ftpd: add some security checks

config/config.go

@@ -46,13 +46,16 @@ var (
 		ApplyProxyConfig: true,
 	}
 	defaultFTPDBinding = ftpd.Binding{
-		Address:          "",
-		Port:             0,
-		ApplyProxyConfig: true,
-		TLSMode:          0,
-		ForcePassiveIP:   "",
-		ClientAuthType:   0,
-		TLSCipherSuites:  nil,
+		Address:                    "",
+		Port:                       0,
+		ApplyProxyConfig:           true,
+		TLSMode:                    0,
+		ForcePassiveIP:             "",
+		ClientAuthType:             0,
+		TLSCipherSuites:            nil,
+		PassiveConnectionsSecurity: 0,
+		ActiveConnectionsSecurity:  0,
+		Debug:                      false,
 	}
 	defaultWebDAVDBinding = webdavd.Binding{
 		Address:         "",
@@ -745,6 +748,18 @@ func getFTPDBindingFromEnv(idx int) {
 		isSet = true
 	}
 
+	pasvSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__PASSIVE_CONNECTIONS_SECURITY", idx))
+	if ok {
+		binding.PassiveConnectionsSecurity = int(pasvSecurity)
+		isSet = true
+	}
+
+	activeSecurity, ok := lookupIntFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__ACTIVE_CONNECTIONS_SECURITY", idx))
+	if ok {
+		binding.ActiveConnectionsSecurity = int(activeSecurity)
+		isSet = true
+	}
+
 	debug, ok := lookupBoolFromEnv(fmt.Sprintf("SFTPGO_FTPD__BINDINGS__%v__DEBUG", idx))
 	if ok {
 		binding.Debug = debug