aboutsummaryrefslogtreecommitdiffstats
path: root/ftp/ftpd-tls
diff options
context:
space:
mode:
authornetchild <netchild@FreeBSD.org>2003-09-10 16:11:48 +0800
committernetchild <netchild@FreeBSD.org>2003-09-10 16:11:48 +0800
commitf22cb7005c87696bce353dc54f3264a235adf54d (patch)
tree51fe936f539c01b1b1d69d61163c3b3eb87bf96f /ftp/ftpd-tls
parentfb6b2b44693fec4f35d4e213a853e38208e7581c (diff)
downloadfreebsd-ports-gnome-f22cb7005c87696bce353dc54f3264a235adf54d.tar.gz
freebsd-ports-gnome-f22cb7005c87696bce353dc54f3264a235adf54d.tar.zst
freebsd-ports-gnome-f22cb7005c87696bce353dc54f3264a235adf54d.zip
Add ftpd-tls, a FTP AUTH TLS aware ftp server. This is the counterpart
to ftp/ftp-tls and also written by Peter Runestig. Submitted by: Marius Strobl <marius@alchemy.franken.de>
Diffstat (limited to 'ftp/ftpd-tls')
-rw-r--r--ftp/ftpd-tls/Makefile64
-rw-r--r--ftp/ftpd-tls/distinfo1
-rw-r--r--ftp/ftpd-tls/files/ftpd-tls.sh22
-rw-r--r--ftp/ftpd-tls/files/patch-Makefile.in11
-rw-r--r--ftp/ftpd-tls/files/patch-README.TLS10
-rw-r--r--ftp/ftpd-tls/files/patch-configure10
-rw-r--r--ftp/ftpd-tls/files/patch-ftpd.8.TLS140
-rw-r--r--ftp/ftpd-tls/files/patch-pathnames.h22
-rw-r--r--ftp/ftpd-tls/files/patch-tlsutil.c16
-rw-r--r--ftp/ftpd-tls/pkg-descr4
-rw-r--r--ftp/ftpd-tls/pkg-message14
-rw-r--r--ftp/ftpd-tls/pkg-plist8
12 files changed, 322 insertions, 0 deletions
diff --git a/ftp/ftpd-tls/Makefile b/ftp/ftpd-tls/Makefile
new file mode 100644
index 000000000000..9925ed10f748
--- /dev/null
+++ b/ftp/ftpd-tls/Makefile
@@ -0,0 +1,64 @@
+# Ports collection makefile for: ftpd-tls
+# Date created: 21 August 2003
+# Whom: marius@alchemy.franken.de
+#
+# $FreeBSD$
+#
+
+PORTNAME= ftpd-tls
+PORTVERSION= 20030520
+CATEGORIES= ftp security
+MASTER_SITES= ftp://ftp.zeist.de/pub/distfiles/ \
+ ftp://ftp.runestig.com/pub/ftpd-tls/
+
+MAINTAINER= marius@alchemy.franken.de
+COMMENT= Ftp server supporting FTP AUTH TLS
+
+GNU_CONFIGURE= YES
+USE_OPENSSL= YES
+USE_REINPLACE= YES
+
+MAN8= ftpd-tls.8
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 400000
+BROKEN= "Not supported on systems prior to FreeBSD 4.0 (missing getaddrinfo())"
+.endif
+
+CONFIGURE_ARGS= --with-openssl-dir=${OPENSSLBASE}
+CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL}
+PKGMESSAGE= ${WRKDIR}/pkg-message
+
+post-patch:
+.for i in README.TLS ftpd.8.TLS pathnames.h tlsutil.c
+ @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/${i}
+.endfor
+ @${SED} 's|%%PREFIX%%|${PREFIX}|g; s|%%DOCSDIR%%|${DOCSDIR}|g' \
+ ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message
+ @${SED} 's|%%PREFIX%%|${PREFIX}|g' ${FILESDIR}/ftpd-tls.sh > \
+ ${WRKDIR}/ftpd-tls.sh
+
+do-install:
+ @${INSTALL_PROGRAM} ${WRKSRC}/ftpd ${PREFIX}/libexec/ftpd-tls
+ @${INSTALL_MAN} ${WRKSRC}/ftpd.8.TLS ${PREFIX}/man/man8/ftpd-tls.8
+ @${INSTALL_SCRIPT} ${WRKDIR}/ftpd-tls.sh \
+ ${PREFIX}/etc/rc.d/ftpd-tls.sh.sample
+.if !defined(NOPORTDOCS)
+ @${MKDIR} ${DOCSDIR}
+.for i in README.TLS draft-murray-auth-ftp-ssl-09.txt
+ @${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}
+.endfor
+.endif
+.if !exists(${PREFIX}/etc/ftpd-tls)
+ @${MKDIR} ${PREFIX}/etc/ftpd-tls
+ @${CHMOD} 700 ${PREFIX}/etc/ftpd-tls
+.endif
+.if (!exists(${PREFIX}/etc/ftpd-tls/ftpusers)) && (exists(/etc/ftpusers))
+ @${INSTALL_DATA} /etc/ftpusers ${PREFIX}/etc/ftpd-tls
+.endif
+
+post-install:
+ @${CAT} ${WRKDIR}/pkg-message
+
+.include <bsd.port.post.mk>
diff --git a/ftp/ftpd-tls/distinfo b/ftp/ftpd-tls/distinfo
new file mode 100644
index 000000000000..f4eba7422877
--- /dev/null
+++ b/ftp/ftpd-tls/distinfo
@@ -0,0 +1 @@
+MD5 (ftpd-tls-20030520.tar.gz) = f9b1f0cc41dbaf248e84a37896cbcec3
diff --git a/ftp/ftpd-tls/files/ftpd-tls.sh b/ftp/ftpd-tls/files/ftpd-tls.sh
new file mode 100644
index 000000000000..9b9eb473d480
--- /dev/null
+++ b/ftp/ftpd-tls/files/ftpd-tls.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+case "$1" in
+start)
+ if [ -x %%PREFIX%%/libexec/ftpd-tls ]; then
+ %%PREFIX%%/libexec/ftpd-tls -DUl > /dev/null
+ echo -n ' ftpd-tls'
+ fi
+ ;;
+stop)
+ if [ -r /var/run/ftpd-tls.pid ]; then
+ kill -TERM `cat /var/run/ftpd-tls.pid`
+ rm -f /var/run/ftpd-tls.pid
+ echo -n ' ftpd-tls'
+ fi
+ ;;
+*)
+ echo "Usage: `basename $0` {start|stop}" >&2
+ ;;
+esac
+
+exit 0
diff --git a/ftp/ftpd-tls/files/patch-Makefile.in b/ftp/ftpd-tls/files/patch-Makefile.in
new file mode 100644
index 000000000000..ad101a80ade1
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-Makefile.in
@@ -0,0 +1,11 @@
+--- Makefile.in.orig Tue Sep 9 00:57:31 2003
++++ Makefile.in Tue Sep 9 01:00:35 2003
+@@ -78,7 +78,7 @@
+ @STAT_FLAGS_C@ @BSDSRCS@
+ OBJS= $(SRCS:.c=.o)
+
+-CFLAGS= -g ${CWARNINGFLAGS}
++CFLAGS= @CFLAGS@ ${CWARNINGFLAGS}
+ CPPFLAGS= @CPPFLAGS@ $(DEFS) -Dunix -I. -I${LSDIR}
+
+ BINGRP= bin
diff --git a/ftp/ftpd-tls/files/patch-README.TLS b/ftp/ftpd-tls/files/patch-README.TLS
new file mode 100644
index 000000000000..7571a102224c
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-README.TLS
@@ -0,0 +1,10 @@
+--- README.TLS.orig Tue Sep 9 03:04:28 2003
++++ README.TLS Tue Sep 9 03:05:05 2003
+@@ -33,6 +33,7 @@
+
+ These files is searched for in the following directorys (in this order):
+ o Current working directory of the process.
++o %%PREFIX%%/etc/ftpd-tls.
+ o Specified by the `X509_get_default_cert_dir_env()` environment variable
+ (usually $SSL_CERT_DIR).
+ o `X509_get_default_cert_dir()`, usually (openssl-dir)/certs.
diff --git a/ftp/ftpd-tls/files/patch-configure b/ftp/ftpd-tls/files/patch-configure
new file mode 100644
index 000000000000..0463aaf40a3e
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-configure
@@ -0,0 +1,10 @@
+--- configure.orig Tue Sep 9 19:20:27 2003
++++ configure Tue Sep 9 19:20:50 2003
+@@ -4891,6 +4891,7 @@
+ cat >conftest.$ac_ext <<_ACEOF
+ #line $LINENO "configure"
+ #include "confdefs.h"
++$ac_includes_default
+ #include <utmp.h>
+ #ifdef F77_DUMMY_MAIN
+ # ifdef __cplusplus
diff --git a/ftp/ftpd-tls/files/patch-ftpd.8.TLS b/ftp/ftpd-tls/files/patch-ftpd.8.TLS
new file mode 100644
index 000000000000..1a5d57e30326
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-ftpd.8.TLS
@@ -0,0 +1,140 @@
+--- ftpd.8.TLS.orig Thu May 16 15:07:51 2002
++++ ftpd.8.TLS Tue Sep 9 02:33:26 2003
+@@ -35,13 +35,13 @@
+ .\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94
+ .\"
+ .Dd June 18, 1996
+-.Dt FTPD 8
++.Dt FTPD-TLS 8
+ .Os
+ .Sh NAME
+-.Nm ftpd
+-.Nd Internet File Transfer Protocol server
++.Nm ftpd-tls
++.Nd Internet File Transfer Protocol server supporting AUTH TLS
+ .Sh SYNOPSIS
+-.Nm ftpd
++.Nm ftpd-tls
+ .Op Fl AdDhlMPSU46
+ .Op Fl T Ar maxtimeout
+ .Op Fl t Ar timeout
+@@ -62,7 +62,7 @@
+ .Bl -tag -width Ds
+ .It Fl A
+ Permit only anonymous ftp connections, accounts listed in
+-.Pa /etc/ftpchroot
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ or users in a login class with the
+ .Dq ftp-chroot
+ variable set (see below).
+@@ -107,7 +107,7 @@
+ .It Fl P
+ Permit illegal port numbers or addresses for PORT command initiated connects.
+ By default
+-.Xr ftpd 8
++.Xr ftpd-tls 8
+ violates the RFC and thus constrains the PORT command to non-reserved ports
+ and requires it use the same source address as the connection came from.
+ This prevents the "FTP bounce attack" against services on both the local
+@@ -116,7 +116,7 @@
+ With this option set,
+ .Nm
+ logs all anonymous downloads to the file
+-.Pa /var/log/ftpd
++.Pa /var/log/ftpd-tls
+ when this file exists.
+ .It Fl U
+ Each concurrent
+@@ -182,14 +182,14 @@
+ .Nm
+ displays it and exits.
+ If the file
+-.Pa /etc/ftpwelcome
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
+ exists,
+ .Nm
+ prints it before issuing the
+ .Dq ready
+ message.
+ If the welcome file exists
+-.Pa ( /etc/motd
++.Pa ( %%PREFIX%%/etc/ftpd-tls/motd
+ by default),
+ .Nm
+ prints it after a successful login.
+@@ -320,13 +320,13 @@
+ file operations may be performed.
+ .It
+ The login name must not appear in the file
+-.Pa /etc/ftpusers .
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpusers .
+ .It
+ The user must have a standard shell as described by
+ .Xr shells 5 .
+ .It
+ If the user name appears in the file
+-.Pa /etc/ftpchroot
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ the session's root will be changed to the user's login directory by
+ .Xr chroot 2
+ as for an
+@@ -432,7 +432,7 @@
+ .El
+ .Pp
+ If logging to the
+-.Pa /var/log/ftpd
++.Pa /var/log/ftpd-tls
+ file is enabled, information will be written in the following format:
+ .Pp
+ .Bl -tag -width XXXXXXXXXXXXXX -offset indent -compact
+@@ -514,24 +514,24 @@
+ .It Pa welcome
+ The path of the file containing the welcome message.
+ If this variable is not set,
+-.Pa /etc/motd
++.Pa %%PREFIX%%/etc/ftpd-tls/motd
+ is used.
+ .El
+ .Sh FILES
+-.Bl -tag -width /var/run/ftpd.pid -compact
+-.It Pa /etc/ftpusers
++.Bl -tag -width /var/run/ftpd-tls.pid -compact
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpusers
+ list of unwelcome/restricted users
+-.It Pa /etc/ftpchroot
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ list of normal users who should be chrooted
+-.It Pa /etc/ftpwelcome
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
+ welcome notice
+ .It Pa /etc/nologin
+ displayed and access refused
+ .It Pa /var/run/utmp
+ list of users on the system
+-.It Pa /var/run/ftpd.pid
++.It Pa /var/run/ftpd-tls.pid
+ process ID if running in daemon mode
+-.It Pa /var/log/ftpd
++.It Pa /var/log/ftpd-tls
+ log file for anonymous downloads
+ .El
+ .Sh SEE ALSO
+@@ -541,14 +541,16 @@
+ .Xr chroot 2 ,
+ .Xr login.conf 5 ,
+ .Xr shells 5 ,
++.Xr ftpd 8 ,
+ .Xr inetd 8 ,
+ .Xr syslogd 8 ,
+-.Xr ftp-proxy 8
+ .Sh HISTORY
+ The
+-.Nm
++.Ic ftpd
+ command appeared in
+ .Bx 4.2 .
++.Pp
++AUTH TLS support added by Peter 'Luna' Runestig <peter@runestig.com>.
+ .Sh BUGS
+ The server must run as the superuser to create sockets with
+ privileged port numbers.
diff --git a/ftp/ftpd-tls/files/patch-pathnames.h b/ftp/ftpd-tls/files/patch-pathnames.h
new file mode 100644
index 000000000000..5a0cdcc6baf2
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-pathnames.h
@@ -0,0 +1,22 @@
+--- pathnames.h.orig Fri May 3 10:15:39 2002
++++ pathnames.h Tue Sep 9 02:34:05 2003
+@@ -40,12 +40,13 @@
+ #include <paths.h>
+ #endif /* HAVE_PATHS_H */
+
+-#define _PATH_FTPUSERS "/etc/ftpusers"
+-#define _PATH_FTPCHROOT "/etc/ftpchroot"
+-#define _PATH_FTPWELCOME "/etc/ftpwelcome"
+-#define _PATH_FTPLOGINMESG "/etc/motd"
+-#define _PATH_FTPDSTATFILE "/var/log/ftpd"
+-#define _PATH_FTPDPID "/var/run/ftpd.pid"
++#undef _PATH_FTPUSERS
++#define _PATH_FTPUSERS "%%PREFIX%%/etc/ftpd-tls/ftpusers"
++#define _PATH_FTPCHROOT "%%PREFIX%%/etc/ftpd-tls/ftpchroot"
++#define _PATH_FTPWELCOME "%%PREFIX%%/etc/ftpd-tls/ftpwelcome"
++#define _PATH_FTPLOGINMESG "%%PREFIX%%/etc/ftpd-tls/motd"
++#define _PATH_FTPDSTATFILE "/var/log/ftpd-tls"
++#define _PATH_FTPDPID "/var/run/ftpd-tls.pid"
+ #define _PATH_CWDMESG ".message"
+ #ifndef _PATH_NOLOGIN
+ #define _PATH_NOLOGIN "/etc/nologin"
diff --git a/ftp/ftpd-tls/files/patch-tlsutil.c b/ftp/ftpd-tls/files/patch-tlsutil.c
new file mode 100644
index 000000000000..8401f6549ffd
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-tlsutil.c
@@ -0,0 +1,16 @@
+--- tlsutil.c.orig Tue Sep 9 02:55:27 2003
++++ tlsutil.c Tue Sep 9 02:57:58 2003
+@@ -218,6 +218,13 @@
+ fclose(file);
+ return fn;
+ }
++
++ snprintf(fp, sizeof(fp), "%s/%s", "%%PREFIX%%" "/etc/ftpd-tls", fn);
++ if ((file = fopen(fp, "r"))) {
++ fclose(file);
++ return fp;
++ }
++
+ if (!(dir = getenv(X509_get_default_cert_dir_env()))) /* $SSL_CERT_DIR */
+ dir = (char *) X509_get_default_cert_dir();
+ snprintf(fp, sizeof(fp), "%s/%s", dir, fn);
diff --git a/ftp/ftpd-tls/pkg-descr b/ftp/ftpd-tls/pkg-descr
new file mode 100644
index 000000000000..821aa170339a
--- /dev/null
+++ b/ftp/ftpd-tls/pkg-descr
@@ -0,0 +1,4 @@
+Ftp server based on the OpenBSD ftp server code, implements the
+FTP AUTH TLS IETF draft plus a custom SSL/TLS client authentication.
+
+WWW: http://www.runestig.com/osp.html
diff --git a/ftp/ftpd-tls/pkg-message b/ftp/ftpd-tls/pkg-message
new file mode 100644
index 000000000000..5d443d4c7fbd
--- /dev/null
+++ b/ftp/ftpd-tls/pkg-message
@@ -0,0 +1,14 @@
+===========================================================================
+
+Depending on how you would like to start ftpd-tls(8) either copy the
+sample start-up script %%PREFIX%%/etc/rc.d/ftpd-tls.sh.sample to
+%%PREFIX%%/etc/rc.d/ftpd-tls.sh or add the following two entries to
+your /etc/inetd.conf:
+ftp stream tcp nowait root %%PREFIX%%/libexec/ftpd-tls ftpd-tls -Ul
+ftp stream tcp6 nowait root %%PREFIX%%/libexec/ftpd-tls ftpd-tls -Ul
+
+See %%DOCSDIR%%/README.TLS and the openssl(1) manual
+page for further information on how to generate the certificates and
+the keys and where to place them.
+
+===========================================================================
diff --git a/ftp/ftpd-tls/pkg-plist b/ftp/ftpd-tls/pkg-plist
new file mode 100644
index 000000000000..9e5cd11270d5
--- /dev/null
+++ b/ftp/ftpd-tls/pkg-plist
@@ -0,0 +1,8 @@
+libexec/ftpd-tls
+%%PORTDOCS%%%%DOCSDIR%%/README.TLS
+%%PORTDOCS%%%%DOCSDIR%%/draft-murray-auth-ftp-ssl-09.txt
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+@exec mkdir -p %D/etc/ftpd-tls && chmod 700 %D/etc/ftpd-tls
+@exec if [ ! -f %D/etc/ftpd-tls/ftpusers ] && [ -f /etc/ftpusers ]; then cp /etc/ftpusers %D/etc/ftpd-tls/ftpusers; fi
+@unexec if cmp -s %D/etc/ftpd-tls/ftpusers /etc/ftpusers; then rm -f %D/etc/ftpd-tls/ftpusers; fi
+@unexec rmdir %D/etc/ftpd-tls 2> /dev/null || echo "If permanently deleting this package, %D/etc/ftpd-tls and its contents must be removed manually."