* change checkportcmd syntax to `checkportcmd class [off]' (as per `modify')

* display current setting of checkportcmd in STAT
* ensure that curclass.checkportcmd is initialised to 0
* document default setting of checkportcmd in ftpd(8)
* cleanup code a bit, putting code for "checkportcmd" in alphabetical order

libexec/ftpd/conf.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: conf.c,v 1.8 1997/11/11 05:48:05 mrg Exp $	*/
+/*	$NetBSD: conf.c,v 1.9 1997/11/11 12:42:24 lukem Exp $	*/
 
 /*-
  * Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.8 1997/11/11 05:48:05 mrg Exp $");
+__RCSID("$NetBSD: conf.c,v 1.9 1997/11/11 12:42:24 lukem Exp $");
 #endif /* not lint */
 
 #include <sys/types.h>
@@ -93,17 +93,18 @@ parse_conf(findclass)
 		cnext = conv->next;
 		free(conv);
 	}
+	curclass.checkportcmd = 0;
 	curclass.conversions =	NULL;
 	REASSIGN(curclass.display, NULL);
-	curclass.modify =	1;
 	curclass.maxtimeout =	7200;		/* 2 hours */
+	curclass.modify =	1;
 	REASSIGN(curclass.notify, NULL);
 	curclass.timeout =	900;		/* 15 minutes */
 	curclass.umask =	027;
 
 	if (strcasecmp(findclass, "guest") == 0) {
-		curclass.umask = 0707;
 		curclass.modify = 0;
+		curclass.umask = 0707;
 	}
 
 	infile = conffilename(_PATH_FTPDCONF);
@@ -138,7 +139,13 @@ parse_conf(findclass)
 		    !none && strcasecmp(class, "all") != 0)
 			continue;
 
-		if (strcasecmp(word, "conversion") == 0) {
+		if (strcasecmp(word, "checkportcmd") == 0) {
+			if (none ||
+			    (!EMPTYSTR(arg) && strcasecmp(arg, "off") == 0))
+				curclass.checkportcmd = 0;
+			else
+				curclass.checkportcmd = 1;
+		} else if (strcasecmp(word, "conversion") == 0) {
 			char *suffix, *types, *disable, *convcmd;
 
 			if (EMPTYSTR(arg)) {
@@ -274,8 +281,6 @@ parse_conf(findclass)
 				continue;
 			}
 			curclass.umask = umask;
-		} else if (strcasecmp(word, "checkportcmd") == 0) {
-			curclass.checkportcmd = 1;
 		} else {
 			syslog(LOG_WARNING,
 			    "%s line %d: unknown directive '%s'",

libexec/ftpd/extern.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: extern.h,v 1.6 1997/11/11 05:48:06 mrg Exp $	*/
+/*	$NetBSD: extern.h,v 1.7 1997/11/11 12:42:30 lukem Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993
@@ -82,6 +82,7 @@ struct ftpconv {
 };
 
 struct ftpclass {
+	int		 checkportcmd;	/* Check PORT commands are valid */
 	char		*classname;	/* Current class */
 	struct ftpconv 	*conversions;	/* List of conversions */
 	char		*display;	/* Files to display upon chdir */
@@ -90,5 +91,4 @@ struct ftpclass {
 	char		*notify;	/* Files to notify about upon chdir */
 	unsigned int	 timeout;	/* Default timeout */
 	mode_t		 umask;		/* Umask to use */
-	int		 checkportcmd;	/* check PORT commands are valid */
 };

libexec/ftpd/ftpd.8

@@ -1,4 +1,4 @@
-.\"	$NetBSD: ftpd.8,v 1.18 1997/11/11 05:48:09 mrg Exp $
+.\"	$NetBSD: ftpd.8,v 1.19 1997/11/11 12:42:35 lukem Exp $
 .\"
 .\" Copyright (c) 1985, 1988, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -300,16 +300,21 @@ as configuration directives.
 .Pp
 Each configuration line may be one of:
 .Bl -tag -width 4n
-.It Sy checkportcmd Ar class
-Check the ftp protocol
-.Sy PORT
+.It Sy checkportcmd Ar class Op Sy off
+Check the
+PORT
 command for validity.  The
-.Sy PORT
+PORT
 command will fail if the IP address specified does not match the ftp
-command connection, or if the TCP port number is less than
+command connection, or if the remote TCP port number is less than
 .Dv IPPORT_RESERVED .
 This option should be used for sites concerned with potential security
 problems with ftp bounce attacks.
+If class is
+.Dq none
+or
+.Sy off
+is given, disable this feature, otherwise enable it.
 .It Xo Sy conversion Ar class
 .Ar suffix Op Ar "type disable command"
 .Xc
@@ -436,14 +441,15 @@ Matches no class.
 .Pp
 The following defaults are used:
 .Bd -literal -offset indent -compact
-display     none
-maxtimeout  all    7200   # 2 hours
-modify      all
-modify      guest  off
-notify      none
-timeout     all    900    # 15 minutes
-umask       all    027
-umask       guest  0707
+checkportcmd  none
+display       none
+maxtimeout    all    7200   # 2 hours
+modify        all
+modify        guest  off
+notify        none
+timeout       all    900    # 15 minutes
+umask         all    027
+umask         guest  0707
 .Ed
 .Pp
 Directives that appear later in the file override settings by previous

libexec/ftpd/ftpd.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ftpd.c,v 1.40 1997/11/11 06:32:17 mrg Exp $	*/
+/*	$NetBSD: ftpd.c,v 1.41 1997/11/11 12:42:39 lukem Exp $	*/
 
 /*
  * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994
@@ -44,7 +44,7 @@ __COPYRIGHT(
 #if 0
 static char sccsid[] = "@(#)ftpd.c	8.5 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: ftpd.c,v 1.40 1997/11/11 06:32:17 mrg Exp $");
+__RCSID("$NetBSD: ftpd.c,v 1.41 1997/11/11 12:42:39 lukem Exp $");
 #endif
 #endif /* not lint */
 
@@ -1302,13 +1302,15 @@ printaddr:
 
 		lreply(211, "");
 		lreply(211, "Class: %s", curclass.classname);
+		lreply(211, "Check PORT commands: %sabled", 
+		    curclass.checkportcmd ? "en" : "dis");
 		if (curclass.display)
 			lreply(211, "Display file: %s", curclass.display);
 		if (curclass.notify)
 			lreply(211, "Notify fileglob: %s", curclass.notify);
 		lreply(211, "Idle timeout: %d, maximum timeout: %d",
 		    curclass.timeout, curclass.maxtimeout);
-		lreply(211, "dele, mkd, rmd, umask, chmod: %sabled",
+		lreply(211, "DELE, MKD, RMD, UMASK, CHMOD commands: %sabled",
 		    curclass.modify ? "en" : "dis");
 		lreply(211, "Umask: %.04o", curclass.umask);
 		for (cp = curclass.conversions; cp != NULL; cp=cp->next) {