Sunday, June 23, 2002, 4:39:14 AM, you wrote:

AC> I plan to commit this next week, if there are no objections.  The patch
AC> is in ftp://ftp.netbsd.org/pub/incoming/aidan/ftp-patch.tgz .

A much cleaner way (instead of changing every printf into sec_printf
which breaks fflush and ferror, and the byte counting of cprintf,
CPUTC etc) would be to change the FILE* functions (_read, _close,
_seek, _write) of stdout/stdin, so that every method has it's own
sec_write(FILE*, const char*, size_t), sec_read, sec_init, sec_close
and sec_seek.

I still think that each method should handle everything after AUTH
themselves too, since there's no other suitable methods besides gssapi
and TLS. Right now too much in secure-server.c and secure-common.c is
for gssapi and needs to be changed for TLS.

The code probably needs a little cleanup too, for example the below
isn't too pretty: 

    if(mech && !sec_complete) {
        void *buf = malloc(strlen(auth_data));
        size_t len; 

AC> Since the last time I posted, there was a change that sort-of conflicted with
AC> my patch (which, I know, is what I get for waiting years to commit
AC> things), namely enami's change to use either mmap() or read() to read
AC> a file before sending it...  I admit, I don't fully understand this
AC> patch (I can see what it does, but not why it does it...  for performance,

[...]

It's to work with the new socket zero-copy option.

-Tomas