Use data ports in the range 40000..44999 by default to enhance FTP usability

in a firewall environment.  Original idea by Mark Tracy (?).

Reviewed by:	wollman
Submitted by:	pst

3 files changed, 46 insertions, 8 deletions

diff --git a/libexec/ftpd/Makefile b/libexec/ftpd/Makefile
index adcc9198f807..a21838081502 100644
--- a/libexec/ftpd/Makefile
+++ b/libexec/ftpd/Makefile
@@ -5,6 +5,7 @@ MAN8=	ftpd.8
 SRCS=	ftpd.c ftpcmd.c logwtmp.c popen.c skey-stuff.c
 
 CFLAGS+=-DSETPROCTITLE -DSKEY -DSTATS
+CFLAGS+=-DFTP_DATA_BOTTOM=40000 -DFTP_DATA_TOP=44999
 
 LDADD=	-lskey -lmd -lcrypt
 DPADD=	${LIBSKEY} ${LIBMD} ${LIBCRYPT}
diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8
index 2471961c58e4..6e5b199cbfd3 100644
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@@ -42,6 +42,7 @@ Internet File Transfer Protocol server
 .Nm ftpd
 .Op Fl dl
 .Op Fl S
+.Op Fl U
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
 .Sh DESCRIPTION
@@ -74,6 +75,13 @@ logs all anonymous transfers to the file
 .Pa /var/log/ftpd
 when this file exists.
 .
+.It Fl U
+In previous versions of
+.Nm ftpd ,
+when a passive mode client requested a data connection to the server,
+the server would use data ports in the range 1024..4999.  Now, by default,
+the server will use data ports in the range 40000..44999.  Specifying this
+option will revert to the old behavior.
 .It Fl T
 A client may also request a different timeout period;
 the maximum period allowed may be set to
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index f6fc3795f5ef..8776124171c5 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: ftpd.c,v 1.9 1995/05/22 11:03:55 davidg Exp $
+ *	$Id: ftpd.c,v 1.10 1995/05/30 05:45:58 rgrimes Exp $
  */
 
 #ifndef lint
@@ -113,6 +113,7 @@ int	debug;
 int	timeout = 900;    /* timeout after 15 minutes of inactivity */
 int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
 int	logging;
+int	restricted_data_ports = 1;
 int	guest;
 #ifdef STATS
 int	stats;
@@ -260,7 +261,7 @@ main(argc, argv, envp)
 #ifdef STATS
 	while ((ch = getopt(argc, argv, "dlSt:T:u:v")) != EOF) {
 #else
-	while ((ch = getopt(argc, argv, "dlt:T:u:v")) != EOF) {
+	while ((ch = getopt(argc, argv, "dlUt:T:u:v")) != EOF) {
 #endif
 		switch (ch) {
 		case 'd':
@@ -271,6 +272,10 @@ main(argc, argv, envp)
 			logging++;	/* > 1 == extra logging */
 			break;
 
+		case 'U':
+			restricted_data_ports = 0;
+			break;
+
 		case 't':
 			timeout = atoi(optarg);
 			if (maxtimeout < timeout)
@@ -1518,6 +1523,7 @@ void
 passive()
 {
 	int len;
+	u_short port;
 	char *p, *a;
 
 	pdata = socket(AF_INET, SOCK_STREAM, 0);
@@ -1525,14 +1531,37 @@ passive()
 		perror_reply(425, "Can't open passive connection");
 		return;
 	}
-	pasv_addr = ctrl_addr;
-	pasv_addr.sin_port = 0;
-	(void) seteuid((uid_t)0);
-	if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) {
+
+	if (restricted_data_ports) {
+		for (port = FTP_DATA_BOTTOM; port <= FTP_DATA_TOP; port++) {
+			pasv_addr = ctrl_addr;
+			pasv_addr.sin_port = htons(port);
+			(void) seteuid((uid_t)0);
+			if (bind(pdata, (struct sockaddr *)&pasv_addr,
+				 sizeof(pasv_addr)) < 0) {
+				(void) seteuid((uid_t)pw->pw_uid);
+				if (errno == EADDRINUSE)
+					continue;
+				else
+					goto pasv_error;
+			}
+			(void) seteuid((uid_t)pw->pw_uid);
+			break;
+		}
+		if (port > FTP_DATA_TOP)
+			goto pasv_error;
+	} else {
+		pasv_addr = ctrl_addr;
+		pasv_addr.sin_port = 0;
+		(void) seteuid((uid_t)0);
+		if (bind(pdata, (struct sockaddr *)&pasv_addr,
+			 sizeof(pasv_addr)) < 0) {
+			(void) seteuid((uid_t)pw->pw_uid);
+			goto pasv_error;
+		}
 		(void) seteuid((uid_t)pw->pw_uid);
-		goto pasv_error;
 	}
-	(void) seteuid((uid_t)pw->pw_uid);
+
 	len = sizeof(pasv_addr);
 	if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
 		goto pasv_error;