summaryrefslogtreecommitdiffstats
path: root/net-ftp/bsdftpd-ssl/files
diff options
context:
space:
mode:
Diffstat (limited to 'net-ftp/bsdftpd-ssl/files')
-rw-r--r--net-ftp/bsdftpd-ssl/files/auth.sslftp43
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2bin0 -> 768 bytes
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff17
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff20
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch89
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2bin0 -> 608 bytes
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff45
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2bin0 -> 1162 bytes
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2bin0 -> 1210 bytes
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2bin0 -> 322 bytes
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd.pam5
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig7
-rw-r--r--net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit20
-rw-r--r--net-ftp/bsdftpd-ssl/files/x509.auth2
14 files changed, 248 insertions, 0 deletions
diff --git a/net-ftp/bsdftpd-ssl/files/auth.sslftp b/net-ftp/bsdftpd-ssl/files/auth.sslftp
new file mode 100644
index 0000000..539140d
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/auth.sslftp
@@ -0,0 +1,43 @@
+#! /usr/bin/perl
+
+# Output must be at least 8 bytes
+
+sub return_error {
+ print STDOUT "200\r\n\r\n";
+ exit;
+}
+
+sub return_ok {
+ $user=@_[0];
+ print STDOUT "100\r\n$user\r\n";
+ exit;
+}
+
+$/="\r\n";
+$user=<STDIN>;chomp($user);
+$/="\n";
+$mode=0;
+while (<>) {
+ if (($mode==0)&&($_ =~ /-----BEGIN CERTIFICATE-----/)) { $mode = 1; }
+ elsif (($mode==1)&&($_ =~ /-----END CERTIFICATE-----/)) { $mode = 2; }
+ if ($mode) {
+ $_ =~ /^(.*)[\n\r]+$/;
+ $cert.=$1;
+ }
+ if ($mode==2) { last; }
+}
+
+#$cert=join "", @cert_lines;
+$cert =~ m/-----BEGIN CERTIFICATE-----(.*)-----END CERTIFICATE-----/;
+$client_cert = $1;
+
+open(ucf, "/opt/ssl/user_certs/$user.crt") or return_error();
+@cert_lines=<ucf>;
+chomp(@cert_lines);
+$cert=join "", @cert_lines;
+close(ucf);
+$cert =~ m/-----BEGIN CERTIFICATE-----(.*)-----END CERTIFICATE-----/;
+$user_cert = $1;
+
+if (($user_cert cmp $client_cert) == 0) { return_ok($user); }
+return_error();
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2
new file mode 100644
index 0000000..0a18ecb
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-anonymous.patch.bz2
Binary files differ
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff
new file mode 100644
index 0000000..8f425db
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-argmax.diff
@@ -0,0 +1,17 @@
+diff -dPNur bsdftpd-ssl-1.0.2.orig/contrib/libbsdport/libc/gen/glob.c bsdftpd-ssl-1.0.2/contrib/libbsdport/libc/gen/glob.c
+--- bsdftpd-ssl-1.0.2.orig/contrib/libbsdport/libc/gen/glob.c 2003-10-24 21:53:18.000000000 +0000
++++ bsdftpd-ssl-1.0.2/contrib/libbsdport/libc/gen/glob.c 2012-01-13 20:16:21.000000000 +0000
+@@ -79,6 +79,13 @@
+ #include <string.h>
+ #include <unistd.h>
+
++#if defined(_SC_ARG_MAX)
++# if defined(ARG_MAX)
++# undef ARG_MAX
++# endif
++# define ARG_MAX sysconf (_SC_ARG_MAX)
++#endif
++
+ #include "collate.h"
+ /* SKYNICK: from collate.c */
+ int __collate_load_error = 1;
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff
new file mode 100644
index 0000000..4ea1912
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-cmdtab.diff
@@ -0,0 +1,20 @@
+diff -dPNur bsdftpd-ssl-1.0.2.orig/ftp/ftp_var.h bsdftpd-ssl-1.0.2/ftp/ftp_var.h
+--- bsdftpd-ssl-1.0.2.orig/ftp/ftp_var.h 2004-05-30 19:19:37.000000000 +0000
++++ bsdftpd-ssl-1.0.2/ftp/ftp_var.h 2012-01-13 20:30:15.000000000 +0000
+@@ -61,7 +61,6 @@
+ #endif /* LINUX */
+ #endif /* !SMALL */
+
+-#include "extern.h"
+
+ #define HASHBYTES 1024
+ #define FTPBUFLEN MAXPATHLEN + 200
+@@ -200,6 +199,8 @@
+ struct macel macros[16];
+ char macbuf[4096];
+
++#include "extern.h"
++
+ #include "sslapp.h"
+ #include "ssl_port_ftps.h"
+
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch
new file mode 100644
index 0000000..e49d2ad
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-compile.patch
@@ -0,0 +1,89 @@
+diff -dPNur bsdftpd-ssl-1.0.2/ftp/ftp.c bsdftpd-ssl-1.0.2-new/ftp/ftp.c
+--- bsdftpd-ssl-1.0.2/ftp/ftp.c 2004-07-04 23:00:32.000000000 +0500
++++ bsdftpd-ssl-1.0.2-new/ftp/ftp.c 2006-04-05 05:41:54.000000000 +0500
+@@ -1544,6 +1544,7 @@
+ prt[1] &= 0xff;
+ error = 0;
+ epsv_done:
++ ;
+ } else
+ error = 1;
+
+@@ -1867,6 +1868,7 @@
+
+ return NULL;
+ default:
++ ;
+ }
+
+ X509_free(x509_ssl_con);
+@@ -1982,6 +1984,7 @@
+
+ return NULL;
+ default:
++ ;
+ }
+
+ X509_free(x509_ssl_con);
+diff -dPNur bsdftpd-ssl-1.0.2/ftp/util.c bsdftpd-ssl-1.0.2-new/ftp/util.c
+--- bsdftpd-ssl-1.0.2/ftp/util.c 2004-05-31 03:24:47.000000000 +0500
++++ bsdftpd-ssl-1.0.2-new/ftp/util.c 2006-04-05 05:42:14.000000000 +0500
+@@ -987,6 +987,7 @@
+ ssl_log_msgn(bio_err,"Reason: Certificate revoked");
+ break;
+ default:
++ ;
+ }
+
+ warnx("TLS/SSL connection to server failed");
+diff -dPNur bsdftpd-ssl-1.0.2/ftpd/ftpd.c bsdftpd-ssl-1.0.2-new/ftpd/ftpd.c
+--- bsdftpd-ssl-1.0.2/ftpd/ftpd.c 2006-04-05 04:55:31.000000000 +0500
++++ bsdftpd-ssl-1.0.2-new/ftpd/ftpd.c 2006-04-05 04:57:30.000000000 +0500
+@@ -2322,6 +2322,7 @@
+ SSL_get_shutdown(ssl_data_con);
+ break;
+ default:
++ ;
+ }
+ }
+ SSL_free(ssl_data_con);
+@@ -2445,6 +2446,7 @@
+ SSL_get_shutdown(ssl_data_con);
+ break;
+ default:
++ ;
+ }
+ }
+ SSL_free(ssl_data_con);
+@@ -2696,6 +2698,7 @@
+
+ return NULL;
+ default:
++ ;
+ }
+
+ X509_free(x509_ssl_con);
+@@ -2857,6 +2860,7 @@
+
+ return NULL;
+ default:
++ ;
+ }
+
+ X509_free(x509_ssl_con);
+@@ -4185,6 +4189,7 @@
+ SSL_get_shutdown(ssl_data_con);
+ break;
+ default:
++ ;
+ }
+ }
+ SSL_free(ssl_data_con);
+@@ -4299,6 +4304,7 @@
+ SSL_get_shutdown(ssl_data_con);
+ break;
+ default:
++ ;
+ }
+ }
+ SSL_free(ssl_data_con);
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2
new file mode 100644
index 0000000..b473e30
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-extprog.patch.bz2
Binary files differ
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff
new file mode 100644
index 0000000..7aaf626
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-getline.diff
@@ -0,0 +1,45 @@
+diff -dPNur bsdftpd-ssl-1.0.2.orig/ftpd/extern.h bsdftpd-ssl-1.0.2/ftpd/extern.h
+--- bsdftpd-ssl-1.0.2.orig/ftpd/extern.h 2004-04-18 12:20:14.000000000 +0000
++++ bsdftpd-ssl-1.0.2/ftpd/extern.h 2012-01-13 20:21:33.000000000 +0000
+@@ -47,7 +47,7 @@
+ void ftpd_logwtmp(char *, char *, struct sockaddr *addr);
+ int ftpd_pclose(FILE *);
+ FILE *ftpd_popen(char *, char *);
+-char *getline(char *, int, FILE *);
++char *mygetline(char *, int, FILE *);
+ void lreply(int, const char *, ...);
+ void makedir(char *);
+ void nack(char *);
+diff -dPNur bsdftpd-ssl-1.0.2.orig/ftpd/ftpcmd.y bsdftpd-ssl-1.0.2/ftpd/ftpcmd.y
+--- bsdftpd-ssl-1.0.2.orig/ftpd/ftpcmd.y 2004-05-30 18:55:11.000000000 +0000
++++ bsdftpd-ssl-1.0.2/ftpd/ftpcmd.y 2012-01-13 20:21:27.000000000 +0000
+@@ -1374,7 +1374,7 @@
+ * getline - a hacked up version of fgets to ignore TELNET escape codes.
+ */
+ char *
+-getline(char *s, int n, FILE *iop)
++mygetline(char *s, int n, FILE *iop)
+ {
+ int c;
+ register char *cs;
+@@ -1522,7 +1522,7 @@
+ case CMD:
+ (void) signal(SIGALRM, toolong);
+ (void) alarm((unsigned) timeout);
+- if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
++ if (mygetline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
+diff -dPNur bsdftpd-ssl-1.0.2.orig/ftpd/ftpd.c bsdftpd-ssl-1.0.2/ftpd/ftpd.c
+--- bsdftpd-ssl-1.0.2.orig/ftpd/ftpd.c 2012-01-13 19:55:37.000000000 +0000
++++ bsdftpd-ssl-1.0.2/ftpd/ftpd.c 2012-01-13 20:21:48.000000000 +0000
+@@ -3750,7 +3750,7 @@
+ tv.tv_usec=0;
+ if (select(fileno(stdin)+1, &mask, NULL, NULL, &tv)) {
+ #endif /*USE_SSL*/
+- if (getline(cp, 7, stdin) == NULL) {
++ if (mygetline(cp, 7, stdin) == NULL) {
+ reply(221, "You could at least say goodbye.");
+ dologout(0);
+ }
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2
new file mode 100644
index 0000000..e3cea58
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-keypassword.patch.bz2
Binary files differ
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2
new file mode 100644
index 0000000..a105ddf
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-pport.patch.bz2
Binary files differ
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2 b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2
new file mode 100644
index 0000000..a8a67cc
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd-ds-termcap.patch.bz2
Binary files differ
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd.pam b/net-ftp/bsdftpd-ssl/files/bsdftpd.pam
new file mode 100644
index 0000000..836e5bb
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd.pam
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth required /lib/security/pam_shells.so
+auth include system-auth
+account include system-auth
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig
new file mode 100644
index 0000000..ae24158
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysconfig
@@ -0,0 +1,7 @@
+BSDFTPDSSL_SSL_CERT=/opt/ssl/server_certs/server.crt
+BSDFTPDSSL_SSL_KEY=/opt/ssl/server_keys/server.key
+BSDFTPDSSL_SSL_PASSWORD=/etc/apc.pwd
+BSDFTPDSSL_SSL_CHAIN=/opt/ssl/ca/chain.crt
+BSDFTPDSSL_SSL_USERS=/opt/ssl/user_certs/
+BSDFTPDSSL_FIRST_PASSIVE_PORT=40000
+BSDFTPDSSL_LAST_PASSIVE_PORT=45000
diff --git a/net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit
new file mode 100644
index 0000000..942c062
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/bsdftpd.sysinit
@@ -0,0 +1,20 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header:
+
+depend() {
+ need net
+}
+
+start() {
+ ebegin "Starting BSD FTPD - SSL"
+ ftpd -h -S wu-ext -X wu-ext -l -l -B $BSDFTPDSSL_FIRST_PASSIVE_PORT:$BSDFTPDSSL_LAST_PASSIVE_PORT -D -z secure -z cert=$BSDFTPDSSL_SSL_CERT -z key=$BSDFTPDSSL_SSL_KEY -z verify=1 -z auth=1 -z CAfile=$BSDFTPDSSL_SSL_CHAIN -z CApath=$BSDFTPDSSL_SSL_USERS -z certsok -z KEYpassword=$BSDFTPDSSL_SSL_PASSWORD -z defau -z refnu -z cipher=HIGH
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping BSD FTPD - SSL"
+ killall ${KILL_OPTS} ftpd
+ eend $?
+}
diff --git a/net-ftp/bsdftpd-ssl/files/x509.auth b/net-ftp/bsdftpd-ssl/files/x509.auth
new file mode 100644
index 0000000..06a5890
--- /dev/null
+++ b/net-ftp/bsdftpd-ssl/files/x509.auth
@@ -0,0 +1,2 @@
+ftpd:allow:/CN:-p/usr/bin/perl /usr/bin/auth.sslftp
+ftpd:allow:*:-f~/certs/ftp.crt