netbsd-bugs: bin/4695: /usr/libexec/ftpd does not know about the RFC 2228 authentication commands

Subject: bin/4695: /usr/libexec/ftpd does not know about the RFC 2228 authentication commands
To: None <gnats-bugs@gnats.netbsd.org>
From: None <jim.wise@turner.com>
List: netbsd-bugs
Date: 12/15/1997 20:48:01
>Number:         4695
>Category:       bin
>Synopsis:       /usr/libexec/ftpd does not know about the RFC 2228 authentication commands
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 15 18:05:01 1997
>Last-Modified:
>Originator:     Jim Wise
>Organization:
>Release:        NetBSD-current of 1997-12-15
>Environment:
	platform independent

>Description:
	RFC 2228 "FTP Security Extensions", which is a proposed standard, provides a simple,
	compatible way to extend the current ftp protocol with support for authenticated and/or
	encrypted commands and data transfers.  I am exploring the possibilities of implementing
	this RFC based on our ftpd.  In the meantime, this patch makes our ftpd aware of the new
	commands, and makes it reply in the specified manner for a host which is aware of the new
	commands but does not implement them.
>How-To-Repeat:
	before (with a 1.2.1 host)

		$ ftp imladris
		Connected to imladris.turner.com.
		220 imladris.turner.com FTP server (Version 6.00) ready.
		Name (imladris:jimw): 
		331 Password required for jimw.
		Password:
		230- NetBSD 1.2.1 (IMLADRIS_NEW) #0: Wed Aug 27 14:45:27 EDT 1997
		230- 
		230- Welcome to NetBSD!
		230- 
		230 User jimw logged in.
		Remote system type is UNIX.
		Using binary mode to transfer files.
		ftp> quote SYST
		215 UNIX Type: L8 Version: BSD-199306
		ftp> quote AUTH
		500 'AUTH': command not understood.

	after (with a 1.3_ALPHA host)

		$ ftp fornost
		Connected to fornost.turner.com.
		220 fornost.turner.com FTP server (Version 7.02) ready.
		Name (fornost:jimw): 
		331 Password required for jimw.
		Password:
		230- NetBSD 1.3_ALPHA (FORNOST) #0: Tue Nov 25 15:43:22 EST 1997
		230- 
		230 User jimw logged in.
		Remote system type is UNIX.
		Using binary mode to transfer files.
		ftp> quote SYST
		215 UNIX Type: L8 Version: BSD-199306
		ftp> quote AUTH foo
		502 RFC 2228 authentication not implemented.

	not a big change, to be sure, but a correct one.
>Fix:
	Apply this patch:
*** src/libexec/ftpd/ftpcmd.y.old	Mon Dec 15 13:04:37 1997
--- src/libexec/ftpd/ftpcmd.y	Mon Dec 15 20:31:00 1997
***************
*** 120,125 ****
--- 120,128 ----
  	STAT	HELP	NOOP	MKD	RMD	PWD
  	CDUP	STOU	SMNT	SYST	SIZE	MDTM
  
+ 	AUTH	ADAT	PROT	PBSZ	CCC	MIC
+ 	CONF	ENC
+ 
  	UMASK	IDLE	CHMOD
  
  	LEXERR
***************
*** 128,135 ****
  %token	<i> NUMBER
  
  %type	<i> check_login check_modify octal_number byte_size
! %type	<i> struct_code mode_code type_code form_code
! %type	<s> pathstring pathname password username
  
  %start	cmd_list
  
--- 131,138 ----
  %token	<i> NUMBER
  
  %type	<i> check_login check_modify octal_number byte_size
! %type	<i> struct_code mode_code type_code form_code decimal_integer
! %type	<s> pathstring pathname password username mechanism_name base64data prot_code
  
  %start	cmd_list
  
***************
*** 520,525 ****
--- 523,560 ----
  			reply(221, "Goodbye.");
  			dologout(0);
  		}
+         | AUTH SP mechanism_name CRLF
+                 {
+                         reply(502, "RFC 2228 authentication not implemented.");
+                 }
+         | ADAT SP base64data CRLF
+                 {
+ 			reply(503, "Please set authentication state with AUTH.");
+                 }
+ 	| PROT SP prot_code CRLF
+ 		{
+ 			reply(503, "Please set protection buffer size with PBSZ.");
+ 		}
+ 	| PBSZ SP decimal_integer CRLF
+ 		{
+ 			reply(503, "Please set authentication state with AUTH.");
+ 		}
+ 	| MIC SP base64data CRLF
+ 		{
+ 			reply(502, "RFC 2228 authentication not implemented.");
+ 		}
+ 	| CONF SP base64data CRLF
+ 		{
+ 			reply(502, "RFC 2228 authentication not implemented.");
+ 		}
+ 	| ENC SP base64data CRLF
+ 		{
+ 			reply(502, "RFC 2228 authentication not implemented.");
+ 		}
+ 	| CCC CRLF
+ 		{
+ 			reply(533, "No protection enabled.");
+ 		}
  	| error CRLF
  		{
  			yyerrok;
***************
*** 726,731 ****
--- 761,781 ----
  		}
  	;
  
+ mechanism_name
+ 	: STRING
+ 	;
+ 
+ base64data
+ 	: STRING
+ 	;
+ 
+ prot_code
+ 	: STRING
+ 	;
+ 
+ decimal_integer
+ 	: NUMBER
+ 	;
  
  check_login
  	: /* empty */
***************
*** 825,830 ****
--- 875,888 ----
  	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
  	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
  	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
+ 	{ "AUTH", AUTH, STR1, 1,	"<sp> mechanism-name" },
+ 	{ "ADAT", ADAT, STR1, 1,	"<sp> base-64-data" },
+ 	{ "PROT", PROT, STR1, 1,	"<sp> prot-code" },
+ 	{ "PBSZ", PBSZ, ARGS, 1,	"<sp> decimal-integer" },
+ 	{ "MIC",  MIC,  STR1, 1,	"<sp> base64data" },
+ 	{ "CONF", CONF, STR1, 1,        "<sp> base64data" },
+ 	{ "ENC",  ENC,  STR1, 1,        "<sp> base64data" },
+ 	{ "CCC",  CCC,  ARGS, 1,	"(Disable data protection)" },
  	{ NULL,   0,    0,    0,	0 }
  };
  
>Audit-Trail:
>Unformatted: