Add ftpd-tls, a FTP AUTH TLS aware ftp server. This is the counterpart

to ftp/ftp-tls and also written by Peter Runestig.

Submitted by:	Marius Strobl <marius@alchemy.franken.de>

12 files changed, 322 insertions, 0 deletions

diff --git a/ftp/ftpd-tls/Makefile b/ftp/ftpd-tls/Makefile
new file mode 100644
index 000000000000..9925ed10f748
--- /dev/null
+++ b/ftp/ftpd-tls/Makefile
@@ -0,0 +1,64 @@
+# Ports collection makefile for:	ftpd-tls
+# Date created:				21 August 2003
+# Whom:					marius@alchemy.franken.de
+#
+# $FreeBSD$
+#
+
+PORTNAME=	ftpd-tls
+PORTVERSION=	20030520
+CATEGORIES=	ftp security
+MASTER_SITES=	ftp://ftp.zeist.de/pub/distfiles/ \
+		ftp://ftp.runestig.com/pub/ftpd-tls/
+
+MAINTAINER=	marius@alchemy.franken.de
+COMMENT=	Ftp server supporting FTP AUTH TLS
+
+GNU_CONFIGURE=	YES
+USE_OPENSSL=	YES
+USE_REINPLACE=	YES
+
+MAN8=		ftpd-tls.8
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 400000
+BROKEN=		"Not supported on systems prior to FreeBSD 4.0 (missing getaddrinfo())"
+.endif
+
+CONFIGURE_ARGS=		--with-openssl-dir=${OPENSSLBASE}
+CONFIGURE_TARGET=	--build=${ARCH}-portbld-freebsd${OSREL}
+PKGMESSAGE=		${WRKDIR}/pkg-message
+
+post-patch:
+.for i in README.TLS ftpd.8.TLS pathnames.h tlsutil.c
+	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/${i}
+.endfor
+	@${SED} 's|%%PREFIX%%|${PREFIX}|g; s|%%DOCSDIR%%|${DOCSDIR}|g' \
+		${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message
+	@${SED} 's|%%PREFIX%%|${PREFIX}|g' ${FILESDIR}/ftpd-tls.sh > \
+		${WRKDIR}/ftpd-tls.sh
+
+do-install:
+	@${INSTALL_PROGRAM} ${WRKSRC}/ftpd ${PREFIX}/libexec/ftpd-tls
+	@${INSTALL_MAN} ${WRKSRC}/ftpd.8.TLS ${PREFIX}/man/man8/ftpd-tls.8
+	@${INSTALL_SCRIPT} ${WRKDIR}/ftpd-tls.sh \
+		${PREFIX}/etc/rc.d/ftpd-tls.sh.sample
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.for i in README.TLS draft-murray-auth-ftp-ssl-09.txt
+	@${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}
+.endfor
+.endif
+.if !exists(${PREFIX}/etc/ftpd-tls)
+	@${MKDIR} ${PREFIX}/etc/ftpd-tls
+	@${CHMOD} 700 ${PREFIX}/etc/ftpd-tls
+.endif
+.if (!exists(${PREFIX}/etc/ftpd-tls/ftpusers)) && (exists(/etc/ftpusers))
+	@${INSTALL_DATA} /etc/ftpusers ${PREFIX}/etc/ftpd-tls
+.endif
+
+post-install:
+	@${CAT} ${WRKDIR}/pkg-message
+
+.include <bsd.port.post.mk>
diff --git a/ftp/ftpd-tls/distinfo b/ftp/ftpd-tls/distinfo
new file mode 100644
index 000000000000..f4eba7422877
--- /dev/null
+++ b/ftp/ftpd-tls/distinfo
@@ -0,0 +1 @@
+MD5 (ftpd-tls-20030520.tar.gz) = f9b1f0cc41dbaf248e84a37896cbcec3
diff --git a/ftp/ftpd-tls/files/ftpd-tls.sh b/ftp/ftpd-tls/files/ftpd-tls.sh
new file mode 100644
index 000000000000..9b9eb473d480
--- /dev/null
+++ b/ftp/ftpd-tls/files/ftpd-tls.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+case "$1" in
+start)
+	if [ -x %%PREFIX%%/libexec/ftpd-tls ]; then
+		%%PREFIX%%/libexec/ftpd-tls -DUl > /dev/null
+		echo -n ' ftpd-tls'
+	fi
+	;;
+stop)
+	if [ -r /var/run/ftpd-tls.pid ]; then
+		kill -TERM `cat /var/run/ftpd-tls.pid`
+		rm -f /var/run/ftpd-tls.pid
+		echo -n ' ftpd-tls'
+	fi
+	;;
+*)
+	echo "Usage: `basename $0` {start|stop}" >&2
+	;;
+esac
+
+exit 0
diff --git a/ftp/ftpd-tls/files/patch-Makefile.in b/ftp/ftpd-tls/files/patch-Makefile.in
new file mode 100644
index 000000000000..ad101a80ade1
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-Makefile.in
@@ -0,0 +1,11 @@
+--- Makefile.in.orig	Tue Sep  9 00:57:31 2003
++++ Makefile.in	Tue Sep  9 01:00:35 2003
+@@ -78,7 +78,7 @@
+ 	@STAT_FLAGS_C@ @BSDSRCS@
+ OBJS=	$(SRCS:.c=.o)
+ 
+-CFLAGS=   -g ${CWARNINGFLAGS}
++CFLAGS=   @CFLAGS@ ${CWARNINGFLAGS}
+ CPPFLAGS= @CPPFLAGS@ $(DEFS) -Dunix -I. -I${LSDIR}
+ 
+ BINGRP=		bin
diff --git a/ftp/ftpd-tls/files/patch-README.TLS b/ftp/ftpd-tls/files/patch-README.TLS
new file mode 100644
index 000000000000..7571a102224c
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-README.TLS
@@ -0,0 +1,10 @@
+--- README.TLS.orig	Tue Sep  9 03:04:28 2003
++++ README.TLS	Tue Sep  9 03:05:05 2003
+@@ -33,6 +33,7 @@
+ 
+ These files is searched for in the following directorys (in this order):
+ o  Current working directory of the process.
++o  %%PREFIX%%/etc/ftpd-tls.
+ o  Specified by the `X509_get_default_cert_dir_env()` environment variable
+    (usually $SSL_CERT_DIR).
+ o  `X509_get_default_cert_dir()`, usually (openssl-dir)/certs.
diff --git a/ftp/ftpd-tls/files/patch-configure b/ftp/ftpd-tls/files/patch-configure
new file mode 100644
index 000000000000..0463aaf40a3e
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-configure
@@ -0,0 +1,10 @@
+--- configure.orig	Tue Sep  9 19:20:27 2003
++++ configure	Tue Sep  9 19:20:50 2003
+@@ -4891,6 +4891,7 @@
+ cat >conftest.$ac_ext <<_ACEOF
+ #line $LINENO "configure"
+ #include "confdefs.h"
++$ac_includes_default
+ #include <utmp.h>
+ #ifdef F77_DUMMY_MAIN
+ #  ifdef __cplusplus
diff --git a/ftp/ftpd-tls/files/patch-ftpd.8.TLS b/ftp/ftpd-tls/files/patch-ftpd.8.TLS
new file mode 100644
index 000000000000..1a5d57e30326
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-ftpd.8.TLS
@@ -0,0 +1,140 @@
+--- ftpd.8.TLS.orig	Thu May 16 15:07:51 2002
++++ ftpd.8.TLS	Tue Sep  9 02:33:26 2003
+@@ -35,13 +35,13 @@
+ .\"     @(#)ftpd.8	8.2 (Berkeley) 4/19/94
+ .\"
+ .Dd June 18, 1996
+-.Dt FTPD 8
++.Dt FTPD-TLS 8
+ .Os
+ .Sh NAME
+-.Nm ftpd
+-.Nd Internet File Transfer Protocol server
++.Nm ftpd-tls
++.Nd Internet File Transfer Protocol server supporting AUTH TLS
+ .Sh SYNOPSIS
+-.Nm ftpd
++.Nm ftpd-tls
+ .Op Fl AdDhlMPSU46
+ .Op Fl T Ar maxtimeout
+ .Op Fl t Ar timeout
+@@ -62,7 +62,7 @@
+ .Bl -tag -width Ds
+ .It Fl A
+ Permit only anonymous ftp connections, accounts listed in
+-.Pa /etc/ftpchroot
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ or users in a login class with the
+ .Dq ftp-chroot
+ variable set (see below).
+@@ -107,7 +107,7 @@
+ .It Fl P
+ Permit illegal port numbers or addresses for PORT command initiated connects.
+ By default
+-.Xr ftpd 8
++.Xr ftpd-tls 8
+ violates the RFC and thus constrains the PORT command to non-reserved ports
+ and requires it use the same source address as the connection came from.
+ This prevents the "FTP bounce attack" against services on both the local
+@@ -116,7 +116,7 @@
+ With this option set,
+ .Nm
+ logs all anonymous downloads to the file
+-.Pa /var/log/ftpd
++.Pa /var/log/ftpd-tls
+ when this file exists.
+ .It Fl U
+ Each concurrent
+@@ -182,14 +182,14 @@
+ .Nm
+ displays it and exits.
+ If the file
+-.Pa /etc/ftpwelcome
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
+ exists,
+ .Nm
+ prints it before issuing the
+ .Dq ready
+ message.
+ If the welcome file exists
+-.Pa ( /etc/motd
++.Pa ( %%PREFIX%%/etc/ftpd-tls/motd
+ by default),
+ .Nm
+ prints it after a successful login.
+@@ -320,13 +320,13 @@
+ file operations may be performed.
+ .It
+ The login name must not appear in the file
+-.Pa /etc/ftpusers .
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpusers .
+ .It
+ The user must have a standard shell as described by
+ .Xr shells 5 .
+ .It
+ If the user name appears in the file
+-.Pa /etc/ftpchroot
++.Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ the session's root will be changed to the user's login directory by
+ .Xr chroot 2
+ as for an
+@@ -432,7 +432,7 @@
+ .El
+ .Pp
+ If logging to the
+-.Pa /var/log/ftpd
++.Pa /var/log/ftpd-tls
+ file is enabled, information will be written in the following format:
+ .Pp
+ .Bl -tag -width XXXXXXXXXXXXXX -offset indent -compact
+@@ -514,24 +514,24 @@
+ .It Pa welcome
+ The path of the file containing the welcome message.
+ If this variable is not set,
+-.Pa /etc/motd
++.Pa %%PREFIX%%/etc/ftpd-tls/motd
+ is used.
+ .El
+ .Sh FILES
+-.Bl -tag -width /var/run/ftpd.pid -compact
+-.It Pa /etc/ftpusers
++.Bl -tag -width /var/run/ftpd-tls.pid -compact
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpusers
+ list of unwelcome/restricted users
+-.It Pa /etc/ftpchroot
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpchroot
+ list of normal users who should be chrooted
+-.It Pa /etc/ftpwelcome
++.It Pa %%PREFIX%%/etc/ftpd-tls/ftpwelcome
+ welcome notice
+ .It Pa /etc/nologin
+ displayed and access refused
+ .It Pa /var/run/utmp
+ list of users on the system
+-.It Pa /var/run/ftpd.pid
++.It Pa /var/run/ftpd-tls.pid
+ process ID if running in daemon mode
+-.It Pa /var/log/ftpd
++.It Pa /var/log/ftpd-tls
+ log file for anonymous downloads
+ .El
+ .Sh SEE ALSO
+@@ -541,14 +541,16 @@
+ .Xr chroot 2 ,
+ .Xr login.conf 5 ,
+ .Xr shells 5 ,
++.Xr ftpd 8 ,
+ .Xr inetd 8 ,
+ .Xr syslogd 8 ,
+-.Xr ftp-proxy 8
+ .Sh HISTORY
+ The
+-.Nm
++.Ic ftpd
+ command appeared in
+ .Bx 4.2 .
++.Pp
++AUTH TLS support added by Peter 'Luna' Runestig <peter@runestig.com>.
+ .Sh BUGS
+ The server must run as the superuser to create sockets with
+ privileged port numbers.
diff --git a/ftp/ftpd-tls/files/patch-pathnames.h b/ftp/ftpd-tls/files/patch-pathnames.h
new file mode 100644
index 000000000000..5a0cdcc6baf2
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-pathnames.h
@@ -0,0 +1,22 @@
+--- pathnames.h.orig	Fri May  3 10:15:39 2002
++++ pathnames.h	Tue Sep  9 02:34:05 2003
+@@ -40,12 +40,13 @@
+ #include <paths.h>
+ #endif /* HAVE_PATHS_H */
+ 
+-#define	_PATH_FTPUSERS		"/etc/ftpusers"
+-#define	_PATH_FTPCHROOT		"/etc/ftpchroot"
+-#define	_PATH_FTPWELCOME	"/etc/ftpwelcome"
+-#define	_PATH_FTPLOGINMESG	"/etc/motd"
+-#define _PATH_FTPDSTATFILE	"/var/log/ftpd"
+-#define _PATH_FTPDPID		"/var/run/ftpd.pid"
++#undef	_PATH_FTPUSERS
++#define	_PATH_FTPUSERS		"%%PREFIX%%/etc/ftpd-tls/ftpusers"
++#define	_PATH_FTPCHROOT		"%%PREFIX%%/etc/ftpd-tls/ftpchroot"
++#define	_PATH_FTPWELCOME	"%%PREFIX%%/etc/ftpd-tls/ftpwelcome"
++#define	_PATH_FTPLOGINMESG	"%%PREFIX%%/etc/ftpd-tls/motd"
++#define _PATH_FTPDSTATFILE	"/var/log/ftpd-tls"
++#define _PATH_FTPDPID		"/var/run/ftpd-tls.pid"
+ #define _PATH_CWDMESG		".message"
+ #ifndef _PATH_NOLOGIN
+ #define _PATH_NOLOGIN		"/etc/nologin"
diff --git a/ftp/ftpd-tls/files/patch-tlsutil.c b/ftp/ftpd-tls/files/patch-tlsutil.c
new file mode 100644
index 000000000000..8401f6549ffd
--- /dev/null
+++ b/ftp/ftpd-tls/files/patch-tlsutil.c
@@ -0,0 +1,16 @@
+--- tlsutil.c.orig	Tue Sep  9 02:55:27 2003
++++ tlsutil.c	Tue Sep  9 02:57:58 2003
+@@ -218,6 +218,13 @@
+     	fclose(file);
+ 	return fn;
+     }
++
++    snprintf(fp, sizeof(fp), "%s/%s", "%%PREFIX%%" "/etc/ftpd-tls", fn);
++    if ((file = fopen(fp, "r"))) {
++    	fclose(file);
++	return fp;
++    }
++
+     if (!(dir = getenv(X509_get_default_cert_dir_env())))  /* $SSL_CERT_DIR */
+     	dir = (char *) X509_get_default_cert_dir();
+     snprintf(fp, sizeof(fp), "%s/%s", dir, fn);
diff --git a/ftp/ftpd-tls/pkg-descr b/ftp/ftpd-tls/pkg-descr
new file mode 100644
index 000000000000..821aa170339a
--- /dev/null
+++ b/ftp/ftpd-tls/pkg-descr
@@ -0,0 +1,4 @@
+Ftp server based on the OpenBSD ftp server code, implements the
+FTP AUTH TLS IETF draft plus a custom SSL/TLS client authentication.
+
+WWW: http://www.runestig.com/osp.html
diff --git a/ftp/ftpd-tls/pkg-message b/ftp/ftpd-tls/pkg-message
new file mode 100644
index 000000000000..5d443d4c7fbd
--- /dev/null
+++ b/ftp/ftpd-tls/pkg-message
@@ -0,0 +1,14 @@
+===========================================================================
+
+Depending on how you would like to start ftpd-tls(8) either copy the
+sample start-up script %%PREFIX%%/etc/rc.d/ftpd-tls.sh.sample to
+%%PREFIX%%/etc/rc.d/ftpd-tls.sh or add the following two entries to
+your /etc/inetd.conf:
+ftp stream tcp  nowait root %%PREFIX%%/libexec/ftpd-tls ftpd-tls -Ul
+ftp stream tcp6 nowait root %%PREFIX%%/libexec/ftpd-tls ftpd-tls -Ul
+
+See %%DOCSDIR%%/README.TLS and the openssl(1) manual
+page for further information on how to generate the certificates and
+the keys and where to place them.
+
+===========================================================================
diff --git a/ftp/ftpd-tls/pkg-plist b/ftp/ftpd-tls/pkg-plist
new file mode 100644
index 000000000000..9e5cd11270d5
--- /dev/null
+++ b/ftp/ftpd-tls/pkg-plist
@@ -0,0 +1,8 @@
+libexec/ftpd-tls
+%%PORTDOCS%%%%DOCSDIR%%/README.TLS
+%%PORTDOCS%%%%DOCSDIR%%/draft-murray-auth-ftp-ssl-09.txt
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+@exec mkdir -p %D/etc/ftpd-tls && chmod 700 %D/etc/ftpd-tls
+@exec if [ ! -f %D/etc/ftpd-tls/ftpusers ] && [ -f /etc/ftpusers ]; then cp /etc/ftpusers %D/etc/ftpd-tls/ftpusers; fi
+@unexec if cmp -s %D/etc/ftpd-tls/ftpusers /etc/ftpusers; then rm -f %D/etc/ftpd-tls/ftpusers; fi
+@unexec rmdir %D/etc/ftpd-tls 2> /dev/null || echo "If permanently deleting this package, %D/etc/ftpd-tls and its contents must be removed manually."