From nobody Thu Jun 26 12:11:02 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bScwQ6SLnz60TT7; Thu, 26 Jun 2025 12:11:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bScwQ1vYDz3s2c; Thu, 26 Jun 2025 12:11:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750939862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c9pijDMvtgs8kOFuRyutCCejMakk9Rkxkv5m2XV42KU=; b=y3z7xiFC/b+1vwc+Qx6NnWd+plcEzlIhpljnDaR228W7qPOMsZQpelyQv7ZmD5zBd4EcHw a0AvB7hJAMsbvdSdg2MwkZkPx/EzBD4WG08LBvZ+mVsCDMQ8il3k7lJfNzojoAOdobBOkn 3q5NMwcOVB6UyFhiQpH/d9nBJbdsIdXP1kcV+LlEkkRbV4LG/w0U5qHtHZ84ar1kW4CTS/ PkpZ711gm9PIGaTvkpoNOWkzL0ABN5tLN2YecMG36jEg7RG/uZtzMIlDVHLKQIteTK0Wf1 07XE12lBUsqhHVvBqCdCoT/omY0xFIWgu6c1R216aUxmA3e0OxfAbgKDRRGIfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750939862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c9pijDMvtgs8kOFuRyutCCejMakk9Rkxkv5m2XV42KU=; b=NqhoRicFWBr29j9z81WHEBtXA0Bg8LxYx8iGrYnDhhvRDWzP4Sf8kSQ66Qi9u27rOx9jQc kMr7m6VXOIyj4C0M8XWjisfrSipBZSOzgI2PKF6ShEIznclCF9H7SNtbzGqCYmcFEHRkbK KRhNk04t1QUm5KrvbewmLwNy9OjDvYauHXCEt7PtqLeNuEB1lm7/djKlBNMvmCPH/bnQYE ZBg0XB15qrCF5CtO8hcAxc33AWmySYMHo+OUCpkcLPnaxxmj3dAFYibKM0ebcB3JfHZfs2 nQ3LBVHxuiZh83LZkNG/NYg0uUJlChkK8P4XzgGFT2guS1zLPTqUMPbmnb4+2w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750939862; a=rsa-sha256; cv=none; b=h6CkY/0tI7NoqrSoJJ5TitQMDwx3d481vSLI7+KMhsiyVQwGYTudjAbyWC6AiW0AvPE6/Q GQ4l2MMm3TOm7eqTdnbLFXCiHBg5iGEn/BAojMbeD2axuX773Vaair/yKFph/+T7VWlCY9 Teruv5rjdigBIO8zsH7Fu/dntyZyl+4ZmH5ZVhEVhFCSLCTeqJTZ5E59M2PN3xnZa+OsRc oBZyZ7qSMWip7/gCZe9Se4xhGav6pp5tZEBXUtIawoKScy4C8on5WGvppnnBrFc83DrJZ/ qy5YzYMQQ/WMVIcaud1IOMDi+w6HBJYGp7DiRJY9vizPydTV3MAVbcM3PxoKpA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bScwQ1Jfwz12XN; Thu, 26 Jun 2025 12:11:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55QCB2Vu007200; Thu, 26 Jun 2025 12:11:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55QCB2o0007197; Thu, 26 Jun 2025 12:11:02 GMT (envelope-from git) Date: Thu, 26 Jun 2025 12:11:02 GMT Message-Id: <202506261211.55QCB2o0007197@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: 0804e60df19b - main - ftpd: Provide an option to turn off FTP anonymous usage List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0804e60df19b393c37238596c9f37a0b8972a7da Auto-Submitted: auto-generated The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=0804e60df19b393c37238596c9f37a0b8972a7da commit 0804e60df19b393c37238596c9f37a0b8972a7da Author: joyu liaonull AuthorDate: 2025-06-26 12:07:31 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2025-06-26 12:10:14 +0000 ftpd: Provide an option to turn off FTP anonymous usage ftpd provides the -n option to disable anonymous FTP access, meaning the username 'ftp' cannot log in to the FTP server without a password stored in the password database. This feature helps prevent users who lack the background knowledge of how this special username 'ftp' conventionally works in FTP from mistakenly creating an account with the username 'ftp,' assuming it behaves like other usernames that require a password to log in to the FTP server, which it does not. Differential Revision: https://reviews.freebsd.org/D46547 --- libexec/ftpd/ftpd.8 | 12 ++++++++++-- libexec/ftpd/ftpd.c | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8 index 3474c379fbc7..96db4753209e 100644 --- a/libexec/ftpd/ftpd.8 +++ b/libexec/ftpd/ftpd.8 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 9, 2023 +.Dd June 26, 2025 .Dt FTPD 8 .Os .Sh NAME @@ -33,7 +33,8 @@ .Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm -.Op Fl 468ABDdEhMmOoRrSUvW +.Op Fl 468BDdEhMmOoRrSUvW +.Bq Fl A | Fl n .Op Fl l Op Fl l .Op Fl a Ar address .Op Fl P Ar port @@ -147,6 +148,13 @@ Permit anonymous users to overwrite or modify existing files if allowed by file system permissions. By default, anonymous users cannot modify existing files; in particular, files to upload will be created under a unique name. +.It Fl n +Disable anonymous FTP access. +The +.Fl n +option is mutually exclusive with the +.Fl A +option. .It Fl O Put server in write-only mode for anonymous users only. RETR is disabled for anonymous users, preventing anonymous downloads. diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index f3a1105f6437..751d77b218b7 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -106,6 +106,7 @@ int logging; int restricted_data_ports = 1; int paranoid = 1; /* be extra careful about security */ int anon_only = 0; /* Only anonymous ftp allowed */ +int noanon = 0; /* disable anonymous ftp */ int assumeutf8 = 0; /* Assume that server file names are in UTF-8 */ int guest; int dochroot; @@ -269,7 +270,7 @@ main(int argc, char *argv[], char **envp) openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); while ((ch = getopt(argc, argv, - "468a:ABdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) { + "468a:ABdDEhlmMnoOp:P:rRSt:T:u:UvW")) != -1) { switch (ch) { case '4': family = (family == AF_INET6) ? AF_UNSPEC : AF_INET; @@ -327,6 +328,10 @@ main(int argc, char *argv[], char **envp) noguestmkd = 1; break; + case 'n': + noanon = 1; + break; + case 'o': noretr = 1; break; @@ -396,6 +401,11 @@ main(int argc, char *argv[], char **envp) } } + if (noanon && anon_only) { + syslog(LOG_ERR, "-n and -A are mutually exclusive"); + exit(1); + } + /* handle filesize limit gracefully */ sa.sa_handler = SIG_IGN; (void)sigaction(SIGXFSZ, &sa, NULL); @@ -995,7 +1005,8 @@ user(char *name) #else pw = sgetpwnam("ftp"); #endif - if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { + if (!noanon && + (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0)) { if (checkuser(_PATH_FTPUSERS, "ftp", 0, NULL, &ecode) || (ecode != 0 && ecode != ENOENT)) reply(530, "User %s access denied.", name);