diff options
Diffstat (limited to 'net-ftp/bsdftpd-ssl/files')
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/auth.sslftp | 43 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2 | bin | 0 -> 768 bytes | |||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff | 17 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff | 20 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch | 89 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2 | bin | 0 -> 608 bytes | |||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff | 45 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2 | bin | 0 -> 1162 bytes | |||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2 | bin | 0 -> 1210 bytes | |||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2 | bin | 0 -> 322 bytes | |||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd.pam | 5 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig | 7 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit | 20 | ||||
-rw-r--r-- | net-ftp/bsdftpd-ssl/files/x509.auth | 2 |
14 files changed, 248 insertions, 0 deletions
diff --git a/net-ftp/bsdftpd-ssl/files/auth.sslftp b/net-ftp/bsdftpd-ssl/files/auth.sslftp new file mode 100644 index 0000000..539140d --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/auth.sslftp @@ -0,0 +1,43 @@ +#! /usr/bin/perl + +# Output must be at least 8 bytes + +sub return_error { + print STDOUT "200\r\n\r\n"; + exit; +} + +sub return_ok { + $user=@_[0]; + print STDOUT "100\r\n$user\r\n"; + exit; +} + +$/="\r\n"; +$user=<STDIN>;chomp($user); +$/="\n"; +$mode=0; +while (<>) { + if (($mode==0)&&($_ =~ /-----BEGIN CERTIFICATE-----/)) { $mode = 1; } + elsif (($mode==1)&&($_ =~ /-----END CERTIFICATE-----/)) { $mode = 2; } + if ($mode) { + $_ =~ /^(.*)[\n\r]+$/; + $cert.=$1; + } + if ($mode==2) { last; } +} + +#$cert=join "", @cert_lines; +$cert =~ m/-----BEGIN CERTIFICATE-----(.*)-----END CERTIFICATE-----/; +$client_cert = $1; + +open(ucf, "/opt/ssl/user_certs/$user.crt") or return_error(); +@cert_lines=<ucf>; +chomp(@cert_lines); +$cert=join "", @cert_lines; +close(ucf); +$cert =~ m/-----BEGIN CERTIFICATE-----(.*)-----END CERTIFICATE-----/; +$user_cert = $1; + +if (($user_cert cmp $client_cert) == 0) { return_ok($user); } +return_error(); diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2 Binary files differnew file mode 100644 index 0000000..0a18ecb --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2 diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff new file mode 100644 index 0000000..8f425db --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff @@ -0,0 +1,17 @@ +diff -dPNur bsdftpd-ssl-1.0.2.orig/contrib/libbsdport/libc/gen/glob.c bsdftpd-ssl-1.0.2/contrib/libbsdport/libc/gen/glob.c +--- bsdftpd-ssl-1.0.2.orig/contrib/libbsdport/libc/gen/glob.c 2003-10-24 21:53:18.000000000 +0000 ++++ bsdftpd-ssl-1.0.2/contrib/libbsdport/libc/gen/glob.c 2012-01-13 20:16:21.000000000 +0000 +@@ -79,6 +79,13 @@ + #include <string.h> + #include <unistd.h> + ++#if defined(_SC_ARG_MAX) ++# if defined(ARG_MAX) ++# undef ARG_MAX ++# endif ++# define ARG_MAX sysconf (_SC_ARG_MAX) ++#endif ++ + #include "collate.h" + /* SKYNICK: from collate.c */ + int __collate_load_error = 1; diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff new file mode 100644 index 0000000..4ea1912 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff @@ -0,0 +1,20 @@ +diff -dPNur bsdftpd-ssl-1.0.2.orig/ftp/ftp_var.h bsdftpd-ssl-1.0.2/ftp/ftp_var.h +--- bsdftpd-ssl-1.0.2.orig/ftp/ftp_var.h 2004-05-30 19:19:37.000000000 +0000 ++++ bsdftpd-ssl-1.0.2/ftp/ftp_var.h 2012-01-13 20:30:15.000000000 +0000 +@@ -61,7 +61,6 @@ + #endif /* LINUX */ + #endif /* !SMALL */ + +-#include "extern.h" + + #define HASHBYTES 1024 + #define FTPBUFLEN MAXPATHLEN + 200 +@@ -200,6 +199,8 @@ + struct macel macros[16]; + char macbuf[4096]; + ++#include "extern.h" ++ + #include "sslapp.h" + #include "ssl_port_ftps.h" + diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch new file mode 100644 index 0000000..e49d2ad --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch @@ -0,0 +1,89 @@ +diff -dPNur bsdftpd-ssl-1.0.2/ftp/ftp.c bsdftpd-ssl-1.0.2-new/ftp/ftp.c +--- bsdftpd-ssl-1.0.2/ftp/ftp.c 2004-07-04 23:00:32.000000000 +0500 ++++ bsdftpd-ssl-1.0.2-new/ftp/ftp.c 2006-04-05 05:41:54.000000000 +0500 +@@ -1544,6 +1544,7 @@ + prt[1] &= 0xff; + error = 0; + epsv_done: ++ ; + } else + error = 1; + +@@ -1867,6 +1868,7 @@ + + return NULL; + default: ++ ; + } + + X509_free(x509_ssl_con); +@@ -1982,6 +1984,7 @@ + + return NULL; + default: ++ ; + } + + X509_free(x509_ssl_con); +diff -dPNur bsdftpd-ssl-1.0.2/ftp/util.c bsdftpd-ssl-1.0.2-new/ftp/util.c +--- bsdftpd-ssl-1.0.2/ftp/util.c 2004-05-31 03:24:47.000000000 +0500 ++++ bsdftpd-ssl-1.0.2-new/ftp/util.c 2006-04-05 05:42:14.000000000 +0500 +@@ -987,6 +987,7 @@ + ssl_log_msgn(bio_err,"Reason: Certificate revoked"); + break; + default: ++ ; + } + + warnx("TLS/SSL connection to server failed"); +diff -dPNur bsdftpd-ssl-1.0.2/ftpd/ftpd.c bsdftpd-ssl-1.0.2-new/ftpd/ftpd.c +--- bsdftpd-ssl-1.0.2/ftpd/ftpd.c 2006-04-05 04:55:31.000000000 +0500 ++++ bsdftpd-ssl-1.0.2-new/ftpd/ftpd.c 2006-04-05 04:57:30.000000000 +0500 +@@ -2322,6 +2322,7 @@ + SSL_get_shutdown(ssl_data_con); + break; + default: ++ ; + } + } + SSL_free(ssl_data_con); +@@ -2445,6 +2446,7 @@ + SSL_get_shutdown(ssl_data_con); + break; + default: ++ ; + } + } + SSL_free(ssl_data_con); +@@ -2696,6 +2698,7 @@ + + return NULL; + default: ++ ; + } + + X509_free(x509_ssl_con); +@@ -2857,6 +2860,7 @@ + + return NULL; + default: ++ ; + } + + X509_free(x509_ssl_con); +@@ -4185,6 +4189,7 @@ + SSL_get_shutdown(ssl_data_con); + break; + default: ++ ; + } + } + SSL_free(ssl_data_con); +@@ -4299,6 +4304,7 @@ + SSL_get_shutdown(ssl_data_con); + break; + default: ++ ; + } + } + SSL_free(ssl_data_con); diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2 Binary files differnew file mode 100644 index 0000000..b473e30 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2 diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff new file mode 100644 index 0000000..7aaf626 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff @@ -0,0 +1,45 @@ +diff -dPNur bsdftpd-ssl-1.0.2.orig/ftpd/extern.h bsdftpd-ssl-1.0.2/ftpd/extern.h +--- bsdftpd-ssl-1.0.2.orig/ftpd/extern.h 2004-04-18 12:20:14.000000000 +0000 ++++ bsdftpd-ssl-1.0.2/ftpd/extern.h 2012-01-13 20:21:33.000000000 +0000 +@@ -47,7 +47,7 @@ + void ftpd_logwtmp(char *, char *, struct sockaddr *addr); + int ftpd_pclose(FILE *); + FILE *ftpd_popen(char *, char *); +-char *getline(char *, int, FILE *); ++char *mygetline(char *, int, FILE *); + void lreply(int, const char *, ...); + void makedir(char *); + void nack(char *); +diff -dPNur bsdftpd-ssl-1.0.2.orig/ftpd/ftpcmd.y bsdftpd-ssl-1.0.2/ftpd/ftpcmd.y +--- bsdftpd-ssl-1.0.2.orig/ftpd/ftpcmd.y 2004-05-30 18:55:11.000000000 +0000 ++++ bsdftpd-ssl-1.0.2/ftpd/ftpcmd.y 2012-01-13 20:21:27.000000000 +0000 +@@ -1374,7 +1374,7 @@ + * getline - a hacked up version of fgets to ignore TELNET escape codes. + */ + char * +-getline(char *s, int n, FILE *iop) ++mygetline(char *s, int n, FILE *iop) + { + int c; + register char *cs; +@@ -1522,7 +1522,7 @@ + case CMD: + (void) signal(SIGALRM, toolong); + (void) alarm((unsigned) timeout); +- if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) { ++ if (mygetline(cbuf, sizeof(cbuf)-1, stdin) == NULL) { + reply(221, "You could at least say goodbye."); + dologout(0); + } +diff -dPNur bsdftpd-ssl-1.0.2.orig/ftpd/ftpd.c bsdftpd-ssl-1.0.2/ftpd/ftpd.c +--- bsdftpd-ssl-1.0.2.orig/ftpd/ftpd.c 2012-01-13 19:55:37.000000000 +0000 ++++ bsdftpd-ssl-1.0.2/ftpd/ftpd.c 2012-01-13 20:21:48.000000000 +0000 +@@ -3750,7 +3750,7 @@ + tv.tv_usec=0; + if (select(fileno(stdin)+1, &mask, NULL, NULL, &tv)) { + #endif /*USE_SSL*/ +- if (getline(cp, 7, stdin) == NULL) { ++ if (mygetline(cp, 7, stdin) == NULL) { + reply(221, "You could at least say goodbye."); + dologout(0); + } diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2 Binary files differnew file mode 100644 index 0000000..e3cea58 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2 diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2 Binary files differnew file mode 100644 index 0000000..a105ddf --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2 diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2 Binary files differnew file mode 100644 index 0000000..a8a67cc --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2 diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd.pam b/net-ftp/bsdftpd-ssl/files/bsdftpd.pam new file mode 100644 index 0000000..836e5bb --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth required /lib/security/pam_shells.so +auth include system-auth +account include system-auth diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig new file mode 100644 index 0000000..ae24158 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig @@ -0,0 +1,7 @@ +BSDFTPDSSL_SSL_CERT=/opt/ssl/server_certs/server.crt +BSDFTPDSSL_SSL_KEY=/opt/ssl/server_keys/server.key +BSDFTPDSSL_SSL_PASSWORD=/etc/apc.pwd +BSDFTPDSSL_SSL_CHAIN=/opt/ssl/ca/chain.crt +BSDFTPDSSL_SSL_USERS=/opt/ssl/user_certs/ +BSDFTPDSSL_FIRST_PASSIVE_PORT=40000 +BSDFTPDSSL_LAST_PASSIVE_PORT=45000 diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit new file mode 100644 index 0000000..942c062 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit @@ -0,0 +1,20 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: + +depend() { + need net +} + +start() { + ebegin "Starting BSD FTPD - SSL" + ftpd -h -S wu-ext -X wu-ext -l -l -B $BSDFTPDSSL_FIRST_PASSIVE_PORT:$BSDFTPDSSL_LAST_PASSIVE_PORT -D -z secure -z cert=$BSDFTPDSSL_SSL_CERT -z key=$BSDFTPDSSL_SSL_KEY -z verify=1 -z auth=1 -z CAfile=$BSDFTPDSSL_SSL_CHAIN -z CApath=$BSDFTPDSSL_SSL_USERS -z certsok -z KEYpassword=$BSDFTPDSSL_SSL_PASSWORD -z defau -z refnu -z cipher=HIGH + eend $? +} + +stop() { + ebegin "Stopping BSD FTPD - SSL" + killall ${KILL_OPTS} ftpd + eend $? +} diff --git a/net-ftp/bsdftpd-ssl/files/x509.auth b/net-ftp/bsdftpd-ssl/files/x509.auth new file mode 100644 index 0000000..06a5890 --- /dev/null +++ b/net-ftp/bsdftpd-ssl/files/x509.auth @@ -0,0 +1,2 @@ +ftpd:allow:/CN:-p/usr/bin/perl /usr/bin/auth.sslftp +ftpd:allow:*:-f~/certs/ftp.crt |