Add an option to disallow ftp access to accounts with uid below a certain

number (idea borrowed from pure-ftpd). Enabled by default with minimum uid
1000 to prevent access to admin accounts. tweak/OK millert@, OK deraadt@,
gsoares@ and aja@ like it too.

2 files changed, 35 insertions, 5 deletions

diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8
index add42723da0..08eede391e7 100644
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftpd.8,v 1.70 2012/09/27 12:18:20 jmc Exp $
+.\"	$OpenBSD: ftpd.8,v 1.71 2014/03/17 20:54:10 sthen Exp $
 .\"	$NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp $
 .\"
 .\" Copyright (c) 1985, 1988, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
 .\"
-.Dd $Mdocdate: September 27 2012 $
+.Dd $Mdocdate: March 17 2014 $
 .Dt FTPD 8
 .Os
 .Sh NAME
@@ -39,6 +39,7 @@
 .Sh SYNOPSIS
 .Nm ftpd
 .Op Fl 46ADdlMnPSUW
+.Op Fl m Ar minuid
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
 .Op Fl u Ar mask
@@ -98,6 +99,12 @@ FTP session is logged using syslog with a facility of
 If this option is specified twice, the retrieve (get), store (put), append,
 delete, make directory, remove directory and rename operations and
 their filename arguments are also logged.
+.It Fl m Ar minuid
+Disallow login to user accounts with a uid below
+.Ar minuid .
+The default is 1000, to prevent access to administrative and daemon accounts.
+Anonymous access is allowed even if the uid of the ftp user is smaller than
+.Ar minuid .
 .It Fl M
 Enables multihomed mode.
 Instead of simply using
@@ -295,7 +302,7 @@ entry in
 .Pa /etc/login.conf .
 .Pp
 .Nm
-authenticates users according to five rules.
+authenticates users according to six rules.
 .Bl -enum -offset indent
 .It
 The login name must be in the password database and not have a null password.
@@ -305,6 +312,9 @@ file operations may be performed.
 The login name must not appear in the file
 .Pa /etc/ftpusers .
 .It
+The user account must have a uid not less than
+.Ar minuid .
+.It
 The user must have a standard shell as described by
 .Xr shells 5 .
 .It
diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c
index 7bb51247f4c..129141c0e30 100644
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftpd.c,v 1.199 2014/01/08 17:31:36 jca Exp $	*/
+/*	$OpenBSD: ftpd.c,v 1.200 2014/03/17 20:54:10 sthen Exp $	*/
 /*	$NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $	*/
 
 /*
@@ -130,6 +130,7 @@ int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
 int	logging;
 int	anon_ok = 1;
 int	anon_only = 0;
+unsigned int minuid = 1000;
 int	multihome = 0;
 int	guest;
 int	stats;
@@ -255,7 +256,8 @@ static void
 usage(void)
 {
 	syslog(LOG_ERR,
-	    "usage: ftpd [-46ADdlMnPSUW] [-T maxtimeout] [-t timeout] [-u mask]");
+	    "usage: ftpd [-46ADdlMnPSUW] [-m minuid] [-T maxtimeout] "
+	    "[-t timeout] [-u mask]");
 	exit(2);
 }
 
@@ -302,6 +304,16 @@ main(int argc, char *argv[])
 			logging++;	/* > 1 == extra logging */
 			break;
 
+		case 'm':
+			minuid = strtonum(optarg, 0, UINT_MAX, &errstr);
+			if (errstr) {
+				syslog(LOG_ERR,
+				    "%s is a bad value for -n, aborting",
+				    optarg);
+				exit(2);
+			}
+			break;
+
 		case 'M':
 			multihome = 1;
 			break;
@@ -829,6 +841,14 @@ user(char *name)
 		return;
 	}
 	if (pw) {
+		if (pw->pw_uid < minuid) {
+			reply(530, "User %s access denied.", name);
+			if (logging)
+				syslog(LOG_NOTICE,
+				    "FTP LOGIN REFUSED FROM %s, %s (UID))",
+				    remotehost, name);
+			return;
+		}
 		if ((!shell && !dochroot) || checkuser(_PATH_FTPUSERS, name)) {
 			reply(530, "User %s access denied.", name);
 			if (logging)