 +1145,15 @@
+ (void) signal(SIGPIPE, oldintp);
+ (void) gettimeofday(&stop, (struct timezone *)0);
+ (void) fclose(din);
++
++#ifdef USE_SSL
++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
++ SSL_free(ssl_data_con);
++ ssl_data_active_flag=0;
++ ssl_data_con=NULL;
++ }
++#endif /* USE_SSL */
++
+ /* closes data as well, so discard it */
+ data = -1;
+ (void) getreply(0);
+@@ -1071,6 +1186,15 @@
+ (void) close(data);
+ data = -1;
+ }
++
++#ifdef USE_SSL
++ if (ssl_data_active_flag && (ssl_data_con!=NULL)) {
++ SSL_free(ssl_data_con);
++ ssl_data_active_flag=0;
++ ssl_data_con=NULL;
++ }
++#endif /* USE_SSL */
++
+ if (bytes > 0)
+ ptransfer("received", bytes, &start, &stop);
+ (void) signal(SIGINT, oldintr);
+@@ -1207,6 +1331,7 @@
+ struct sockaddr_in from;
+ int s, tos;
+ socklen_t fromlen = sizeof(from);
++ int ret;
+
+ if (passivemode)
+ return (fdopen(data, lmode));
+@@ -1224,6 +1349,67 @@
+ if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
+ perror("ftp: setsockopt TOS (ignored)");
+ #endif
++
++#ifdef USE_SSL
++ ssl_data_active_flag=0;
++ if (ssl_active_flag && ssl_encrypt_data) {
++ /* do SSL */
++ if (ssl_data_con!=NULL) {
++ SSL_free(ssl_data_con);
++ ssl_data_con=NULL;
++ }
++ ssl_data_con=(SSL *)SSL_new(ssl_ctx);
++
++ SSL_set_fd(ssl_data_con,data);
++ set_ssl_trace(ssl_data_con);
++
++ SSL_set_verify(ssl_data_con,ssl_verify_flag,NULL);
++
++ /* this is the "magic" call that makes
++ * this quick assuming Eric has this going
++ * okay! ;-)
++ */
++ SSL_copy_session_id(ssl_data_con,ssl_con);
++
++ /* we are doing I/O and not using select so
++ * it is "safe" to read ahead
++ */
++ /* SSL_set_read_ahead(ssl_data_con,1); */
++
++ if (debug) {
++ fprintf(stderr,"===>START SSL connect on DATA\n");
++ fflush(stderr);
++ }
++
++ if ((ret=SSL_connect(ssl_data_con))<=0) {
++ static char errbuf[1024];
++
++ sprintf(errbuf,"ftp: SSL_connect DATA error %d - %s\n",
++ ret,ERR_error_string(ERR_get_error(),NULL));
++
++ /* tell the user ... who else */
++ fprintf(stderr,"%s", errbuf);
++ fflush(stderr);
++
++ /* abort time methinks ... */
++ close(data);
++ return NULL;
++ } else {
++ if (ssl_debug_flag) {
++ BIO_printf(bio_err,"[SSL DATA Cipher %s]\n",
++ SSL_get_cipher(ssl_con));
++ }
++ ssl_data_active_flag=1;
++ }
++
++ if (debug) {
++ fprintf(stderr,"===>DONE SSL connect on DATA %d\n",data);
++ fflush(stderr);
++ }
++
++ }
++#endif /* USE_SSL */
++
+ return (fdopen(data, lmode));
+ }
+
+@@ -1609,3 +1795,142 @@
+ }
+ (void) getreply(0);
+ }
++
++static int
++auth_user(char *u,char *p)
++{
++ int n;
++
++#ifdef USE_SSL
++ if (ssl_enabled) {
++ n = command("AUTH SSL");
++ if (n == ERROR) { /* do normal USER/PASS */
++ printf("SSL not available\n");
++ /* spit the dummy as we will only talk ssl
++ * when running in "secure" mode
++ */
++ if (ssl_secure_flag)
++ return ERROR;
++ } else if (n == CONTINUE ) {
++ /* do SSL */
++ ssl_con=(SSL *)SSL_new(ssl_ctx);
++
++ SSL_set_fd(ssl_con,fileno(cout));
++ set_ssl_trace(ssl_con);
++
++ SSL_set_verify(ssl_con,ssl_verify_flag,NULL);
++
++ /* Add in any certificates if you want to here ... */
++ if (my_ssl_cert_file) {
++ if (!SSL_use_certificate_file(ssl_con, my_ssl_cert_file,
++ X509_FILETYPE_PEM)) {
++ fprintf(stderr,"%s: ",my_ssl_cert_file);
++ ERR_print_errors_fp(stderr);
++ exit(1);
++ } else {
++ if (!my_ssl_key_file)
++ my_ssl_key_file = my_ssl_cert_file;
++ if (!SSL_use_RSAPrivateKey_file(ssl_con, my_ssl_key_file,
++ X509_FILETYPE_PEM)) {
++ fprintf(stderr,"%s: ", my_ssl_key_file);
++ ERR_print_errors_fp(stderr);
++ exit(1);
++ }
++ }
++ }
++
++ if (SSL_connect(ssl_con)<=0) {
++ static char errbuf[1024];
++
++ sprintf(errbuf,"ftp: SSL_connect error %s\n",
++ ERR_error_string(ERR_get_error(),NULL));
++ perror(errbuf);
++ /* abort time methinks ... */
++ exit(1);
++ } else {
++ fprintf(stderr,"[SSL Cipher %s]\n",SSL_get_cipher(ssl_con));
++ fflush(stderr);
++ ssl_active_flag=1;
++ }
++
++ n = command("USER %s",u);
++ if (n == CONTINUE) {
++ if(p == NULL)
++ p = getpass("Password:");
++ n = command("PASS %s",p);
++ }
++ return (n);
++ }
++ }
++#endif /* USE_SSL */
++ n = command("USER %s",u);
++ if (n == CONTINUE) {
++ if(p == NULL)
++ p = getpass("Password:");
++ n = command("PASS %s",p);
++ }
++ return(n);
++}
++
++#ifdef USE_SSL
++
++/* we really shouldn't have code like this! --tjh */
++static int
++ssl_getc(SSL *ssl_con)
++{
++ char onebyte;
++ int ret;
++
++ if ((ret=SSL_read(ssl_con,&onebyte,1))!=1) {
++ /* we want to know this stuff! */
++ if (ssl_debug_flag || (ret!=0)) {
++ fprintf(stderr,"ssl_getc: SSL_read failed %d = %d\n",ret,errno);
++ fflush(stderr);
++ }
++ return -1;
++ } else {
++ if (ssl_debug_flag) {
++ BIO_printf(bio_err,"ssl_getc: SSL_read %d (%c) ",onebyte & 0xff,isprint(onebyte)?onebyte:'.');
++ }
++ return onebyte & 0xff;
++ }
++}
++
++
++/* got back to this an implemented some rather "simple" buffering */
++static char putc_buf[BUFSIZ];
++static int putc_buf_pos=0;
++
++static int
++ssl_putc_flush(SSL *ssl_con)
++{
++ if (putc_buf_pos>0) {
++ if (SSL_write(ssl_con,putc_buf,putc_buf_pos)!=putc_buf_pos) {
++ if (ssl_debug_flag) {
++ BIO_printf(bio_err,"ssl_putc_flush: WRITE FAILED\n");
++ }
++ putc_buf_pos=0;
++ return -1;
++ }
++ }
++ putc_buf_pos=0;
++ return 0;
++}
++
++int
++ssl_putc(SSL *ssl_con,int oneint)
++{
++ char onebyte;
++
++ onebyte = oneint & 0xff;
++
++ /* make sure there is space */
++ if (putc_buf_pos>=BUFSIZ)
++ if (ssl_putc_flush(ssl_con)!=0)
++ return EOF;
++ putc_buf[putc_buf_pos++]=onebyte;
++
++ return onebyte;
++}
++
++#endif /* USE_SSL */
+diff -u -r -N netkit-ftp-0.17/ftp/ftp_var.h netkit-ftp-0.17+ssl-0.2/ftp/ftp_var.h
+--- netkit-ftp-0.17/ftp/ftp_var.h Sat Oct 2 20:39:17 1999
++++ netkit-ftp-0.17+ssl-0.2/ftp/ftp_var.h Sun Sep 24 15:48:48 2000
+@@ -158,3 +158,6 @@
+ void setpeer(int argc, char *argv[]);
+ void quit(void);
+ void changetype(int newtype, int show);
++
++#include "sslapp.h"
++#include "ssl_port.h"
+diff -u -r -N netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17+ssl-0.2/ftp/main.c
+--- netkit-ftp-0.17/ftp/main.c Sat Oct 2 15:25:23 1999
++++ netkit-ftp-0.17+ssl-0.2/ftp/main.c Thu May 3 20:42:41 2001
+@@ -1,3 +1,15 @@
++/*
++ * The modifications to support SSLeay were done by Tim Hudson
++ * tjh@cryptsoft.com
++ *
++ * You can do whatever you like with these patches except pretend that
++ * you wrote them.
++ *
++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to
++ * join the mailing list that discusses SSLeay and also these patches.
++ *
++ */
++
+ /*
+ * Copyright (c) 1985, 1989 Regents of the University of California.
+ * All rights reserved.
+@@ -82,6 +94,75 @@
+ static void cmdscanner(int top);
+ static char *slurpstring(void);
+
++#ifdef USE_SSL
++
++/* icky way of doing things ... */
++#include "sslapp.c"
++
++/*
++#include "ssl_err.h"
++*/
++
++SSL *ssl_con;
++SSL *ssl_data_con;
++int ssl_data_active_flag=0;
++
++/* for the moment this is a compile time option only --tjh */
++int ssl_encrypt_data=1;
++int ssl_enabled=1;
++
++char *my_ssl_key_file=NULL;
++char *my_ssl_cert_file=NULL;
++
++BIO *bio_err=NULL;
++
++static long
++bio_dump_cb(BIO *bio,
++ int cmd,
++ char *argp,
++ int argi,
++ long argl,
++ long ret)
++ {
++ BIO *out;
++
++/*
++ out=(BIO *)BIO_get_callback_arg(bio);
++*/
++ out=bio_err;
++ if (out == NULL) return(ret);
++
++ if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
++ {
++ BIO_printf(out,"read from %08X (%d bytes => %ld (%X))\n",
++ bio,argi,ret,ret);
++ BIO_dump(out,argp,(int)ret);
++ BIO_flush(out);
++ }
++ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
++ {
++ BIO_printf(out,"write to %08X (%d bytes => %ld (%X))\n",
++ bio,argi,ret,ret);
++ BIO_dump(out,argp,(int)ret);
++ BIO_flush(out);
++ }
++ return( (cmd & BIO_CB_RETURN) ? ret : 1);
++ }
++
++int
++set_ssl_trace(SSL *con)
++{
++ if (con!=NULL) {
++ if (ssl_debug_flag) {
++ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
++ BIO_set_callback_arg(SSL_get_rbio(con),bio_err);
++ }
++ }
++ return 0;
++}
++
++#endif /* USE_SSL */
++
+ static
+ void
+ usage(void)
+@@ -106,6 +187,7 @@
+ int top;
+ struct passwd *pw = NULL;
+ char homedir[MAXPATHLEN];
++ char *optarg;
+
+ tick = 0;
+
+@@ -134,6 +216,7 @@
+
+ argc--, argv++;
+ while (argc > 0 && **argv == '-') {
++ optarg=*(argv+1);
+ for (cp = *argv + 1; *cp; cp++)
+ switch (*cp) {
+
+@@ -174,6 +257,44 @@
+ usage();
+ exit(0);
+
++#ifdef USE_SSL
++ case 'z':
++ if (strcmp(optarg, "debug") == 0 ) {
++ ssl_debug_flag=1;
++ }
++ if (strcmp(optarg, "ssl") == 0 ) {
++ ssl_only_flag=1;
++ }
++ /* disable *all* ssl stuff */
++ if ( (strcmp(optarg, "!ssl") == 0 ) ||
++ (strcmp(optarg, "nossl") == 0 ) ) {
++ ssl_enabled=0;
++ }
++ if (strcmp(optarg, "secure") == 0 ) {
++ ssl_secure_flag=1;
++ }
++ if (strcmp(optarg, "certsok") == 0 ) {
++ ssl_certsok_flag=1;
++ }
++ if (strcmp(optarg, "verbose") == 0 ) {
++ ssl_verbose_flag=1;
++ }
++ if (strncmp(optarg, "verify=", strlen("verify=")) == 0 ) {
++ ssl_verify_flag=atoi(optarg+strlen("verify="));
++ }
++ if (strncmp(optarg, "cert=", strlen("cert=")) == 0 ) {
++ my_ssl_cert_file=optarg+strlen("cert=");
++ }
++ if (strncmp(optarg, "key=", strlen("key=")) == 0 ) {
++ my_ssl_key_file=optarg+strlen("key=");
++ }
++
++ /* we have swallowed an extra arg */
++ argc--;
++ argv++;
++ break;
++#endif /* USE_SSL */
++
+ default:
+ fprintf(stdout,
+ "ftp: %c: unknown option\n", *cp);
+@@ -202,6 +323,18 @@
+ homedir[sizeof(homedir)-1] = 0;
+ home = homedir;
+ }
++
++#ifdef USE_SSL
++ if (ssl_enabled) {
++ if (!do_ssleay_init(0)) {
++ fprintf(stderr,"ftp: SSLeay initialisation failed\n");
++ fflush(stderr);
++ ERR_print_errors_fp(stderr);
++ exit(1);
++ }
++ }
++#endif /* USE_SSL */
++
+ if (argc > 0) {
+ if (sigsetjmp(toplevel, 1))
+ exit(0);
+diff -u -r -N netkit-ftp-0.17/ftp/main.c.~1~ netkit-ftp-0.17+ssl-0.2/ftp/main.c.~1~
+--- netkit-ftp-0.17/ftp/main.c.~1~ Thu Jan 1 01:00:00 1970
++++ netkit-ftp-0.17+ssl-0.2/ftp/main.c.~1~ Sun Sep 24 16:30:36 2000
+@@ -0,0 +1,735 @@
++/*
++ * The modifications to support SSLeay were done by Tim Hudson
++ * tjh@cryptsoft.com
++ *
++ * You can do whatever you like with these patches except pretend that
++ * you wrote them.
++ *
++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to
++ * join the mailing list that discusses SSLeay and also these patches.
++ *
++ */
++
++/*
++ * Copyright (c) 1985, 1989 Regents of the University of California.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ * must display the following acknowledgement:
++ * This product includes software developed by the University of
++ * California, Berkeley and its contributors.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++char copyright[] =
++ "@(#) Copyright (c) 1985, 1989 Regents of the University of California.\n"
++ "All rights reserved.\n";
++
++/*
++ * from: @(#)main.c 5.18 (Berkeley) 3/1/91
++ */
++char main_rcsid[] =
++ "$Id: netkit-ftp-0.17+ssl-0.2.diff,v 1.1 2002/11/23 07:31:44 raker Exp $";
++
++
++/*
++ * FTP User Program -- Command Interface.
++ */
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <sys/ioctl.h>
++
++/* #include <arpa/ftp.h> <--- unused? */
++
++#include <signal.h>
++#include <unistd.h>
++#include <string.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <errno.h>
++#include <ctype.h>
++#include <netdb.h>
++#include <pwd.h>
++#ifdef __USE_READLINE__
++#include <readline/readline.h>
++#include <readline/history.h>
++#endif
++
++#define Extern
++#include "ftp_var.h"
++int traceflag = 0;
++const char *home = "/";
++
++extern FILE *cout;
++extern int data;
++extern struct cmd cmdtab[];
++extern int NCMDS;
++
++void intr(int);
++void lostpeer(int);
++void help(int argc, char *argv[]);
++
++static void cmdscanner(int top);
++static char *slurpstring(void);
++
++#ifdef USE_SSL
++
++/* icky way of doing things ... */
++#include "sslapp.c"
++
++/*
++#include "ssl_err.h"
++*/
++
++SSL *ssl_con;
++SSL *ssl_data_con;
++int ssl_data_active_flag=0;
++
++/* for the moment this is a compile time option only --tjh */
++int ssl_encrypt_data=1;
++int ssl_enabled=1;
++
++char *my_ssl_key_file=NULL;
++char *my_ssl_cert_file=NULL;
++
++BIO *bio_err=NULL;
++
++static long
++bio_dump_cb(BIO *bio,
++ int cmd,
++ char *argp,
++ int argi,
++ long argl,
++ long ret)
++ {
++ BIO *out;
++
++/*
++ out=(BIO *)BIO_get_callback_arg(bio);
++*/
++ out=bio_err;
++ if (out == NULL) return(ret);
++
++ if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
++ {
++ BIO_printf(out,"read from %08X (%d bytes => %ld (%X))\n",
++ bio,argi,ret,ret);
++ BIO_dump(out,argp,(int)ret);
++ BIO_flush(out);
++ }
++ else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
++ {
++ BIO_printf(out,"write to %08X (%d bytes => %ld (%X))\n",
++ bio,argi,ret,ret);
++ BIO_dump(out,argp,(int)ret);
++ BIO_flush(out);
++ }
++ return( (cmd & BIO_CB_RETURN) ? ret : 1);
++ }
++
++int
++set_ssl_trace(SSL *con)
++{
++ if (con!=NULL) {
++ if (ssl_debug_flag) {
++ BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
++ BIO_set_callback_arg(SSL_get_rbio(con),bio_err);
++ }
++ }
++ return 0;
++}
++
++#endif /* USE_SSL */
++
++static
++void
++usage(void)
++{
++ printf("\n\tUsage: { ftp | pftp } [-pinegvtd] [hostname]\n");
++ printf("\t -p: enable passive mode (default for pftp)\n");
++ printf("\t -i: turn off prompting during mget\n");
++ printf("\t -n: inhibit auto-login\n");
++ printf("\t -e: disable readline support, if present\n");
++ printf("\t -g: disable filename globbing\n");
++ printf("\t -v: verbose mode\n");
++ printf("\t -t: enable packet tracing [nonfunctional]\n");
++ printf("\t -d: enable debugging\n");
++ printf("\n");
++}
++
++int
++main(volatile int argc, char **volatile argv)
++{
++ register char *cp;
++ struct servent *sp;
++ int top;
++ struct passwd *pw = NULL;
++ char homedir[MAXPATHLEN];
++
++ tick = 0;
++
++ sp = getservbyname("ftp", "tcp");
++ if (sp == 0) {
++ fprintf(stderr, "ftp: ftp/tcp: unknown service\n");
++ exit(1);
++ }
++ ftp_port = sp->s_port;
++ doglob = 1;
++ interactive = 1;
++ autologin = 1;
++ passivemode = 0;
++
++ cp = strrchr(argv[0], '/');
++ cp = (cp == NULL) ? argv[0] : cp+1;
++ if (strcmp(cp, "pftp") == 0)
++ passivemode = 1;
++
++#ifdef __USE_READLINE__
++ /*
++ * Set terminal type so libreadline can parse .inputrc correctly
++ */
++ rl_terminal_name = getenv("TERM");
++#endif
++
++ argc--, argv++;
++ while (argc > 0 && **argv == '-') {
++ for (cp = *argv + 1; *cp; cp++)
++ switch (*cp) {
++
++ case 'd':
++ options |= SO_DEBUG;
++ debug++;
++ break;
++
++ case 'v':
++ verbose++;
++ break;
++
++ case 't':
++ traceflag++;
++ break;
++
++ case 'i':
++ interactive = 0;
++ break;
++
++ case 'n':
++ autologin = 0;
++ break;
++
++ case 'p':
++ passivemode = 1;
++ break;
++
++ case 'g':
++ doglob = 0;
++ break;
++
++ case 'e':
++ rl_inhibit = 1;
++ break;
++
++ case 'h':
++ usage();
++ exit(0);
++
++#ifdef USE_SSL
++ case 'z':
++ if (strcmp(optarg, "debug") == 0 ) {
++ ssl_debug_flag=1;
++ }
++ if (strcmp(optarg, "ssl") == 0 ) {
++ ssl_only_flag=1;
++ }
++ /* disable *all* ssl stuff */
++ if ( (strcmp(optarg, "!ssl") == 0 ) ||
++ (strcmp(optarg, "nossl") == 0 ) ) {
++ ssl_enabled=0;
++ }
++ if (strcmp(optarg, "secure") == 0 ) {
++ ssl_secure_flag=1;
++ }
++ if (strcmp(optarg, "certsok") == 0 ) {
++ ssl_certsok_flag=1;
++ }
++ if (strcmp(optarg, "verbose") == 0 ) {
++ ssl_verbose_flag=1;
++ }
++ if (strncmp(optarg, "verify=", strlen("verify=")) == 0 ) {
++ ssl_verify_flag=atoi(optarg+strlen("verify="));
++ }
++ if (strncmp(optarg, "cert=", strlen("cert=")) == 0 ) {
++ my_ssl_cert_file=optarg+strlen("cert=");
++ }
++ if (strncmp(optarg, "key=", strlen("key=")) == 0 ) {
++ my_ssl_key_file=optarg+strlen("key=");
++ }
++
++ /* we have swallowed an extra arg */
++ argc--;
++ argv++;
++ break;
++#endif /* USE_SSL */
++
++ default:
++ fprintf(stdout,
++ "ftp: %c: unknown option\n", *cp);
++ exit(1);
++ }
++ argc--, argv++;
++ }
++ fromatty = isatty(fileno(stdin));
++ if (fromatty)
++ verbose++;
++ cpend = 0; /* no pending replies */
++ proxy = 0; /* proxy not active */
++ crflag = 1; /* strip c.r. on ascii gets */
++ sendport = -1; /* not using ports */
++ /*
++ * Set up the home directory in case we're globbing.
++ */
++ cp = getlogin();
++ if (cp != NULL) {
++ pw = getpwnam(cp);
++ }
++ if (pw == NULL)
++ pw = getpwuid(getuid());
++ if (pw != NULL) {
++ strncpy(homedir, pw->pw_dir, sizeof(homedir));
++ homedir[sizeof(homedir)-1] = 0;
++ home = homedir;
++ }
++
++#ifdef USE_SSL
++ if (ssl_enabled) {
++ if (!do_ssleay_init(0)) {
++ fprintf(stderr,"ftp: SSLeay initialisation failed\n");
++ fflush(stderr);
++ ERR_print_errors_fp(stderr);
++ exit(1);
++ }
++ }
++#endif /* USE_SSL */
++
++ if (argc > 0) {
++ if (sigsetjmp(toplevel, 1))
++ exit(0);
++ (void) signal(SIGINT, intr);
++ (void) signal(SIGPIPE, lostpeer);
++ setpeer(argc + 1, argv - 1);
++ }
++ top = sigsetjmp(toplevel, 1) == 0;
++ if (top) {
++ (void) signal(SIGINT, intr);
++ (void) signal(SIGPIPE, lostpeer);
++ }
++ for (;;) {
++ cmdscanner(top);
++ top = 1;
++ }
++}
++
++void
++intr(int ignore)
++{
++ (void)ignore;
++ siglongjmp(toplevel, 1);
++}
++
++void
++lostpeer(int ignore)
++{
++ (void)ignore;
++
++ if (connected) {
++ if (cout != NULL) {
++ shutdown(fileno(cout), 1+1);
++ fclose(cout);
++ cout = NULL;
++ }
++ if (data >= 0) {
++ shutdown(data, 1+1);
++ close(data);
++ data = -1;
++ }
++ connected = 0;
++ }
++ pswitch(1);
++ if (connected) {
++ if (cout != NULL) {
++ shutdown(fileno(cout), 1+1);
++ fclose(cout);
++ cout = NULL;
++ }
++ connected = 0;
++ }
++ proxflag = 0;
++ pswitch(0);
++}
++
++/*char *
++tail(filename)
++ char *filename;
++{
++ register char *s;
++
++ while (*filename) {
++ s = rindex(filename, '/');
++ if (s == NULL)
++ break;
++ if (s[1])
++ return (s + 1);
++ *s = '\0';
++ }
++ return (filename);
++}
++*/
++
++static char *get_input_line(char *buf, int buflen)
++{
++#ifdef __USE_READLINE__
++ if (fromatty && !rl_inhibit) {
++ char *lineread = readline("ftp> ");
++ if (!lineread) return NULL;
++ strncpy(buf, lineread, buflen);
++ buf[buflen-1] = 0;
++ if (lineread[0]) add_history(lineread);
++ free(lineread);
++ return buf;
++ }
++#endif
++ if (fromatty) {
++ printf("ftp> ");
++ fflush(stdout);
++ }
++ return fgets(buf, buflen, stdin);
++}
++
++
++/*
++ * Command parser.
++ */
++static void
++cmdscanner(int top)
++{
++ int margc;
++ char *marg;
++ char **margv;
++ register struct cmd *c;
++ register int l;
++
++ if (!top)
++ (void) putchar('\n');
++ for (;;) {
++ if (!get_input_line(line, sizeof(line))) {
++ quit();
++ }
++ l = strlen(line);
++ if (l == 0)
++ break;
++ if (line[--l] == '\n') {
++ if (l == 0)
++ break;
++ line[l] = '\0';
++ }
++ else if (l == sizeof(line) - 2) {
++ printf("sorry, input line too long\n");
++ while ((l = getchar()) != '\n' && l != EOF)
++ /* void */;
++ break;
++ } /* else it was a line without a newline */
++ margv = makeargv(&margc, &marg);
++ if (margc == 0) {
++ continue;
++ }
++ c = getcmd(margv[0]);
++ if (c == (struct cmd *)-1) {
++ printf("?Ambiguous command\n");
++ continue;
++ }
++ if (c == NULL) {
++ printf("?Invalid command\n");
++ continue;
++ }
++ if (c->c_conn && !connected) {
++ printf("Not connected.\n");
++ continue;
++ }
++ if (c->c_handler_v) c->c_handler_v(margc, margv);
++ else if (c->c_handler_0) c->c_handler_0();
++ else c->c_handler_1(marg);
++
++ if (bell && c->c_bell) putchar('\007');
++ if (c->c_handler_v != help)
++ break;
++ }
++ (void) signal(SIGINT, intr);
++ (void) signal(SIGPIPE, lostpeer);
++}
++
++struct cmd *
++getcmd(const char *name)
++{
++ const char *p, *q;
++ struct cmd *c, *found;
++ int nmatches, longest;
++
++ longest = 0;
++ nmatches = 0;
++ found = 0;
++ for (c = cmdtab; (p = c->c_name) != NULL; c++) {
++ for (q = name; *q == *p++; q++)
++ if (*q == 0) /* exact match? */
++ return (c);
++ if (!*q) { /* the name was a prefix */
++ if (q - name > longest) {
++ longest = q - name;
++ nmatches = 1;
++ found = c;
++ } else if (q - name == longest)
++ nmatches++;
++ }
++ }
++ if (nmatches > 1)
++ return ((struct cmd *)-1);
++ return (found);
++}
++
++/*
++ * Slice a string up into argc/argv.
++ */
++
++int slrflag;
++
++char **
++makeargv(int *pargc, char **parg)
++{
++ static char *rargv[20];
++ int rargc = 0;
++ char **argp;
++
++ argp = rargv;
++ stringbase = line; /* scan from first of buffer */
++ argbase = argbuf; /* store from first of buffer */
++ slrflag = 0;
++ while ((*argp++ = slurpstring())!=NULL)
++ rargc++;
++
++ *pargc = rargc;
++ if (parg) *parg = altarg;
++ return rargv;
++}
++
++/*
++ * Parse string into argbuf;
++ * implemented with FSM to
++ * handle quoting and strings
++ */
++static
++char *
++slurpstring(void)
++{
++ static char excl[] = "!", dols[] = "$";
++
++ int got_one = 0;
++ register char *sb = stringbase;
++ register char *ap = argbase;
++ char *tmp = argbase; /* will return this if token found */
++
++ if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */
++ switch (slrflag) { /* and $ as token for macro invoke */
++ case 0:
++ slrflag++;
++ stringbase++;
++ return ((*sb == '!') ? excl : dols);
++ /* NOTREACHED */
++ case 1:
++ slrflag++;
++ altarg = stringbase;
++ break;
++ default:
++ break;
++ }
++ }
++
++S0:
++ switch (*sb) {
++
++ case '\0':
++ goto OUT;
++
++ case ' ':
++ case '\t':
++ sb++; goto S0;
++
++ default:
++ switch (slrflag) {
++ case 0:
++ slrflag++;
++ break;
++ case 1:
++ slrflag++;
++ altarg = sb;
++ break;
++ default:
++ break;
++ }
++ goto S1;
++ }
++
++S1:
++ switch (*sb) {
++
++ case ' ':
++ case '\t':
++ case '\0':
++ goto OUT; /* end of token */
++
++ case '\\':
++ sb++; goto S2; /* slurp next character */
++
++ case '"':
++ sb++; goto S3; /* slurp quoted string */
++
++ default:
++ *ap++ = *sb++; /* add character to token */
++ got_one = 1;
++ goto S1;
++ }
++
++S2:
++ switch (*sb) {
++
++ case '\0':
++ goto OUT;
++
++ default:
++ *ap++ = *sb++;
++ got_one = 1;
++ goto S1;
++ }
++
++S3:
++ switch (*sb) {
++
++ case '\0':
++ goto OUT;
++
++ case '"':
++ sb++; goto S1;
++
++ default:
++ *ap++ = *sb++;
++ got_one = 1;
++ goto S3;
++ }
++
++OUT:
++ if (got_one)
++ *ap++ = '\0';
++ argbase = ap; /* update storage pointer */
++ stringbase = sb; /* update scan pointer */
++ if (got_one) {
++ return(tmp);
++ }
++ switch (slrflag) {
++ case 0:
++ slrflag++;
++ break;
++ case 1:
++ slrflag++;
++ altarg = NULL;
++ break;
++ default:
++ break;
++ }
++ return NULL;
++}
++
++#define HELPINDENT ((int) sizeof ("directory"))
++
++/*
++ * Help command.
++ * Call each command handler with argc == 0 and argv[0] == name.
++ */
++void
++help(int argc, char *argv[])
++{
++ struct cmd *c;
++
++ if (argc == 1) {
++ int i, j, w;
++ unsigned k;
++ int columns, width = 0, lines;
++
++ printf("Commands may be abbreviated. Commands are:\n\n");
++ for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
++ int len = strlen(c->c_name);
++
++ if (len > width)
++ width = len;
++ }
++ width = (width + 8) &~ 7;
++ columns = 80 / width;
++ if (columns == 0)
++ columns = 1;
++ lines = (NCMDS + columns - 1) / columns;
++ for (i = 0; i < lines; i++) {
++ for (j = 0; j < columns; j++) {
++ c = cmdtab + j * lines + i;
++ if (c->c_name && (!proxy || c->c_proxy)) {
++ printf("%s", c->c_name);
++ }
++ else if (c->c_name) {
++ for (k=0; k < strlen(c->c_name); k++) {
++ (void) putchar(' ');
++ }
++ }
++ if (c + lines >= &cmdtab[NCMDS]) {
++ printf("\n");
++ break;
++ }
++ w = strlen(c->c_name);
++ while (w < width) {
++ w = (w + 8) &~ 7;
++ (void) putchar('\t');
++ }
++ }
++ }
++ return;
++ }
++ while (--argc > 0) {
++ register char *arg;
++ arg = *++argv;
++ c = getcmd(arg);
++ if (c == (struct cmd *)-1)
++ printf("?Ambiguous help command %s\n", arg);
++ else if (c == NULL)
++ printf("?Invalid help command %s\n", arg);
++ else
++ printf("%-*s\t%s\n", HELPINDENT,
++ c->c_name, c->c_help);
++ }
++}
+diff -u -r -N netkit-ftp-0.17/ftp/ssl_port.h netkit-ftp-0.17+ssl-0.2/ftp/ssl_port.h
+--- netkit-ftp-0.17/ftp/ssl_port.h Thu Jan 1 01:00:00 1970
++++ netkit-ftp-0.17+ssl-0.2/ftp/ssl_port.h Sun Sep 24 15:46:02 2000
+@@ -0,0 +1,85 @@
++/* ssl_port.h - standard porting things
++ *
++ * The modifications to support SSLeay were done by Tim Hudson
++ * tjh@mincom.oz.au
++ *
++ * You can do whatever you like with these patches except pretend that
++ * you wrote them.
++ *
++ * Email ssl-users-request@mincom.oz.au to get instructions on how to
++ * join the mailing list that discusses SSLeay and also these patches.
++ *
++ */
++
++#ifndef HEADER_SSL_PORT_H
++#define HEADER_SSL_PORT_H
++
++#ifdef USE_SSL
++
++#include <stdio.h>
++
++#define OLDPROTO NOPROTO
++#define NOPROTO
++#include <openssl/buffer.h>
++#undef NOPROTO
++#define NOPROTO OLDPROTO
++
++#include <openssl/x509.h>
++#include <openssl/ssl.h>
++#include <openssl/err.h>
++
++extern SSL *ssl_con;
++extern SSL_CTX *ssl_ctx;
++extern int ssl_debug_flag;
++extern int ssl_only_flag;
++extern int ssl_active_flag;
++extern int ssl_verify_flag;
++extern int ssl_secure_flag;
++extern int ssl_enabled;
++
++extern int ssl_encrypt_data;
++extern SSL *ssl_data_con;
++extern int ssl_data_active_flag;
++
++extern char *my_ssl_cert_file;
++extern char *my_ssl_key_file;
++extern int ssl_certsok_flag;
++
++extern int set_ssl_trace(SSL *s);
++
++extern FILE *cin, *cout;
++
++#define is_ssl_fd(X,Y) ( (SSL_get_fd((X))==0) || \
++ (SSL_get_fd((X))==1) || \
++ (SSL_get_fd((X))==pdata) || \
++ (SSL_get_fd((X))==(Y)) \
++ )
++
++#define is_ssl_fp(X,Y) ( ( (SSL_get_fd((X))==0) && (fileno((Y))==0) ) || \
++ ( (SSL_get_fd((X))==1) && (fileno((Y))==1) ) || \
++ ( (SSL_get_fd((X))==pdata) && \
++ (fileno((Y))==pdata) ) || \
++ (SSL_get_fd((X))==fileno(Y)) \
++ )
++
++/* these macros make things much easier to handle ... */
++
++#define FFLUSH(X) (ssl_active_flag && (((X)==cin)||((X)==cout)) ? 1 : fflush((X)) )
++
++#define GETC(X) (ssl_active_flag && (((X)==cin)||((X)==cout)) ? ssl_getc(ssl_con) : getc((X)) )
++
++#define DATAGETC(X) (ssl_data_active_flag && ((fileno(X)==data)||(fileno(X)==pdata)) ? ssl_getc(ssl_data_con) : getc((X)) )
++#define DATAPUTC(X,Y) (ssl_data_active_flag && ((fileno(Y)==data)||(fileno(Y)==pdata)) ? ssl_putc(ssl_data_con,(X)) : putc((X),(Y)) )
++#define DATAFLUSH(X) (ssl_data_active_flag && ((fileno(X)==data)||(fileno(X)==pdata)) ? ssl_putc_flush(ssl_data_con) : fflush((X)) )
++
++#else
++
++#define GETC(X) getc((X))
++#define DATAGETC(X) getc((X))
++#define DATAPUTC(X,Y) putc((X),(Y))
++#define DATAFLUSH(X) fflush((X))
++#define FFLUSH(X) fflush((X))
++
++#endif /* USE_SSL */
++
++#endif /* HEADER_SSL_PORT_H */
+diff -u -r -N netkit-ftp-0.17/ftp/sslapp.c netkit-ftp-0.17+ssl-0.2/ftp/sslapp.c
+--- netkit-ftp-0.17/ftp/sslapp.c Thu Jan 1 01:00:00 1970
++++ netkit-ftp-0.17+ssl-0.2/ftp/sslapp.c Sun Sep 24 18:07:23 2000
+@@ -0,0 +1,186 @@
++/* sslapp.c - ssl application code */
++
++/*
++ * The modifications to support SSLeay were done by Tim Hudson
++ * tjh@cryptsoft.com
++ *
++ * You can do whatever you like with these patches except pretend that
++ * you wrote them.
++ *
++ * Email ssl-users-request@lists.cryptsoft.com to get instructions on how to
++ * join the mailing list that discusses SSLeay and also these patches.
++ *
++ */
++
++#ifdef USE_SSL
++
++#include "sslapp.h"
++
++SSL_CTX *ssl_ctx;
++SSL *ssl_con;
++int ssl_debug_flag=0;
++int ssl_only_flag=0;
++int ssl_active_flag=0;
++int ssl_verify_flag=SSL_VERIFY_NONE;
++int ssl_secure_flag=0;
++int ssl_certsok_flag=0;
++int ssl_cert_required=0;
++int ssl_verbose_flag=0;
++int ssl_disabled_flag=0;
++char *ssl_cert_file=NULL;
++char *ssl_key_file=NULL;
++char *ssl_cipher_list=NULL;
++char *ssl_log_file=NULL;
++
++/* fwd decl */
++static void
++client_info_callback(SSL *s, int where, int ret);
++
++int
++do_ssleay_init(int server)
++{
++ char *p;
++
++ /* make sure we have somewhere we can log errors to */
++ if (bio_err==NULL) {
++ if ((bio_err=BIO_new(BIO_s_file()))!=NULL) {
++ if (ssl_log_file==NULL)
++ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
++ else {
++ if (BIO_write_filename(bio_err,ssl_log_file)<=0) {
++ /* not a lot we can do */
++ }
++ }
++ }
++ }
++
++ /* rather simple things these days ... the old SSL_LOG and SSL_ERR
++ * vars are long gone now SSLeay8 has rolled around and we have
++ * a clean interface for doing things
++ */
++ if (ssl_debug_flag)
++ BIO_printf(bio_err,"SSL_DEBUG_FLAG on\r\n");
++
++
++ /* init things so we will get meaningful error messages
++ * rather than numbers
++ */
++ SSL_load_error_strings();
++
++ SSLeay_add_ssl_algorithms();
++ ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_method());
++
++ /* we may require a temp 512 bit RSA key because of the
++ * wonderful way export things work ... if so we generate
++ * one now!
++ */
++ if (server) {
++ if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
++ RSA *rsa;
++
++ if (ssl_debug_flag)
++ BIO_printf(bio_err,"Generating temp (512 bit) RSA key ...\r\n");
++ rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
++ if (ssl_debug_flag)
++ BIO_printf(bio_err,"Generation of temp (512 bit) RSA key done\r\n");
++
++ if (!SSL_CTX_set_tmp_rsa(ssl_ctx,rsa)) {
++ BIO_printf(bio_err,"Failed to assign generated temp RSA key!\r\n");
++ }
++ RSA_free(rsa);
++ if (ssl_debug_flag)
++ BIO_printf(bio_err,"Assigned temp (512 bit) RSA key\r\n");
++ }
++ }
++
++ /* also switch on all the interoperability and bug
++ * workarounds so that we will communicate with people
++ * that cannot read poorly written specs :-)
++ */
++ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL);
++
++ /* the user can set whatever ciphers they want to use */
++ if (ssl_cipher_list==NULL) {
++ p=getenv("SSL_CIPHER");
++ if (p!=NULL)
++ SSL_CTX_set_cipher_list(ssl_ctx,p);
++ } else
++ SSL_CTX_set_cipher_list(ssl_ctx,ssl_cipher_list);
++
++ /* for verbose we use the 0.6.x info callback that I got
++ * eric to finally add into the code :-) --tjh
++ */
++ if (ssl_verbose_flag) {
++ SSL_CTX_set_info_callback(ssl_ctx,client_info_callback);
++ }
++
++ /* Add in any certificates if you want to here ... */
++ if (ssl_cert_file) {
++ if (!SSL_CTX_use_certificate_file(ssl_ctx, ssl_cert_file,
++ X509_FILETYPE_PEM)) {
++ BIO_printf(bio_err,"Error loading %s: ",ssl_cert_file);
++ ERR_print_errors(bio_err);
++ BIO_printf(bio_err,"\r\n");
++ return(0);
++ } else {
++ if (!ssl_key_file)
++ ssl_key_file = ssl_cert_file;
++ if (!SSL_CTX_use_RSAPrivateKey_file(ssl_ctx, ssl_key_file,
++ X509_FILETYPE_PEM)) {
++ BIO_printf(bio_err,"Error loading %s: ",ssl_key_file);
++ ERR_print_errors(bio_err);
++ BIO_printf(bio_err,"\r\n");
++ return(0);
++ }
++ }
++ }
++
++ /* make sure we will find certificates in the standard
++ * location ... otherwise we don't look anywhere for
++ * these things which is going to make client certificate
++ * exchange rather useless :-)
++ */
++ SSL_CTX_set_default_verify_paths(ssl_ctx);
++
++ /* now create a connection */
++ ssl_con=(SSL *)SSL_new(ssl_ctx);
++ SSL_set_verify(ssl_con,ssl_verify_flag,NULL);
++
++#if 0
++ SSL_set_verify(ssl_con,ssl_verify_flag,client_verify_callback);
++#endif
++
++ return(1);
++}
++
++
++static void
++client_info_callback(SSL *s, int where, int ret)
++{
++ if (where==SSL_CB_CONNECT_LOOP) {
++ BIO_printf(bio_err,"SSL_connect:%s %s\r\n",
++ SSL_state_string(s),SSL_state_string_long(s));
++ } else if (where==SSL_CB_CONNECT_EXIT) {
++ if (ret == 0) {
++ BIO_printf(bio_err,"SSL_connect:failed in %s %s\r\n",
++ SSL_state_string(s),SSL_state_string_long(s));
++ } else if (ret < 0) {
++ BIO_printf(bio_err,"SSL_connect:error in %s %s\r\n",
++ SSL_state_string(s),SSL_state_string_long(s));
++ }
++ }
++}
++
++
++#else /* !USE_SSL */
++
++/* something here to stop warnings if we build without SSL support */
++static int dummy_func()
++{
++ int i;
++
++ i++;
++}
++
++#endif /* USE_SSL */
++
+diff -u -r -N netkit-ftp-0.17/ftp/sslapp.h netkit-ftp-0.17+ssl-0.2/ftp/sslapp.h
+--- netkit-ftp-0.17/ftp/sslapp.h Thu Jan 1 01:00:00 1970
++++ netkit-ftp-0.17+ssl-0.2/ftp/sslapp.h Sun Sep 24 18:07:48 2000
+@@ -0,0 +1,63 @@
++/* sslapp.h - ssl application code */
++
++/*
++ * The modifications to support SSLeay were done by Tim Hudson
++ * tjh@cryptsoft.com
++ *
++ * You can do whatever you like with these patches except pretend that
++ * you wrote them.
++ *
++ * Email ssl-users-request@mincom.oz.au to get instructions on how to
++ * join the mailing list that discusses SSLeay and also these patches.
++ *
++ */
++
++#ifdef USE_SSL
++
++#include <stdio.h>
++
++#include <openssl/crypto.h>
++
++#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
++#define ONELINE_NAME(X) X509_NAME_oneline(X,NULL,0)
++
++#define OLDPROTO NOPROTO
++#define NOPROTO
++#include <openssl/bio.h>
++#undef NOPROTO
++#define NOPROTO OLDPROTO
++#undef OLDPROTO
++#include <openssl/buffer.h>
++
++#include <openssl/x509.h>
++#include <openssl/ssl.h>
++#include <openssl/err.h>
++
++extern BIO *bio_err;
++extern SSL *ssl_con;
++extern SSL_CTX *ssl_ctx;
++extern int ssl_debug_flag;
++extern int ssl_only_flag;
++extern int ssl_active_flag;
++extern int ssl_verify_flag;
++extern int ssl_secure_flag;
++extern int ssl_verbose_flag;
++extern int ssl_disabled_flag;
++extern int ssl_cert_required;
++extern int ssl_certsok_flag;
++
++extern char *ssl_log_file;
++extern char *ssl_cert_file;
++extern char *ssl_key_file;
++extern char *ssl_cipher_list;
++
++/* we hide all the initialisation code in a separate file now */
++extern int do_ssleay_init(int server);
++
++/*extern int display_connect_details();
++extern int server_verify_callback();
++extern int client_verify_callback();*/
++
++#endif /* USE_SSL */
++
++
diff --git a/net-ftp/ftp/ftp-0.17-r2.ebuild b/net-ftp/ftp/ftp-0.17-r2.ebuild
new file mode 100644
index 000000000000..bd9067a096b9
--- /dev/null
+++ b/net-ftp/ftp/ftp-0.17-r2.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-ftp/ftp/ftp-0.17-r2.ebuild,v 1.1 2002/11/23 07:31:44 raker Exp $
+
+MY_P=netkit-${P}
+S=${WORKDIR}/${MY_P}
+DESCRIPTION="Standard Linux FTP client with optional SSL support"
+SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${MY_P}.tar.gz"
+HOMEPAGE="http://www.hcs.harvard.edu/~dholland/computers/netkit.html"
+
+DEPEND="virtual/glibc
+ >=sys-libs/ncurses-5.2
+ ssl? ( dev-libs/openssl )"
+SLOT="0"
+LICENSE="as-is"
+KEYWORDS="~x86 ~ppc ~sparc ~sparc64 ~alpha"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+
+ if [ "`use ssl`" ]; then
+ patch -p1 < ${FILESDIR}/${MY_P}+ssl-0.2.diff || die "ssl patch failed"
+ fi
+}
+
+src_compile() {
+ ./configure --prefix=/usr || die
+ cp MCONFIG MCONFIG.orig
+ sed -e "s/-pipe -O2/${CFLAGS}/" MCONFIG.orig > MCONFIG
+ emake || die
+}
+
+src_install() {
+ into /usr
+ dobin ftp/ftp
+ doman ftp/ftp.1 ftp/netrc.5
+ dodoc ChangeLog README BUGS
+}