diff options
author | netchild <netchild@FreeBSD.org> | 2003-09-10 16:11:48 +0800 |
---|---|---|
committer | netchild <netchild@FreeBSD.org> | 2003-09-10 16:11:48 +0800 |
commit | f22cb7005c87696bce353dc54f3264a235adf54d (patch) | |
tree | 51fe936f539c01b1b1d69d61163c3b3eb87bf96f /ftp/ftpd-tls | |
parent | fb6b2b44693fec4f35d4e213a853e38208e7581c (diff) | |
download | freebsd-ports-gnome-f22cb7005c87696bce353dc54f3264a235adf54d.tar.gz freebsd-ports-gnome-f22cb7005c87696bce353dc54f3264a235adf54d.tar.zst freebsd-ports-gnome-f22cb7005c87696bce353dc54f3264a235adf54d.zip |
Add ftpd-tls, a FTP AUTH TLS aware ftp server. This is the counterpart
to ftp/ftp-tls and also written by Peter Runestig.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
Diffstat (limited to 'ftp/ftpd-tls')
-rw-r--r-- | ftp/ftpd-tls/Makefile | 64 | ||||
-rw-r--r-- | ftp/ftpd-tls/distinfo | 1 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/ftpd-tls.sh | 22 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/patch-Makefile.in | 11 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/patch-README.TLS | 10 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/patch-configure | 10 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/patch-ftpd.8.TLS | 140 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/patch-pathnames.h | 22 | ||||
-rw-r--r-- | ftp/ftpd-tls/files/patch-tlsutil.c | 16 | ||||
-rw-r--r-- | ftp/ftpd-tls/pkg-descr | 4 | ||||
-rw-r--r-- | ftp/ftpd-tls/pkg-message | 14 | ||||
-rw-r--r-- | ftp/ftpd-tls/pkg-plist | 8 |
12 files changed, 322 insertions, 0 deletions
diff --git a/ftp/ftpd-tls/Makefile b/ftp/ftpd-tls/Makefile new file mode 100644 index 000000000000..9925ed10f748 --- /dev/null +++ b/ftp/ftpd-tls/Makefile @@ -0,0 +1,64 @@ +# Ports collection makefile for: ftpd-tls +# Date created: 21 August 2003 +# Whom: marius@alchemy.franken.de +# +# $FreeBSD$ +# + +PORTNAME= ftpd-tls +PORTVERSION= 20030520 +CATEGORIES= ftp security +MASTER_SITES= ftp://ftp.zeist.de/pub/distfiles/ \ + ftp://ftp.runestig.com/pub/ftpd-tls/ + +MAINTAINER= marius@alchemy.franken.de +COMMENT= Ftp server supporting FTP AUTH TLS + +GNU_CONFIGURE= YES +USE_OPENSSL= YES +USE_REINPLACE= YES + +MAN8= ftpd-tls.8 + +.include <bsd.port.pre.mk> + +.if ${OSVERSION} < 400000 +BROKEN= "Not supported on systems prior to FreeBSD 4.0 (missing getaddrinfo())" +.endif + +CONFIGURE_ARGS= --with-openssl-dir=${OPENSSLBASE} +CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL} +PKGMESSAGE= ${WRKDIR}/pkg-message + +post-patch: +.for i in README.TLS ftpd.8.TLS pathnames.h tlsutil.c + @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/${i} +.endfor + @${SED} 's|%%PREFIX%%|${PREFIX}|g; s|%%DOCSDIR%%|${DOCSDIR}|g' \ + ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message + @${SED} 's|%%PREFIX%%|${PREFIX}|g' ${FILESDIR}/ftpd-tls.sh > \ + ${WRKDIR}/ftpd-tls.sh + +do-install: + @${INSTALL_PROGRAM} ${WRKSRC}/ftpd ${PREFIX}/libexec/ftpd-tls + @${INSTALL_MAN} ${WRKSRC}/ftpd.8.TLS ${PREFIX}/man/man8/ftpd-tls.8 + @${INSTALL_SCRIPT} ${WRKDIR}/ftpd-tls.sh \ + ${PREFIX}/etc/rc.d/ftpd-tls.sh.sample +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} +.for i in README.TLS draft-murray-auth-ftp-ssl-09.txt + @${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR} +.endfor +.endif +.if !exists(${PREFIX}/etc/ftpd-tls) + @${MKDIR} ${PREFIX}/etc/ftpd-tls + @${CHMOD} 700 ${PREFIX}/etc/ftpd-tls +.endif +.if (!exists(${PREFIX}/etc/ftpd-tls/ftpusers)) && (exists(/etc/ftpusers)) + @${INSTALL_DATA} /etc/ftpusers ${PREFIX}/etc/ftpd-tls +.endif + +post-install: + @${CAT} ${WRKDIR}/pkg-message + +.include <bsd.port.post.mk> diff --git a/ftp/ftpd-tls/distinfo b/ftp/ftpd-tls/distinfo new file mode 100644 index 000000000000..f4eba7422877 --- /dev/null +++ b/ftp/ftpd-tls/distinfo @@ -0,0 +1 @@ +MD5 (ftpd-tls-20030520.tar.gz) = f9b1f0cc41dbaf248e84a37896cbcec3 diff --git a/ftp/ftpd-tls/files/ftpd-tls.sh b/ftp/ftpd-tls/files/ftpd-tls.sh new file mode 100644 index 000000000000..9b9eb473d480 --- /dev/null +++ b/ftp/ftpd-tls/files/ftpd-tls.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +case "$1" in +start) + if [ -x %%PREFIX%%/libexec/ftpd-tls ]; then + %%PREFIX%%/libexec/ftpd-tls -DUl > /dev/null + echo -n ' ftpd-tls' + fi + ;; +stop) + if [ -r /var/run/ftpd-tls.pid ]; then + kill -TERM `cat /var/run/ftpd-tls.pid` + rm -f /var/run/ftpd-tls.pid + echo -n ' ftpd-tls' + fi + ;; +*) + echo "Usage: `basename $0` {start|stop}" >&2 + ;; +esac + +exit 0 diff --git a/ftp/ftpd-tls/files/patch-Makefile.in b/ftp/ftpd-tls/files/patch-Makefile.in new file mode 100644 index 000000000000..ad101a80ade1 --- /dev/null +++ b/ftp/ftpd-tls/files/patch-Makefile.in @@ -0,0 +1,11 @@ +--- Makefile.in.orig Tue Sep 9 00:57:31 2003 ++++ Makefile.in Tue Sep 9 01:00:35 2003 +@@ -78,7 +78,7 @@ + @STAT_FLAGS_C@ @BSDSRCS@ + OBJS= $(SRCS:.c=.o) + +-CFLAGS= -g ${CWARNINGFLAGS} ++CFLAGS= @CFLAGS@ ${CWARNINGFLAGS} + CPPFLAGS= @CPPFLAGS@ $(DEFS) -Dunix -I. -I${LSDIR} + + BINGRP= bin diff --git a/ftp/ftpd-tls/files/patch-README.TLS b/ftp/ftpd-tls/files/patch-README.TLS new file mode 100644 index 000000000000..7571a102224c --- /dev/null +++ b/ftp/ftpd-tls/files/patch-README.TLS @@ -0,0 +1,10 @@ +--- README.TLS.orig Tue Sep 9 03:04:28 2003 ++++ README.TLS Tue Sep 9 03:05:05 2003 +@@ -33,6 +33,7 @@ + + These files is searched for in the following directorys (in this order): + o Current working directory of the process. ++o %%PREFIX%%/etc/ftpd-tls. + o Specified by the `X509_get_default_cert_dir_env()` environment variable + (usually $SSL_CERT_DIR). + o `X509_get_default_cert_dir()`, usually (openssl-dir)/certs. diff --git a/ftp/ftpd-tls/files/patch-configure b/ftp/ftpd-tls/files/patch-configure new file mode 100644 index 000000000000..0463aaf40a3e --- /dev/null +++ b/ftp/ftpd-tls/files/patch-configure @@ -0,0 +1,10 @@ +--- configure.orig Tue Sep 9 19:20:27 2003 ++++ configure Tue Sep 9 19:20:50 2003 +@@ -4891,6 +4891,7 @@ + cat >conftest.$ac_ext <<_ACEOF + #line $LINENO "configure" + #include "confdefs.h" ++$ac_includes_default + #include <utmp.h> + #ifdef F77_DUMMY_MAIN + # ifdef __cplusplus diff --git a/ftp/ftpd-tls/files/patch-ftpd.8.TLS b/ftp/ftpd-tls/files/patch-ftpd.8.TLS new file mode 100644 index 000000000000..1a5d57e30326 --- /dev/null +++ b/ftp/ftpd-tls/files/patch-ftpd.8.TLS @@ -0,0 +1,140 @@ +--- ftpd.8.TLS.orig Thu May 16 15:07:51 2002 ++++ ftpd.8.TLS Tue Sep 9 02:33:26 2003 +@@ -35,13 +35,13 @@ + .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 + .\" + .Dd June 18, 1996 +-.Dt FTPD 8 ++.Dt FTPD-TLS 8 + .Os + .Sh NAME +-.Nm ftpd +-.Nd Internet File Transfer Protocol server ++.Nm ftpd-tls ++.Nd Internet File Transfer Protocol server supporting AUTH TLS + .Sh SYNOPSIS +-.Nm ftpd ++.Nm ftpd-tls + .Op Fl AdDhlMPSU46 + .Op Fl T Ar maxtimeout + .Op Fl t Ar timeout +@@ -62,7 +62,7 @@ + .Bl -tag -width Ds + .It Fl A + Permit only anonymous ftp connections, accounts listed in +-.Pa /etc/ftpchroot ++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot + or users in a login class with the + .Dq ftp-chroot + variable set (see below). +@@ -107,7 +107,7 @@ + .It Fl P + Permit illegal port numbers or addresses for PORT command initiated connects. + By default +-.Xr ftpd 8 ++.Xr ftpd-tls 8 + violates the RFC and thus constrains the PORT command to non-reserved ports + and requires it use the same source address as the connection came from. + This prevents the "FTP bounce attack" against services on both the local +@@ -116,7 +116,7 @@ + With this option set, + .Nm + logs all anonymous downloads to the file +-.Pa /var/log/ftpd ++.Pa /var/log/ftpd-tls + when this file exists. + .It Fl U + Each concurrent +@@ -182,14 +182,14 @@ + .Nm + displays it and exits. + If the file +-.Pa /etc/ftpwelcome ++.Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome + exists, + .Nm + prints it before issuing the + .Dq ready + message. + If the welcome file exists +-.Pa ( /etc/motd ++.Pa ( %%PREFIX%%/etc/ftpd-tls/motd + by default), + .Nm + prints it after a successful login. +@@ -320,13 +320,13 @@ + file operations may be performed. + .It + The login name must not appear in the file +-.Pa /etc/ftpusers . ++.Pa %%PREFIX%%/etc/ftpd-tls/ftpusers . + .It + The user must have a standard shell as described by + .Xr shells 5 . + .It + If the user name appears in the file +-.Pa /etc/ftpchroot ++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot + the session's root will be changed to the user's login directory by + .Xr chroot 2 + as for an +@@ -432,7 +432,7 @@ + .El + .Pp + If logging to the +-.Pa /var/log/ftpd ++.Pa /var/log/ftpd-tls + file is enabled, information will be written in the following format: + .Pp + .Bl -tag -width XXXXXXXXXXXXXX -offset indent -compact +@@ -514,24 +514,24 @@ + .It Pa welcome + The path of the file containing the welcome message. + If this variable is not set, +-.Pa /etc/motd ++.Pa %%PREFIX%%/etc/ftpd-tls/motd + is used. + .El + .Sh FILES +-.Bl -tag -width /var/run/ftpd.pid -compact +-.It Pa /etc/ftpusers ++.Bl -tag -width /var/run/ftpd-tls.pid -compact ++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpusers + list of unwelcome/restricted users +-.It Pa /etc/ftpchroot ++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot + list of normal users who should be chrooted +-.It Pa /etc/ftpwelcome ++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome + welcome notice + .It Pa /etc/nologin + displayed and access refused + .It Pa /var/run/utmp + list of users on the system +-.It Pa /var/run/ftpd.pid ++.It Pa /var/run/ftpd-tls.pid + process ID if running in daemon mode +-.It Pa /var/log/ftpd ++.It Pa /var/log/ftpd-tls + log file for anonymous downloads + .El + .Sh SEE ALSO +@@ -541,14 +541,16 @@ + .Xr chroot 2 , + .Xr login.conf 5 , + .Xr shells 5 , ++.Xr ftpd 8 , + .Xr inetd 8 , + .Xr syslogd 8 , +-.Xr ftp-proxy 8 + .Sh HISTORY + The +-.Nm ++.Ic ftpd + command appeared in + .Bx 4.2 . ++.Pp ++AUTH TLS support added by Peter 'Luna' Runestig <peter@runestig.com>. + .Sh BUGS + The server must run as the superuser to create sockets with + privileged port numbers. diff --git a/ftp/ftpd-tls/files/patch-pathnames.h b/ftp/ftpd-tls/files/patch-pathnames.h new file mode 100644 index 000000000000..5a0cdcc6baf2 --- /dev/null +++ b/ftp/ftpd-tls/files/patch-pathnames.h @@ -0,0 +1,22 @@ +--- pathnames.h.orig Fri May 3 10:15:39 2002 ++++ pathnames.h Tue Sep 9 02:34:05 2003 +@@ -40,12 +40,13 @@ + #include <paths.h> + #endif /* HAVE_PATHS_H */ + +-#define _PATH_FTPUSERS "/etc/ftpusers" +-#define _PATH_FTPCHROOT "/etc/ftpchroot" +-#define _PATH_FTPWELCOME "/etc/ftpwelcome" +-#define _PATH_FTPLOGINMESG "/etc/motd" +-#define _PATH_FTPDSTATFILE "/var/log/ftpd" +-#define _PATH_FTPDPID "/var/run/ftpd.pid" ++#undef _PATH_FTPUSERS ++#define _PATH_FTPUSERS "%%PREFIX%%/etc/ftpd-tls/ftpusers" ++#define _PATH_FTPCHROOT "%%PREFIX%%/etc/ftpd-tls/ftpchroot" ++#define _PATH_FTPWELCOME "%%PREFIX%%/etc/ftpd-tls/ftpwelcome" ++#define _PATH_FTPLOGINMESG "%%PREFIX%%/etc/ftpd-tls/motd" ++#define _PATH_FTPDSTATFILE "/var/log/ftpd-tls" ++#define _PATH_FTPDPID "/var/run/ftpd-tls.pid" + #define _PATH_CWDMESG ".message" + #ifndef _PATH_NOLOGIN + #define _PATH_NOLOGIN "/etc/nologin" diff --git a/ftp/ftpd-tls/files/patch-tlsutil.c b/ftp/ftpd-tls/files/patch-tlsutil.c new file mode 100644 index 000000000000..8401f6549ffd --- /dev/null +++ b/ftp/ftpd-tls/files/patch-tlsutil.c @@ -0,0 +1,16 @@ +--- tlsutil.c.orig Tue Sep 9 02:55:27 2003 ++++ tlsutil.c Tue Sep 9 02:57:58 2003 +@@ -218,6 +218,13 @@ + fclose(file); + return fn; + } ++ ++ snprintf(fp, sizeof(fp), "%s/%s", "%%PREFIX%%" "/etc/ftpd-tls", fn); ++ if ((file = fopen(fp, "r"))) { ++ fclose(file); ++ return fp; ++ } ++ + if (!(dir = getenv(X509_get_default_cert_dir_env()))) /* $SSL_CERT_DIR */ + dir = (char *) X509_get_default_cert_dir(); + snprintf(fp, sizeof(fp), "%s/%s", dir, fn); diff --git a/ftp/ftpd-tls/pkg-descr b/ftp/ftpd-tls/pkg-descr new file mode 100644 index 000000000000..821aa170339a --- /dev/null +++ b/ftp/ftpd-tls/pkg-descr @@ -0,0 +1,4 @@ +Ftp server based on the OpenBSD ftp server code, implements the +FTP AUTH TLS IETF draft plus a custom SSL/TLS client authentication. + +WWW: http://www.runestig.com/osp.html diff --git a/ftp/ftpd-tls/pkg-message b/ftp/ftpd-tls/pkg-message new file mode 100644 index 000000000000..5d443d4c7fbd --- /dev/null +++ b/ftp/ftpd-tls/pkg-message @@ -0,0 +1,14 @@ +=========================================================================== + +Depending on how you would like to start ftpd-tls(8) either copy the +sample start-up script %%PREFIX%%/etc/rc.d/ftpd-tls.sh.sample to +%%PREFIX%%/etc/rc.d/ftpd-tls.sh or add the following two entries to +your /etc/inetd.conf: +ftp stream tcp nowait root %%PREFIX%%/libexec/ftpd-tls ftpd-tls -Ul +ftp stream tcp6 nowait root %%PREFIX%%/libexec/ftpd-tls ftpd-tls -Ul + +See %%DOCSDIR%%/README.TLS and the openssl(1) manual +page for further information on how to generate the certificates and +the keys and where to place them. + +=========================================================================== diff --git a/ftp/ftpd-tls/pkg-plist b/ftp/ftpd-tls/pkg-plist new file mode 100644 index 000000000000..9e5cd11270d5 --- /dev/null +++ b/ftp/ftpd-tls/pkg-plist @@ -0,0 +1,8 @@ +libexec/ftpd-tls +%%PORTDOCS%%%%DOCSDIR%%/README.TLS +%%PORTDOCS%%%%DOCSDIR%%/draft-murray-auth-ftp-ssl-09.txt +%%PORTDOCS%%@dirrm %%DOCSDIR%% +@exec mkdir -p %D/etc/ftpd-tls && chmod 700 %D/etc/ftpd-tls +@exec if [ ! -f %D/etc/ftpd-tls/ftpusers ] && [ -f /etc/ftpusers ]; then cp /etc/ftpusers %D/etc/ftpd-tls/ftpusers; fi +@unexec if cmp -s %D/etc/ftpd-tls/ftpusers /etc/ftpusers; then rm -f %D/etc/ftpd-tls/ftpusers; fi +@unexec rmdir %D/etc/ftpd-tls 2> /dev/null || echo "If permanently deleting this package, %D/etc/ftpd-tls and its contents must be removed manually." |