Implement a flag to disable directory creation for anonymous users.

PR:		misc/38987
Submitted by:	Peter da Silva <peter@abbnm.com>
MFC after:	1 week

libexec/ftpd/ftpd.8

@@ -40,7 +40,7 @@
 .Nd Internet File Transfer Protocol server
 .Sh SYNOPSIS
 .Nm
-.Op Fl 46ADEORSUdro
+.Op Fl 46ADEMORSUdro
 .Op Fl l Op Fl l
 .Op Fl T Ar maxtimeout
 .Op Fl a Ar address
@@ -95,6 +95,8 @@ and is thus useful on busy servers to reduce load.
 .It Fl E
 Disable the EPSV command.
 This is useful for servers behind older firewalls.
+.It Fl M
+Prevent anonymous users from creating directories.
 .It Fl O
 Put server in write-only mode for anonymous users only.
 RETR is disabled for anonymous users, preventing anonymous downloads.

libexec/ftpd/ftpd.c

@@ -143,6 +143,7 @@ int	readonly=0;		/* Server is in readonly mode.	*/
 int	noepsv=0;		/* EPSV command is disabled.	*/
 int	noretr=0;		/* RETR command is disabled.	*/
 int	noguestretr=0;		/* RETR command is disabled for anon users. */
+int	noguestmkd=0;		/* MKD command is disabled for anon users. */
 
 static volatile sig_atomic_t recvurg;
 sig_atomic_t transflag;
@@ -297,7 +298,7 @@ main(int argc, char *argv[], char **envp)
 #endif /* OLD_SETPROCTITLE */
 
 
-	while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:vOoa:p:46")) != -1) {
+	while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:vMOoa:p:46")) != -1) {
 		switch (ch) {
 		case 'D':
 			daemon_mode++;
@@ -380,6 +381,10 @@ main(int argc, char *argv[], char **envp)
 			family = AF_INET6;
 			break;
 
+		case 'M':
+			noguestmkd = 1;
+			break;
+
 		case 'O':
 			noguestretr = 1;
 			break;
@@ -2247,7 +2252,9 @@ makedir(char *name)
 {
 
 	LOGCMD("mkdir", name);
-	if (mkdir(name, 0777) < 0)
+	if (guest && noguestmkd)
+		reply(550, "%s: permission denied", name);
+	else if (mkdir(name, 0777) < 0)
 		perror_reply(550, name);
 	else
 		reply(257, "MKD command successful.");