From 77ed177855ee6dcecf9b7b27e7687d9a095dfe30 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Tue, 19 Mar 2019 20:47:57 -0700
Subject: [PATCH] Only allow ftp access for apps which support it

---
 src/ldap.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ldap.js b/src/ldap.js
index 7cd4e8e3d..6481a6dd7 100644
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -524,6 +524,9 @@ function userSearchProftpd(req, res, next) {
     apps.getByFqdn(appFqdn, function (error, app) {
         if (error) return next(new ldap.OperationsError(error.toString()));
 
+        // only allow apps which specify "ftp" support in the localstorage addon
+        if (!app.manifest.addons.localstorage || !app.manifest.addons.localstorage.ftp) return next(new ldap.UnavailableError('Not supported'));
+
         users.getByUsername(username, function (error, user) {
             if (error) return next(new ldap.OperationsError(error.toString()));