1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
Description: Fix SSL without autologin (-n)
Initialize SSL even when -n is used.
Also enforce -z secure when logging in with USER command.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450723
Author: Ian Beckwith <ianb@debian.org>
Forwarded: no
Last-Update: 2014-12-23
--- a/ftp/cmds.c
+++ b/ftp/cmds.c
@@ -273,6 +273,10 @@
(void) dologin(argv[1]);
dosyst();
}
+#ifdef USE_SSL
+ else
+ (void) ssl_init();
+#endif /* USE_SSL */
}
}
--- a/ftp/ftp.c
+++ b/ftp/ftp.c
@@ -2102,12 +2102,11 @@
fflush(stdout);
}
-static int
-auth_user(char *u,char *p)
-{
- int n;
-
#ifdef USE_SSL
+int
+ssl_init(void)
+{
+ int n;
int use_tls = 0;
if (ssl_enabled) {
n = command("AUTH SSL");
@@ -2178,22 +2177,27 @@
fprintf(stderr, "Data connection security level refused.\n");
return ERROR;
}
-
- n = command("USER %s",u);
- if (n == CONTINUE) {
- if(p == NULL)
- p = getpass("Password:");
- n = command("PASS %s",p);
- }
- return (n);
}
}
+ return CONTINUE;
+}
#endif /* USE_SSL */
+
+static int
+auth_user(char *u,char *p)
+{
+ int n;
+
+#ifdef USE_SSL
+ if (ssl_init() == ERROR)
+ return ERROR;
+#endif /* USE_SSL */
+
n = command("USER %s",u);
if (n == CONTINUE) {
- if(p == NULL)
+ if(p == NULL)
p = getpass("Password:");
- n = command("PASS %s",p);
+ n = command("PASS %s",p);
}
return(n);
}
--- a/ftp/sslapp.h
+++ b/ftp/sslapp.h
@@ -59,6 +59,7 @@
extern int server_verify_callback();
extern int client_verify_callback();*/
+extern int ssl_init(void);
#endif /* USE_SSL */
|
