Add the ability to disable passive connects in ftpd.conf (breaks RFC1123,

STD3, but needed in some firewall environments).
1998-06-30 20:18:52 +00:00 · 1998-06-30 20:18:52 +00:00 · e3ab20461f
parent 104c2d4f3e
commit e3ab20461f
4 changed files with 27 additions and 8 deletions
--- a/libexec/ftpd/conf.c
+++ b/libexec/ftpd/conf.c
@ -1,4 +1,4 @@
-/*	$NetBSD: conf.c,v 1.13 1998/06/03 13:21:42 mouse Exp $	*/
+/*	$NetBSD: conf.c,v 1.14 1998/06/30 20:18:52 tv Exp $	*/

 /*-
 * Copyright (c) 1997 The NetBSD Foundation, Inc.
@ -38,7 +38,7 @@

 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: conf.c,v 1.13 1998/06/03 13:21:42 mouse Exp $");
+__RCSID("$NetBSD: conf.c,v 1.14 1998/06/30 20:18:52 tv Exp $");
 #endif /* not lint */

 #include <sys/types.h>
@ -100,6 +100,7 @@ parse_conf(findclass)
 	curclass.maxtimeout =	7200;		/* 2 hours */
 	curclass.modify =	1;
 	REASSIGN(curclass.notify, NULL);
+	curclass.passive =	1;
 	curclass.timeout =	900;		/* 15 minutes */
 	curclass.umask =	027;

@ -246,6 +247,12 @@ parse_conf(findclass)
 			else
 				arg = strdup(arg);
 			REASSIGN(curclass.notify, arg);
+		} else if (strcasecmp(word, "passive") == 0) {
+			if (none ||
+			    (!EMPTYSTR(arg) && strcasecmp(arg, "off") == 0))
+				curclass.passive = 0;
+			else
+				curclass.passive = 1;
 		} else if (strcasecmp(word, "timeout") == 0) {
 			if (none || EMPTYSTR(arg))
 				continue;
--- a/libexec/ftpd/extern.h
+++ b/libexec/ftpd/extern.h
@ -1,4 +1,4 @@
-/*	$NetBSD: extern.h,v 1.7 1997/11/11 12:42:30 lukem Exp $	*/
+/*	$NetBSD: extern.h,v 1.8 1998/06/30 20:18:52 tv Exp $	*/

 /*-
 * Copyright (c) 1992, 1993
@ -89,6 +89,7 @@ struct ftpclass {
 	unsigned int	 maxtimeout;	/* Maximum permitted timeout */
 	int		 modify;	/* Allow dele, mkd, rmd, umask, chmod */
 	char		*notify;	/* Files to notify about upon chdir */
+	int		 passive;	/* Allow pasv */
 	unsigned int	 timeout;	/* Default timeout */
 	mode_t		 umask;		/* Umask to use */
 };
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@ -1,4 +1,4 @@
-/*	$NetBSD: ftpcmd.y,v 1.19 1998/06/21 12:16:35 kleink Exp $	*/
+/*	$NetBSD: ftpcmd.y,v 1.20 1998/06/30 20:18:52 tv Exp $	*/

 /*
 * Copyright (c) 1985, 1988, 1993, 1994
@ -47,7 +47,7 @@
 #if 0
 static char sccsid[] = "@(#)ftpcmd.y	8.3 (Berkeley) 4/6/94";
 #else
-__RCSID("$NetBSD: ftpcmd.y,v 1.19 1998/06/21 12:16:35 kleink Exp $");
+__RCSID("$NetBSD: ftpcmd.y,v 1.20 1998/06/30 20:18:52 tv Exp $");
 #endif
 #endif /* not lint */

@ -174,9 +174,13 @@ cmd
 			}
 			reply(200, "PORT command successful.");
 		}
-	| PASV CRLF
+	| PASV check_login CRLF
 		{
-			passive();
+			if (curclass.passive) {
+				passive();
+			} else {
+				reply(500, "PASV mode not available.");
+			}
 		}
 	| TYPE SP type_code CRLF
 		{
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@ -1,4 +1,4 @@
-.\"	$NetBSD: ftpd.8,v 1.27 1998/06/26 18:12:00 msaitoh Exp $
+.\"	$NetBSD: ftpd.8,v 1.28 1998/06/30 20:18:52 tv Exp $
 .\"
 .\" Copyright (c) 1985, 1988, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@ -404,6 +404,12 @@ disable this.
 Otherwise, each time the user enters a new directory,
 notify the user of any files matching
 .Ar fileglob .
+.It Sy passive Ar class Op Sy off
+If class is
+.Dq none
+or
+.Sy off
+is given, disallow passive (PASV) connections.  Otherwise, enable them.
 .It Sy timeout Ar class Ar time
 Set the inactivity timeout period.
 (the default is fifteen minutes).
@ -452,6 +458,7 @@ maxtimeout    all    7200   # 2 hours
 modify        all
 modify        guest  off
 notify        none
+passive       all
 timeout       all    900    # 15 minutes
 umask         all    027
 umask         guest  0707