Add ftpd-tls, a FTP AUTH TLS aware ftp server. This is the counterpart

to ftp/ftp-tls and also written by Peter Runestig.

Submitted by:	Marius Strobl <marius@alchemy.franken.de>

7 files changed, 231 insertions, 0 deletions

diff --git a/ftp/ftpd-tls/files/ftpd-tls.sh b/ftp/ftpd-tls/files/ftpd-tls.sh
new file mode 100644
index 000000000000..9b9eb473d480
--- /dev/null
+++ b/ftp/ftpd-tls/files/ftpd-tls.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+case "$1" in
+start)
+	if [ -x %%PREFIX%%/libexec/ftpd-tls ]; then
+		%%PREFIX%%/libexec/ftpd-tls -DUl > /dev/null
+		echo -n ' ftpd-tls'
+	fi
+	;;
+stop)
+	if [ -r /var/run/ftpd-tls.pid ]; then
+		kill -TERM `cat /var/run/ftpd-tls.pid`
+		rm -f /var/run/ftpd-tls.pid
+		echo -n ' ftpd-tls'
+	fi
+	;;
+*)
+	echo "Usage: `basename $0` {start|stop}" >&2
+	;;
+esac
+
+exit 0
diff --git a/ftp/ftpd-tls/files/patch-Makefile.in b/ftp/ftpd-tls/files/patch-Makefile.in
new file mode 100644
index 000000000000..ad101a80ade1
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-Makefile.in
@@ -0,0 +1,11 @@
+--- Makefile.in.orig	Tue Sep  9 00:57:31 2003
++++ Makefile.in	Tue Sep  9 01:00:35 2003
+@@ -78,7 +78,7 @@
+ 	@STAT_FLAGS_C@ @BSDSRCS@
+ OBJS=	$(SRCS:.c=.o)
+ 
+-CFLAGS=   -g ${CWARNINGFLAGS}
++CFLAGS=   @CFLAGS@ ${CWARNINGFLAGS}
+ CPPFLAGS= @CPPFLAGS@ $(DEFS) -Dunix -I. -I${LSDIR}
+ 
+ BINGRP=		bin
diff --git a/ftp/ftpd-tls/files/patch-README.TLS b/ftp/ftpd-tls/files/patch-README.TLS
new file mode 100644
index 000000000000..7571a102224c
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-README.TLS
@@ -0,0 +1,10 @@
+--- README.TLS.orig	Tue Sep  9 03:04:28 2003
++++ README.TLS	Tue Sep  9 03:05:05 2003
+@@ -33,6 +33,7 @@
+ 
+ These files is searched for in the following directorys (in this order):
+ o  Current working directory of the process.
++o  %%PREFIX%%/etc/ftpd-tls.
+ o  Specified by the `X509_get_default_cert_dir_env()` environment variable
+    (usually $SSL_CERT_DIR).
+ o  `X509_get_default_cert_dir()`, usually (openssl-dir)/certs.
diff --git a/ftp/ftpd-tls/files/patch-configure b/ftp/ftpd-tls/files/patch-configure
new file mode 100644
index 000000000000..0463aaf40a3e
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-configure
@@ -0,0 +1,10 @@
+--- configure.orig	Tue Sep  9 19:20:27 2003
++++ configure	Tue Sep  9 19:20:50 2003
+@@ -4891,6 +4891,7 @@
+ cat >conftest.$ac_ext <<_ACEOF
+ #line $LINENO "configure"
+ #include "confdefs.h"
++$ac_includes_default
+ #include <utmp.h>
+ #ifdef F77_DUMMY_MAIN
+ #  ifdef __cplusplus
diff --git a/ftp/ftpd-tls/files/patch-ftpd.8.TLS b/ftp/ftpd-tls/files/patch-ftpd.8.TLS
new file mode 100644
index 000000000000..1a5d57e30326
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-ftpd.8.TLS
@@ -0,0 +1,140 @@
+--- ftpd.8.TLS.orig	Thu May 16 15:07:51 2002
++++ ftpd.8.TLS	Tue Sep  9 02:33:26 2003
+@@ -35,13 +35,13 @@
+ .\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
+ .\"
+ .Dd June 18, 1996
+-.Dt FTPD 8
++.Dt FTPD-TLS 8
+ .Os
+ .Sh NAME
+-.Nm ftpd
+-.Nd Internet File Transfer Protocol server
++.Nm ftpd-tls
++.Nd Internet File Transfer Protocol server supporting AUTH TLS
+ .Sh SYNOPSIS
+-.Nm ftpd
++.Nm ftpd-tls
+ .Op Fl AdDhlMPSU46
+ .Op Fl T Ar maxtimeout
+ .Op Fl t Ar timeout
+@@ -62,7 +62,7 @@
+ .Bl -tag -width Ds
+ .It Fl A
+ Permit only anonymous ftp connections, accounts listed in
+-.Pa /etc/ftpchroot
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ or users in a login class with the
+ .Dq ftp-chroot
+ variable set (see below).
+@@ -107,7 +107,7 @@
+ .It Fl P
+ Permit illegal port numbers or addresses for PORT command initiated connects.
+ By default
+-.Xr ftpd 8
++.Xr ftpd-tls 8
+ violates the RFC and thus constrains the PORT command to non-reserved ports
+ and requires it use the same source address as the connection came from.
+ This prevents the "FTP bounce attack" against services on both the local
+@@ -116,7 +116,7 @@
+ With this option set,
+ .Nm
+ logs all anonymous downloads to the file
+-.Pa /var/log/ftpd
++.Pa /var/log/ftpd-tls
+ when this file exists.
+ .It Fl U
+ Each concurrent
+@@ -182,14 +182,14 @@
+ .Nm
+ displays it and exits.
+ If the file
+-.Pa /etc/ftpwelcome
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
+ exists,
+ .Nm
+ prints it before issuing the
+ .Dq ready
+ message.
+ If the welcome file exists
+-.Pa ( /etc/motd
++.Pa ( %%PREFIX%%/etc/ftpd-tls/motd
+ by default),
+ .Nm
+ prints it after a successful login.
+@@ -320,13 +320,13 @@
+ file operations may be performed.
+ .It
+ The login name must not appear in the file
+-.Pa /etc/ftpusers .
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpusers .
+ .It
+ The user must have a standard shell as described by
+ .Xr shells 5 .
+ .It
+ If the user name appears in the file
+-.Pa /etc/ftpchroot
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ the session's root will be changed to the user's login directory by
+ .Xr chroot 2
+ as for an
+@@ -432,7 +432,7 @@
+ .El
+ .Pp
+ If logging to the
+-.Pa /var/log/ftpd
++.Pa /var/log/ftpd-tls
+ file is enabled, information will be written in the following format:
+ .Pp
+ .Bl -tag -width XXXXXXXXXXXXXX -offset indent -compact
+@@ -514,24 +514,24 @@
+ .It Pa welcome
+ The path of the file containing the welcome message.
+ If this variable is not set,
+-.Pa /etc/motd
++.Pa %%PREFIX%%/etc/ftpd-tls/motd
+ is used.
+ .El
+ .Sh FILES
+-.Bl -tag -width /var/run/ftpd.pid -compact
+-.It Pa /etc/ftpusers
++.Bl -tag -width /var/run/ftpd-tls.pid -compact
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpusers
+ list of unwelcome/restricted users
+-.It Pa /etc/ftpchroot
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ list of normal users who should be chrooted
+-.It Pa /etc/ftpwelcome
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
+ welcome notice
+ .It Pa /etc/nologin
+ displayed and access refused
+ .It Pa /var/run/utmp
+ list of users on the system
+-.It Pa /var/run/ftpd.pid
++.It Pa /var/run/ftpd-tls.pid
+ process ID if running in daemon mode
+-.It Pa /var/log/ftpd
++.It Pa /var/log/ftpd-tls
+ log file for anonymous downloads
+ .El
+ .Sh SEE ALSO
+@@ -541,14 +541,16 @@
+ .Xr chroot 2 ,
+ .Xr login.conf 5 ,
+ .Xr shells 5 ,
++.Xr ftpd 8 ,
+ .Xr inetd 8 ,
+ .Xr syslogd 8 ,
+-.Xr ftp-proxy 8
+ .Sh HISTORY
+ The
+-.Nm
++.Ic ftpd
+ command appeared in
+ .Bx 4.2 .
++.Pp
++AUTH TLS support added by Peter 'Luna' Runestig <peter@runestig.com>.
+ .Sh BUGS
+ The server must run as the superuser to create sockets with
+ privileged port numbers.
diff --git a/ftp/ftpd-tls/files/patch-pathnames.h b/ftp/ftpd-tls/files/patch-pathnames.h
new file mode 100644
index 000000000000..5a0cdcc6baf2
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-pathnames.h
@@ -0,0 +1,22 @@
+--- pathnames.h.orig	Fri May  3 10:15:39 2002
++++ pathnames.h	Tue Sep  9 02:34:05 2003
+@@ -40,12 +40,13 @@
+ #include <paths.h>
+ #endif /* HAVE_PATHS_H */
+ 
+-#define	_PATH_FTPUSERS		"/etc/ftpusers"
+-#define	_PATH_FTPCHROOT		"/etc/ftpchroot"
+-#define	_PATH_FTPWELCOME	"/etc/ftpwelcome"
+-#define	_PATH_FTPLOGINMESG	"/etc/motd"
+-#define _PATH_FTPDSTATFILE	"/var/log/ftpd"
+-#define _PATH_FTPDPID		"/var/run/ftpd.pid"
++#undef	_PATH_FTPUSERS
++#define	_PATH_FTPUSERS		"%%PREFIX%%/etc/ftpd-tls/ftpusers"
++#define	_PATH_FTPCHROOT		"%%PREFIX%%/etc/ftpd-tls/ftpchroot"
++#define	_PATH_FTPWELCOME	"%%PREFIX%%/etc/ftpd-tls/ftpwelcome"
++#define	_PATH_FTPLOGINMESG	"%%PREFIX%%/etc/ftpd-tls/motd"
++#define _PATH_FTPDSTATFILE	"/var/log/ftpd-tls"
++#define _PATH_FTPDPID		"/var/run/ftpd-tls.pid"
+ #define _PATH_CWDMESG		".message"
+ #ifndef _PATH_NOLOGIN
+ #define _PATH_NOLOGIN		"/etc/nologin"
diff --git a/ftp/ftpd-tls/files/patch-tlsutil.c b/ftp/ftpd-tls/files/patch-tlsutil.c
new file mode 100644
index 000000000000..8401f6549ffd
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-tlsutil.c
@@ -0,0 +1,16 @@
+--- tlsutil.c.orig	Tue Sep  9 02:55:27 2003
++++ tlsutil.c	Tue Sep  9 02:57:58 2003
+@@ -218,6 +218,13 @@
+     	fclose(file);
+ 	return fn;
+     }
++
++    snprintf(fp, sizeof(fp), "%s/%s", "%%PREFIX%%" "/etc/ftpd-tls", fn);
++    if ((file = fopen(fp, "r"))) {
++    	fclose(file);
++	return fp;
++    }
++
+     if (!(dir = getenv(X509_get_default_cert_dir_env())))  /* $SSL_CERT_DIR */
+     	dir = (char *) X509_get_default_cert_dir();
+     snprintf(fp, sizeof(fp), "%s/%s", dir, fn);