Add support for passive mode FTP (default off) to base FTP client to support

users behind packet filtering firewalls.
Obtained from: David Carrel <carrel@cisco.com>

6 files changed, 68 insertions, 0 deletions

diff --git a/usr.bin/ftp/cmds.c b/usr.bin/ftp/cmds.c
index 8da2b20..95c2fb1 100644
--- a/usr.bin/ftp/cmds.c
+++ b/usr.bin/ftp/cmds.c
@@ -2133,8 +2133,19 @@ macdef(argc, argv)
 }
 
 /*
+ * Start up passive mode interaction
+ */
+setpassive()
+{
+	passivemode = !passivemode;
+	printf("Passive mode %s.\n", onoff(passivemode));
+	code = passivemode;
+}
+
+/*
  * get size of file on remote machine
  */
+/*VARARGS*/
 void
 sizecmd(argc, argv)
 	int argc;
diff --git a/usr.bin/ftp/cmdtab.c b/usr.bin/ftp/cmdtab.c
index db3b755..a55cd86 100644
--- a/usr.bin/ftp/cmdtab.c
+++ b/usr.bin/ftp/cmdtab.c
@@ -78,6 +78,7 @@ char	newerhelp[] =	"get file if remote file is newer than local file ";
 char	nlisthelp[] =	"nlist contents of remote directory";
 char	nmaphelp[] =	"set templates for default file name mapping";
 char	ntranshelp[] =	"set translation table for default file name mapping";
+char	passivehelp[] = "enter passive transfer mode";
 char	porthelp[] =	"toggle use of PORT cmd for each data connection";
 char	prompthelp[] =	"force interactive prompting on multiple commands";
 char	proxyhelp[] =	"issue command on alternate connection";
@@ -151,6 +152,7 @@ struct cmd cmdtab[] = {
 	{ "ntrans",	ntranshelp,	0,	0,	1,	setntrans },
 	{ "open",	connecthelp,	0,	0,	1,	setpeer },
 	{ "prompt",	prompthelp,	0,	0,	0,	setprompt },
+	{ "passive",	passivehelp,	0,	0,	0,	setpassive },
 	{ "proxy",	proxyhelp,	0,	0,	1,	doproxy },
 	{ "sendport",	porthelp,	0,	0,	0,	setport },
 	{ "put",	sendhelp,	1,	1,	1,	put },
diff --git a/usr.bin/ftp/extern.h b/usr.bin/ftp/extern.h
index 349aea3..d06b99d 100644
--- a/usr.bin/ftp/extern.h
+++ b/usr.bin/ftp/extern.h
@@ -120,6 +120,7 @@ void	setglob __P((int, char **));
 void	sethash __P((int, char **));
 void	setnmap __P((int, char **));
 void	setntrans __P((int, char **));
+void	setpassive __P((int, char **));
 void	setpeer __P((int, char **));
 void	setport __P((int, char **));
 void	setprompt __P((int, char **));
diff --git a/usr.bin/ftp/ftp.c b/usr.bin/ftp/ftp.c
index 19e8f8e..1ea43b9 100644
--- a/usr.bin/ftp/ftp.c
+++ b/usr.bin/ftp/ftp.c
@@ -1000,6 +1000,55 @@ initconn()
 	char *p, *a;
 	int result, len, tmpno = 0;
 	int on = 1;
+	u_long a1,a2,a3,a4,p1,p2;
+
+	if (passivemode) {
+		data = socket(AF_INET, SOCK_STREAM, 0);
+		if (data < 0) {
+			perror("ftp: socket");
+			return(1);
+		}
+		if (options & SO_DEBUG &&
+		    setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on,
+			       sizeof (on)) < 0)
+			perror("ftp: setsockopt (ignored)");
+		if (command("PASV") != COMPLETE) {
+			printf("Passive mode refused.\n");
+			return(1);
+		}
+
+		/*
+		 * What we've got at this point is a string of comma separated
+		 * one-byte unsigned integer values, separated by commas.
+		 * The first four are the an IP address. The fifth is the MSB
+		 * of the port number, the sixth is the LSB. From that we'll
+		 * prepare a sockaddr_in.
+		 */
+
+		if (sscanf(pasv,"%d,%d,%d,%d,%d,%d",&a1,&a2,&a3,&a4,&p1,&p2)
+		    != 6) {
+			printf("Passive mode address scan failure. Shouldn't happen!\n");
+			return(1);
+		};
+
+		data_addr.sin_family = AF_INET;
+		data_addr.sin_addr.s_addr = htonl((a1 << 24) | (a2 << 16) |
+						  (a3 << 8) | a4);
+		data_addr.sin_port = htons((p1 << 8) | p2);
+
+		if (connect(data, (struct sockaddr *) &data_addr,
+		    sizeof(data_addr))<0) {
+			perror("ftp: connect");
+			return(1);
+		}
+#ifdef IP_TOS
+		on = IPTOS_THROUGHPUT;
+		if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on,
+		    sizeof(int)) < 0)
+			perror("ftp: setsockopt TOS (ignored)");
+#endif
+		return(0);
+	}
 
 noport:
 	data_addr = myctladdr;
@@ -1070,6 +1119,9 @@ dataconn(lmode)
 	struct sockaddr_in from;
 	int s, fromlen = sizeof (from), tos;
 
+	if (passivemode)
+	    return (fdopen(data, lmode));
+
 	s = accept(data, (struct sockaddr *) &from, &fromlen);
 	if (s < 0) {
 		warn("accept");
diff --git a/usr.bin/ftp/ftp_var.h b/usr.bin/ftp/ftp_var.h
index 3a0d1bc..5778f69 100644
--- a/usr.bin/ftp/ftp_var.h
+++ b/usr.bin/ftp/ftp_var.h
@@ -66,6 +66,7 @@ int	mapflag;		/* use mapin mapout templates on file names */
 int	code;			/* return/reply code for ftp command */
 int	crflag;			/* if 1, strip car. rets. on ascii gets */
 char	pasv[64];		/* passive port for proxy data connection */
+int	passivemode;		/* passive mode enabled */
 char	*altarg;		/* argv[1] with no shell-like preprocessing  */
 char	ntin[17];		/* input translation table */
 char	ntout[17];		/* output translation table */
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 00ecadf..52a95b0 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -118,6 +118,7 @@ main(argc, argv)
 		verbose++;
 	cpend = 0;	/* no pending replies */
 	proxy = 0;	/* proxy not active */
+	passivemode = 0;/* passive mode not active */
 	crflag = 1;	/* strip c.r. on ascii gets */
 	sendport = -1;	/* not using ports */
 	/*