diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e594810 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.rpm +*.log +*spec-20* +*.tar.xz diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..69116ca --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: e-smith-proftpd +# $Id: Makefile,v 1.1 2016/02/05 21:57:24 stephdl Exp $ +NAME := e-smith-proftpd +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/README.md b/README.md index e254321..b46e097 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,17 @@ -# e-smith-proftpd +# e-smith-proftpd -SMEServer Koozali developed git repo for e-smith-proftpd smeserver \ No newline at end of file +SMEServer Koozali developed git repo for e-smith-proftpd smeserver + +## Wiki +
https://wiki.koozali.org/ + +## Bugzilla +Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-proftpd&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED) + +## Description + +
*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.* +*Once it has been checked, then this comment will be deleted* +
+ +e-smith-Proftpd is an open source software package that allows users to easily set up an FTP server on their Linux or Unix-based system. It is a part of the e-smith software family, which consists of a number of professional tools for system administrators. The package provides a secure and reliable way to transfer files over the internet. It provides a wide range of features, such as virtual hosting, bandwidth throttling, file transfer logging, and support for stand-alone or inetd/xinetd operations. It is a powerful and versatile tool, and is ideal for those who want to manage and share files from their own web server. diff --git a/additional/COPYING b/additional/COPYING new file mode 100644 index 0000000..eeb586b --- /dev/null +++ b/additional/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/additional/e-smith-proftpd.spec b/additional/e-smith-proftpd.spec new file mode 100644 index 0000000..7488c16 --- /dev/null +++ b/additional/e-smith-proftpd.spec @@ -0,0 +1,375 @@ +Summary: e-smith specific proftpd configuration files and templates +%define name e-smith-proftpd +Name: %{name} +%define version 1.11.0 +%define release 01 +Version: %{version} +Release: %{release} +License: GPL +Vendor: Mitel Networks Corporation +Group: Networking/Daemons +Source: %{name}-%{version}.tar.gz +Packager: e-smith developers +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +Requires: e-smith-base >= 4.6.0-15, proftpd +Requires: e-smith-lib >= 1.13.1-33 +Requires: iptables +AutoReqProv: no + +%changelog +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-01] +- Changing version to development stream number - 1.11.0 + +* Thu Jun 26 2003 Charlie Brady +- [1.10.0-01] +- Changing version to stable stream number - 1.10.0 + +* Tue Apr 29 2003 Gordon Rowell +- [1.9.0-14] +- Modify xinetd.conf/30ftp to properly handle enabled/disabled/missing cases [gordonr 8609] + +* Mon Apr 21 2003 Mark Knox +- [1.9.0-13] +- Force 0640 on proftpd.conf [markk 8408] + +* Tue Apr 8 2003 Charlie Brady +- [1.9.0-12] +- Fix typo in path for anonymous login. [charlieb 5652] +- Remove selective binding to interfaces for now - it requires + a full xinetd restart, which we don't do in remoteaccess-update. + [charlieb 951] +- Change ScoreboardPath to ScoreboardFile - the former is deprecated + (with extreme prejudice) in current proftpd. [charlieb 5411] + +* Tue Apr 8 2003 Charlie Brady +- [1.9.0-11] +- Add ScoreboardPath directive to config file templates [charlieb 5411] + +* Tue Mar 18 2003 Charlie Brady +- [1.9.0-10] +- Add config migration fragment to migrate old ftp access properties + to new. [charlieb 7683] +- Change Copyright header to License. [charlieb] + +* Thu Mar 13 2003 Charlie Brady +- [1.9.0-09] +- Use LoginAccess property to control ftp login access - this replaces the + "acccess" semantics of 5.5 and earlier. [charlieb 7466] +- Add back the special case for Primary i-bay, as it's needed for anonymous + ftp. [charlieb 5652] + +* Fri Mar 7 2003 Charlie Brady +- [1.9.0-08] +- esmith::utils::processTemplate => esmith::templates::processTemplate. + [charlieb 7466] + +* Thu Mar 6 2003 Charlie Brady +- [1.9.0-07] +- Escape braces in logrotate.d template fragment [charlieb 6438] + +* Thu Mar 6 2003 Charlie Brady +- [1.9.0-06] +- Fix missed accessLimits => access change in ftp masq fragment [charlieb 7466] + +* Thu Mar 6 2003 Charlie Brady +- [1.9.0-05] +- Fix migrate fragment problem. [charlieb 1507] +- Remove legacy code from proftpd config templates, and simplify. [charlieb 7466] + +* Mon Mar 3 2003 Charlie Brady +- [1.9.0-04] +- Template /etc/logrotate.d/proftpd and remove postrotate sigHUP. [charlieb 6438] +- Add default config db fragments to set type/access/status [charlieb 1507] +- Replace migrate script in post-upgrade event with template fragment in + db/configuration/migrate directory. [charlieb 1507] +- Use "access" rather than "accessLimits" to control access to ftp from + outside LAN. [charlieb 7466] +- Bind to local interface only if access is private. [charlieb 951] + +* Fri Feb 28 2003 Charlie Brady +- [1.9.0-03] +- Re-do hosts.allow template to use esmith::ConfigDB::hosts_allow_spec. + Add dependency on up-to-date e-smith-lib. + TODO: fix accessLimits v access issue. [charlieb 5650] + +* Wed Jan 29 2003 Charlie Brady +- [1.9.0-02] +- Remove special cases for primary in proftpd.conf - primary + is now a pre-defined i-bay. [charlieb 5652] + +* Wed Jan 29 2003 Charlie Brady +- [1.9.0-01] +- Rolling development stream to 1.9.0 + +* Fri Oct 11 2002 Charlie Brady +- [1.8.0-01] +- Roll to maintained version number to 1.8.0 + +* Wed Oct 2 2002 Mark Knox +- [1.7.3-05] +- Removed stray braces in get_all_by_prop [markk 3786] + +* Mon Sep 23 2002 Mark Knox +- [1.7.3-04] +- Fix proftpd.conf template breakage [markk 3786] + +* Mon Sep 23 2002 Charlie Brady +- [1.7.3-03] +- Fix hosts.allow template breakage [charlieb 3786] + +* Thu Sep 19 2002 Charlie Brady +- [1.7.3-02] +- Fix i-bay section of proftpd.conf [charlieb 4950] + +* Thu Sep 12 2002 Charlie Brady +- [1.7.3-01] +- Preparing for rebuild as-source, to get rid of some patch detritus - see + bug 4825. [charlieb 4793] + +* Thu Sep 12 2002 Charlie Brady +- [1.7.2-05] +- Add missing 10LimitSiteChmod template fragment [charlieb 4793] + +* Thu Sep 12 2002 Charlie Brady +- [1.7.2-04] +- Replace deprecate AllowChmod with , which requires some + fragment shuffling. Remove unnecessary template-{begin,end}, move + 10localAccess to 00localAccess. [charlieb 4793] + +* Wed Sep 11 2002 Charlie Brady +- [1.7.2-03] +- Fix esmith::Networks => esmith::NetworksDB snafu in /etc/proftpd.conf + template. [charlieb 3786] + +* Tue Sep 10 2002 Mark Knox +- [1.7.2-02] +- Change use of allow_tcp_in() function to allow dynamic reconfig. + [charlieb 4501] +- Remove deprecated split on pipe [markk 3786] + +* Thu Aug 8 2002 Charlie Brady +- [1.7.2-01] +- Remove 46AllowFTPActive masq template fragment, allow port 21 inbound + access and allow netfilter connection tracking to do the rest of the + job of FTP access control. [charlieb 4499] + +* Wed Jul 17 2002 Charlie Brady +- [1.7.1-01] +- Change masq script fragment to use iptables. [charlieb 1268] + +* Wed Jun 5 2002 Charlie Brady +- [1.7.0-01] +- Changing version to development stream number - 1.7.0 + +* Fri May 31 2002 Charlie Brady +- [1.6.0-01] +- Changing version to maintained stream number to 1.6.0 + +* Thu May 23 2002 Gordon Rowell +- [1.5.5-01] +- RPM rebuild forced by cvsroot2rpm + +* Fri May 3 2002 Charlie Brady +- [1.5.4-01] +- Disable reverse DNS and ident lookups [charlieb 339] + +* Fri May 3 2002 Charlie Brady +- [1.5.3-01] +- Once more with feeling! (I missed one). + +* Fri May 3 2002 Charlie Brady +- [1.5.2-01] +- Fix createlinks problems with missing directories and $event scope. + +* Fri May 3 2002 Charlie Brady +- [1.5.1-01] +- Test build to verify CVS conversion. + +* Fri May 3 2002 Charlie Brady +- [1.5.0-01] +- rollRPM: Rolled version number to 1.5.0-01. Includes patches up to 1.4.0-08. + +* Wed Dec 05 2001 Jason Miller +- [1.4.0-08] +- Fix 45AllowFTP masq template to handle case where status=disabled + +* Fri Nov 16 2001 Charlie Brady +- [1.4.0-07] +- Be sure to regenerate /etc/ftpusers during password-modify event, to allow + access to password protected i-bays. +- Remove proftpd-conf actions from post-install and post-upgrade events - + bootstrap-console-save is sufficient. + +* Thu Nov 08 2001 Charlie Brady +- [1.4.0-06] +- Fix xinetd.conf template fragment so that status=disabled is honoured. + +* Mon Oct 22 2001 Charlie Brady +- [1.4.0-05] +- Add missing bootstrap-console-save symlink. + +* Tue Aug 21 2001 Gordon Rowell +- [1.4.0-04] +- Fixed e-smith-base dependency + +* Tue Aug 21 2001 Gordon Rowell +- [1.4.0-03] +- Removed "public" from /etc/ftpusers +- Removed post-restore event +- Added Vendor tag + +* Fri Aug 17 2001 gordonr +- [1.4.0-02] +- Autorebuild by rebuildRPM + +* Wed Aug 8 2001 Charlie Brady +- [1.4.0-01] +- Rolled version number to 1.4.0-01. Includes patches upto 1.3.0-03. + +* Fri Jul 6 2001 Peter Samuel +- [1.3.0-03] +- Changed license to GPL + +* Fri Jun 29 2001 Gordon Rowell +- [1.3.0-02] +- Make use of /etc/e-smith/pam/accounts.deny as template for /etc/ftpusers + +* Fri Jun 29 2001 Gordon Rowell +- [1.3.0-01] +- Rolled version number to 1.3.0-01. Includes patches upto 1.2.0-07. + +* Tue Mar 27 2001 Charlie Brady +- [1.2.0-07] +- Avoid proftp DoS attack with wildcards +- Allow FTP ports, with optional "ForcePassive|yes" property, defaulting to no + +* Thu Feb 8 2001 Adrian Chung +- [1.2.0-06] +- Rolling release number for GPG signing. + +* Tue Jan 30 2001 Jason Miller +- [1.2.0-05] +- Changed 'use smith::db' to 'use esmith::db'. + +* Tue Jan 30 2001 Charlie Brady +- [1.2.0-04] +- And "use esmith::db" is reuqired. + +* Mon Jan 29 2001 Charlie Brady +- [1.2.0-03] +- Fixed syntax error in previous fix :-) + +* Fri Jan 26 2001 Charlie Brady +- [1.2.0-02] +- Fix reference to legacy config variable in proftpd.conf fragment + +* Fri Jan 26 2001 Peter Samuel +- [1.2.0-01] +- Rolled version number to 1.2.0-01. Includes patches upto 1.1.0-13. + +* Thu Jan 25 2001 Adrian Chung +- [1.1.0-13] +- Added default for accessLimits in proftpd-conf + +* Wed Jan 24 2001 Charlie Brady +- [1.1.0-12] +- Added AllowFTP fragment for /etc/rc.d/init.d/masq. +- Remove %post action + +* Thu Jan 18 2001 Adrian Chung +- [1.1.0-11] +- FTP now uses a new setting FTP access limits in remote access + which completely governs access control to the service. +- The old FTP setting governs only user logins. +- updated xinetd.conf/ftp fragment to use new value + +* Wed Jan 17 2001 Jason Miller +- removed %postun deletion of ftp line in configuration + to comply with the sillyness of rpm upgrade + +* Fri Jan 12 2001 Gordon Rowell +- ftpd != ftp :-( + +* Fri Jan 12 2001 Gordon Rowell +- Migrate FTPServerMode variable + +* Sat Jan 6 2001 Charlie Brady +- [1.1.0-7] +- Only run %post and %postun scripts if in runlevel 7 + +* Fri Jan 5 2001 Adrian Chung +- [1.1.0-6] +- add selective bind back in. + +* Fri Jan 5 2001 Adrian Chung +- [1.1.0-5] +- backed out bind local interface code, needs to be rethought + to allow access to localhost + +* Thu Jan 4 2001 Adrian Chung +- [1.1.0-4] +- changed 30ftp to only expand if ftp service is enabled. +- if ftp access is set to private, only bind to LocalIP in + xinetd.conf + +* Sun Dec 17 2000 Charlie Brady +- [1.1.0-3] +- Delete /etc/rc.d/init.d/masq template fragment. + +* Mon Dec 4 2000 Adrian Chung +- Added link for post-install. + +* Fri Dec 1 2000 Adrian Chung +- initial release + +%description +Configuration files and templates for the ProFTPd ftp server. + +%prep +%setup + +%build +mkdir -p root/etc/e-smith/events +for i in \ + console-save \ + bootstrap-console-save \ + domain-create \ + domain-delete \ + domain-modify \ + ibay-create \ + ibay-delete \ + ibay-modify \ + ibay-modify-servers \ + ip-change \ + network-create \ + network-delete \ + post-upgrade \ + remoteaccess-update \ + password-modify +do + mkdir root/etc/e-smith/events/$i +done +perl createlinks + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + > %{name}-%{version}-%{release}-filelist +echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre + +%preun + +%post + +%postun + +%files -f %{name}-%{version}-%{release}-filelist +%defattr(-,root,root) diff --git a/contriborbase b/contriborbase new file mode 100644 index 0000000..ef36a67 --- /dev/null +++ b/contriborbase @@ -0,0 +1 @@ +sme10 diff --git a/createlinks b/createlinks new file mode 100755 index 0000000..0747f21 --- /dev/null +++ b/createlinks @@ -0,0 +1,78 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +safe_symlink("proftpd", "root/var/service/ftp"); + +templates2events("/etc/logrotate.d/proftpd", qw( + bootstrap-console-save + e-smith-proftpd-update + )); +templates2events("/etc/pam.d/ftp", qw( + bootstrap-console-save + e-smith-proftpd-update + )); +templates2events("/etc/ftpusers", qw( + bootstrap-console-save + network-create + network-delete + remoteaccess-update + password-modify + user-lock + e-smith-proftpd-update + )); + +templates2events("/etc/proftpd.conf", qw( + console-save + bootstrap-console-save + domain-create + domain-delete + domain-modify + ibay-create + ibay-delete + ibay-modify + ibay-modify-servers + ip-change + network-create + network-delete + remoteaccess-update + password-modify + e-smith-proftpd-update + ssl-update + )); + +foreach my $event (qw( + remoteaccess-update)) +{ + safe_symlink("sigusr1", "root/etc/e-smith/events/$event/services2adjust/ftp"); +} + +foreach my $event (qw( + bootstrap-console-save + network-create + remoteaccess-update + network-delete + e-smith-proftpd-update + )) +{ + templates2events("/var/service/ftp/peers/0", $event); + templates2events("/var/service/ftp/peers/local", $event); +} +foreach my $event (qw( + network-create + network-delete + )) +{ + safe_symlink("sigusr1", "root/etc/e-smith/events/$event/services2adjust/ftp"); +} + +safe_symlink("restart", "root/etc/e-smith/events/ssl-update/services2adjust/ftp"); + +my $event = 'e-smith-proftpd-update'; +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ftp"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog"); +templates2events("/etc/systemd/system-preset/49-koozali.preset", $event); +event_link("systemd-reload", $event, "89"); +templates2events("/etc/rsyslog.conf", $event); + +exit 0; diff --git a/e-smith-proftpd.spec b/e-smith-proftpd.spec new file mode 100644 index 0000000..d46afa6 --- /dev/null +++ b/e-smith-proftpd.spec @@ -0,0 +1,623 @@ +# $Id: e-smith-proftpd.spec,v 1.16 2021/05/31 04:21:31 jpp Exp $ + +Summary: e-smith specific proftpd configuration files and templates +%define name e-smith-proftpd +Name: %{name} +%define version 2.6.0 +%define release 16 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: Networking/Daemons +Source: %{name}-%{version}.tar.xz + +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +BuildRequires: e-smith-devtools +Requires: e-smith-base >= 4.15.0-05, proftpd +Requires: e-smith-lib >= 1.15.1-33 +Requires: iptables +AutoReqProv: no + +%changelog +* Wed Jul 12 2023 cvs2git.sh aka Brian Read 2.6.0-16.sme +- Roll up patches and move to git repo [SME: 12338] + +* Wed Jul 12 2023 BogusDateBot +- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday, + by assuming the date is correct and changing the weekday. + +* Mon May 31 2021 Jean-Philippe Pialasse 2.6.0-15.sme +- restart proftpd on ssl-update [SME: 11603] + +* Tue Mar 16 2021 Jean-Philippe Pialasse 2.6.0-14.sme +- cleanup in /etc/rc.d [SME: 9692] + +* Wed Mar 03 2021 Jean-Philipe Pialasse 2.6.0-13.sme +- redirect log away from message [SME: 11384] + +* Thu Feb 18 2021 Jean-Philipe Pialasse 2.6.0-12.sme +- fix circular Conflict with proftpd [SME: 11357] + +* Thu Jan 14 2021 Jean-Philipe Pialasse 2.6.0-11.sme +- improve protect from proftpd.service running [SME: 11106] + +* Fri Jan 08 2021 Jean-Philipe Pialasse 2.6.0-10.sme +- protect from proftpd.service running in place of ftp.service [SME: 11106] +- remove system-preset file from usr [SME: 10958] +- SSL crt and key to self signed if path does not exist [SME: 11316] + +* Thu Dec 10 2020 Michel Begue 2.6.0-8.sme +- add Requires=runit.service [SME: 11245] + +* Thu Dec 03 2020 Jean-Philipe Pialasse 2.6.0-7.sme +- execute systemd-reload before service adjust in events [SME: 11228] +- remove S95reset-unsavedflag [SME: 11229] + +* Wed Nov 25 2020 Michel Begue 2.6.0-6.sme +- Remove ftp from 'init.d/supervise' [SME: 11106] [SME: 11150] + +* Wed Nov 25 2020 Michel Begue 2.6.0-5.sme +- Move ftp service to systemd [SME: 11106] +- Create e-smith-proftpd-update event [SME: 11150] + +* Wed Aug 03 2016 Jean-Philipe Pialasse 2.6.0-4.sme +- fix typos [SME: 6804] +- set default as required +- NB: client must be set as active connection, not passive + +* Fri Jun 17 2016 Jean-Philipe Pialasse 2.6.0-3.sme +- updated patch for certificate chain +- Thanks to Daniel Berteaud + +* Fri Jun 17 2016 Jean-Philipe Pialasse 2.6.0-2.sme +- Adding TLS support to proftp configuration [SME: 6804] +- default is enabled but not required, only TLSv1.1 and v1.2 + +* Fri Feb 05 2016 stephane de Labrusse 2.6.0-1.sme +- Initial release to sme10 + +* Fri Jun 7 2013 Daniel Berteaud 2.4.0-3.sme +- Also remove the empty template-begin file in pam.d/proftpd templates [SME: 7660] + +* Fri Jun 7 2013 Daniel Berteaud 2.4.0-2.sme +- Remove unused pam templates [SME: 7660] + +* Wed Feb 13 2013 Shad L. Lords 2.4.0-1.sme +- Roll new stream for sme9 + +* Fri Feb 8 2013 Ian Wells 2.2.0-6.sme +- Ensure Deny from all is on its own line in 15LimitLOGIN [SME: 7327] + +* Wed Jan 23 2013 Ian Wells 2.2.0-5.sme +- Workaround a deficiency in the proftpd package where it doesn't + handle long lines correctly in its configuration file. + Fix submitted by Charlie Brady [SME: 6949] + +* Tue Jan 22 2013 Ian Wells 2.2.0-4.sme +- Remove previous change [SME: 7129] + +* Wed Dec 19 2012 Ian Wells 2.2.0-3.sme +- Add VRoot engine to avoid pam log error [SME: 7129] + +* Wed Sep 22 2010 Daniel Berteaud 2.2.0-2.sme +- Add PersistentPasswd directive to force proftpd to use pam [SME: 6219] + +* Tue Oct 7 2008 Shad L. Lords 2.2.0-1.sme +- Roll new stream to separate sme7/sme8 trees [SME: 4633] + +* Wed Jan 09 2008 Stephen Noble 1.12.0-11 +- ShowSymlinks off [SME: 993] + +* Wed Oct 31 2007 Gavin Weight 1.12.0-10 +- Rename DisplayFirstChdir to DisplayChdir. [SME: 3479] + +* Tue Jun 26 2007 Gavin Weight 1.12.0-9 +- Create pam.d directory and move ftp/proftpd templates into pam.d. +[SME: 2762] + +* Sun Apr 29 2007 Shad L. Lords +- Clean up spec so package can be built by koji/plague + +* Fri Apr 06 2007 Shad L. Lords 1.12.0-8 +- Change perms for ftpusers file. [SME: 2841] + +* Fri Apr 06 2007 Shad L. Lords 1.12.0-7 +- Rename log directory from proftpd to ftp [SME: 2706] + +* Wed Jan 10 2007 Shad L. Lords 1.12.0-6 +- Add global override for chroot path. [SME: 590] + +* Wed Jan 03 2007 Shad L. Lords 1.12.0-5 +- Add fixed chroot patch back in. [SME: 590] + +* Thu Dec 07 2006 Shad L. Lords +- Update to new release naming. No functional changes. +- Make Packager generic + +* Thu Sep 21 2006 Gavin Weight 1.12.0-03 +- Expand /etc/ftpusers if user is locked/password reset. [SME: 1921] + +* Tue Apr 18 2006 Gordon Rowell 1.12.0-02 +- Force permissions on /var/log/proftpd in log/run script [SME: 1267] + +* Thu Mar 16 2006 Charlie Brady 1.12.0-01 +- Roll stable stream version. [SME: 1016] + +* Tue Feb 28 2006 Charlie Brady 1.11.0-29 +- Back out the chroot patch for now. [SME: 590] + +* Fri Jan 27 2006 Shad L. Lords 1.11.0-28 +- Disable anonymous ibays if globally disabled. + +* Fri Jan 27 2006 Shad L. Lords 1.11.0-27 +- Add chroot for users [SME: 590] +- Add ability to disable anonymous access [SME: 591] + +* Wed Nov 30 2005 Gordon Rowell 1.11.0-26 +- Bump release number only + +* Wed Oct 12 2005 Charlie Brady +- [1.11.0-25] +- Filter out comments in peers files, to avoid log noise from + tcpsvd. Fix name of peers/local templates.metadata file. + [SF: 1324719] + +* Wed Jul 27 2005 Shad Lords +- [1.11.0-24] +- Move masq fragement from template to db [SF: 1241416] + +* Tue Jun 14 2005 Charlie Brady +- [1.11.0-23] +- Re-expand peers/{0,local} in remoteaccess-update, as permissions + may have changed. [SF: 1220510] + +* Tue Mar 29 2005 Charlie Brady +- [1.11.0-22] +- Create empty template-begin template fragments for tcpsvd + ACL files. + +* Tue Mar 29 2005 Charlie Brady +- [1.11.0-21] +- Don't use sigusr1 in bootstrap-console-save, as the service is not + up, and sigusr1 will be ignored. Instead, call ./control/1 from run + script. + +* Wed Mar 23 2005 Charlie Brady +- [1.11.0-20] +- Use sigusr1 in remoteaccess-update. This will generate the network ACL + symlinks. 'adjust-services' implicitly starts any service which + should be running. + +* Wed Mar 16 2005 Charlie Brady +- [1.11.0-19] +- Use tcpsvd in place of tcpserver. Manage network access lists + using new esmith::tcpsvd library. Update e-smith-lib depenency. +- Add symlink /var/service/ftp -> proftpd. +- Add zero length template-begin files to peers/{0,local}, to avoid + log noise from comment lines. + +* Wed Mar 16 2005 Charlie Brady +- [1.11.0-18] +- Add missing templates for peers/{0,local}. + +* Wed Mar 16 2005 Charlie Brady +- [1.11.0-17] +- Optimise template expansions versus events - only expand files + which may have changed. + +* Tue Mar 15 2005 Charlie Brady +- [1.11.0-16] +- Fix service name in adjust-services symlink. [MN00065576] + +* Sun Mar 13 2005 Charlie Brady +- [1.11.0-15] +- Replace proftp-startstop action with call to 'adjust-services'. + Update e-smith-lib version dependency. [MN00065576] +- Use generic_template_expand action in place of proftpd-conf. + [MN00064130] +- Re-add missing restart patch to config. + +* Thu Mar 10 2005 Charlie Brady +- [1.11.0-14] +- Allow restarts of retreive and store. Patch from Shad. [MN00073802] +- Avoid duplicate Primary section in config. Patch from Shad. [MN00073804] + +* Wed Feb 9 2005 Charlie Brady +- [1.11.0-13] +- Remove migrate fragment for very old FTPServerMode property. [MN00065931] +- Clean BuildRequires. [charlieb MN00043055] + +* Fri Sep 3 2004 Michael Soulier +- [1.11.0-12] +- Backout of user-create/delete addition. Wrong way to go. + [msoulier MN00035806] + +* Fri Sep 3 2004 Michael Soulier +- [1.11.0-11] +- Added proftpd-conf and startstop to user-create/delete. + [msoulier MN00035806] + +* Wed Aug 4 2004 Michael Soulier +- [1.11.0-10] +- Updated startstop to use esmith::util::serviceControl. [msoulier MN00031530] + +* Mon Sep 22 2003 Michael Soulier +- [1.11.0-09] +- Fixed network spec format. CIDR format expected. [msoulier 10069] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-08] +- Fix c&p error in tcprules template fragment. [charlieb 9547] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-07] +- Add requires for correct version of e-smith-base. [charlieb 9547] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-06] +- Remove hosts.allow and xinetd.conf template fragments. + [charlieb 9547] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-05] +- Fix a couple of run time errors. [charlieb 9547] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-04] +- Service directory and rc7.d symlinks must be called ftp, since that is + the service record name. Use /etc/rc.d/init.d/supervise directory, to + avoid potential clash with stock init script. [charlieb 9547,9930] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-03] +- Use new createlinks library to reduce code. [charlieb 9809] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-02] +- Run proftpd under supervise and tcpserver. [charlieb 9547] + +* Fri Sep 5 2003 Charlie Brady +- [1.11.0-01] +- Changing version to development stream number - 1.11.0 + +* Thu Jun 26 2003 Charlie Brady +- [1.10.0-01] +- Changing version to stable stream number - 1.10.0 + +* Tue Apr 29 2003 Gordon Rowell +- [1.9.0-14] +- Modify xinetd.conf/30ftp to properly handle enabled/disabled/missing cases [gordonr 8609] + +* Mon Apr 21 2003 Mark Knox +- [1.9.0-13] +- Force 0640 on proftpd.conf [markk 8408] + +* Tue Apr 8 2003 Charlie Brady +- [1.9.0-12] +- Fix typo in path for anonymous login. [charlieb 5652] +- Remove selective binding to interfaces for now - it requires + a full xinetd restart, which we don't do in remoteaccess-update. + [charlieb 951] +- Change ScoreboardPath to ScoreboardFile - the former is deprecated + (with extreme prejudice) in current proftpd. [charlieb 5411] + +* Tue Apr 8 2003 Charlie Brady +- [1.9.0-11] +- Add ScoreboardPath directive to config file templates [charlieb 5411] + +* Tue Mar 18 2003 Charlie Brady +- [1.9.0-10] +- Add config migration fragment to migrate old ftp access properties + to new. [charlieb 7683] +- Change Copyright header to License. [charlieb] + +* Thu Mar 13 2003 Charlie Brady +- [1.9.0-09] +- Use LoginAccess property to control ftp login access - this replaces the + "acccess" semantics of 5.5 and earlier. [charlieb 7466] +- Add back the special case for Primary i-bay, as it's needed for anonymous + ftp. [charlieb 5652] + +* Fri Mar 7 2003 Charlie Brady +- [1.9.0-08] +- esmith::utils::processTemplate => esmith::templates::processTemplate. + [charlieb 7466] + +* Thu Mar 6 2003 Charlie Brady +- [1.9.0-07] +- Escape braces in logrotate.d template fragment [charlieb 6438] + +* Thu Mar 6 2003 Charlie Brady +- [1.9.0-06] +- Fix missed accessLimits => access change in ftp masq fragment [charlieb 7466] + +* Thu Mar 6 2003 Charlie Brady +- [1.9.0-05] +- Fix migrate fragment problem. [charlieb 1507] +- Remove legacy code from proftpd config templates, and simplify. [charlieb 7466] + +* Mon Mar 3 2003 Charlie Brady +- [1.9.0-04] +- Template /etc/logrotate.d/proftpd and remove postrotate sigHUP. [charlieb 6438] +- Add default config db fragments to set type/access/status [charlieb 1507] +- Replace migrate script in post-upgrade event with template fragment in + db/configuration/migrate directory. [charlieb 1507] +- Use "access" rather than "accessLimits" to control access to ftp from + outside LAN. [charlieb 7466] +- Bind to local interface only if access is private. [charlieb 951] + +* Fri Feb 28 2003 Charlie Brady +- [1.9.0-03] +- Re-do hosts.allow template to use esmith::ConfigDB::hosts_allow_spec. + Add dependency on up-to-date e-smith-lib. + TODO: fix accessLimits v access issue. [charlieb 5650] + +* Wed Jan 29 2003 Charlie Brady +- [1.9.0-02] +- Remove special cases for primary in proftpd.conf - primary + is now a pre-defined i-bay. [charlieb 5652] + +* Wed Jan 29 2003 Charlie Brady +- [1.9.0-01] +- Rolling development stream to 1.9.0 + +* Fri Oct 11 2002 Charlie Brady +- [1.8.0-01] +- Roll to maintained version number to 1.8.0 + +* Wed Oct 2 2002 Mark Knox +- [1.7.3-05] +- Removed stray braces in get_all_by_prop [markk 3786] + +* Mon Sep 23 2002 Mark Knox +- [1.7.3-04] +- Fix proftpd.conf template breakage [markk 3786] + +* Mon Sep 23 2002 Charlie Brady +- [1.7.3-03] +- Fix hosts.allow template breakage [charlieb 3786] + +* Thu Sep 19 2002 Charlie Brady +- [1.7.3-02] +- Fix i-bay section of proftpd.conf [charlieb 4950] + +* Thu Sep 12 2002 Charlie Brady +- [1.7.3-01] +- Preparing for rebuild as-source, to get rid of some patch detritus - see + bug 4825. [charlieb 4793] + +* Thu Sep 12 2002 Charlie Brady +- [1.7.2-05] +- Add missing 10LimitSiteChmod template fragment [charlieb 4793] + +* Thu Sep 12 2002 Charlie Brady +- [1.7.2-04] +- Replace deprecate AllowChmod with , which requires some + fragment shuffling. Remove unnecessary template-{begin,end}, move + 10localAccess to 00localAccess. [charlieb 4793] + +* Wed Sep 11 2002 Charlie Brady +- [1.7.2-03] +- Fix esmith::Networks => esmith::NetworksDB snafu in /etc/proftpd.conf + template. [charlieb 3786] + +* Tue Sep 10 2002 Mark Knox +- [1.7.2-02] +- Change use of allow_tcp_in() function to allow dynamic reconfig. + [charlieb 4501] +- Remove deprecated split on pipe [markk 3786] + +* Thu Aug 8 2002 Charlie Brady +- [1.7.2-01] +- Remove 46AllowFTPActive masq template fragment, allow port 21 inbound + access and allow netfilter connection tracking to do the rest of the + job of FTP access control. [charlieb 4499] + +* Wed Jul 17 2002 Charlie Brady +- [1.7.1-01] +- Change masq script fragment to use iptables. [charlieb 1268] + +* Wed Jun 5 2002 Charlie Brady +- [1.7.0-01] +- Changing version to development stream number - 1.7.0 + +* Fri May 31 2002 Charlie Brady +- [1.6.0-01] +- Changing version to maintained stream number to 1.6.0 + +* Thu May 23 2002 Gordon Rowell +- [1.5.5-01] +- RPM rebuild forced by cvsroot2rpm + +* Fri May 3 2002 Charlie Brady +- [1.5.4-01] +- Disable reverse DNS and ident lookups [charlieb 339] + +* Fri May 3 2002 Charlie Brady +- [1.5.3-01] +- Once more with feeling! (I missed one). + +* Fri May 3 2002 Charlie Brady +- [1.5.2-01] +- Fix createlinks problems with missing directories and $event scope. + +* Fri May 3 2002 Charlie Brady +- [1.5.1-01] +- Test build to verify CVS conversion. + +* Fri May 3 2002 Charlie Brady +- [1.5.0-01] +- rollRPM: Rolled version number to 1.5.0-01. Includes patches up to 1.4.0-08. + +* Wed Dec 05 2001 Jason Miller +- [1.4.0-08] +- Fix 45AllowFTP masq template to handle case where status=disabled + +* Fri Nov 16 2001 Charlie Brady +- [1.4.0-07] +- Be sure to regenerate /etc/ftpusers during password-modify event, to allow + access to password protected i-bays. +- Remove proftpd-conf actions from post-install and post-upgrade events - + bootstrap-console-save is sufficient. + +* Thu Nov 08 2001 Charlie Brady +- [1.4.0-06] +- Fix xinetd.conf template fragment so that status=disabled is honoured. + +* Mon Oct 22 2001 Charlie Brady +- [1.4.0-05] +- Add missing bootstrap-console-save symlink. + +* Tue Aug 21 2001 Gordon Rowell +- [1.4.0-04] +- Fixed e-smith-base dependency + +* Tue Aug 21 2001 Gordon Rowell +- [1.4.0-03] +- Removed "public" from /etc/ftpusers +- Removed post-restore event +- Added Vendor tag + +* Fri Aug 17 2001 gordonr +- [1.4.0-02] +- Autorebuild by rebuildRPM + +* Wed Aug 8 2001 Charlie Brady +- [1.4.0-01] +- Rolled version number to 1.4.0-01. Includes patches upto 1.3.0-03. + +* Fri Jul 6 2001 Peter Samuel +- [1.3.0-03] +- Changed license to GPL + +* Fri Jun 29 2001 Gordon Rowell +- [1.3.0-02] +- Make use of /etc/e-smith/pam/accounts.deny as template for /etc/ftpusers + +* Fri Jun 29 2001 Gordon Rowell +- [1.3.0-01] +- Rolled version number to 1.3.0-01. Includes patches upto 1.2.0-07. + +* Tue Mar 27 2001 Charlie Brady +- [1.2.0-07] +- Avoid proftp DoS attack with wildcards +- Allow FTP ports, with optional "ForcePassive|yes" property, defaulting to no + +* Thu Feb 8 2001 Adrian Chung +- [1.2.0-06] +- Rolling release number for GPG signing. + +* Tue Jan 30 2001 Jason Miller +- [1.2.0-05] +- Changed 'use smith::db' to 'use esmith::db'. + +* Tue Jan 30 2001 Charlie Brady +- [1.2.0-04] +- And "use esmith::db" is reuqired. + +* Mon Jan 29 2001 Charlie Brady +- [1.2.0-03] +- Fixed syntax error in previous fix :-) + +* Fri Jan 26 2001 Charlie Brady +- [1.2.0-02] +- Fix reference to legacy config variable in proftpd.conf fragment + +* Fri Jan 26 2001 Peter Samuel +- [1.2.0-01] +- Rolled version number to 1.2.0-01. Includes patches upto 1.1.0-13. + +* Thu Jan 25 2001 Adrian Chung +- [1.1.0-13] +- Added default for accessLimits in proftpd-conf + +* Wed Jan 24 2001 Charlie Brady +- [1.1.0-12] +- Added AllowFTP fragment for /etc/rc.d/init.d/masq. +- Remove %post action + +* Thu Jan 18 2001 Adrian Chung +- [1.1.0-11] +- FTP now uses a new setting FTP access limits in remote access + which completely governs access control to the service. +- The old FTP setting governs only user logins. +- updated xinetd.conf/ftp fragment to use new value + +* Wed Jan 17 2001 Jason Miller +- removed %postun deletion of ftp line in configuration + to comply with the sillyness of rpm upgrade + +* Fri Jan 12 2001 Gordon Rowell +- ftpd != ftp :-( + +* Fri Jan 12 2001 Gordon Rowell +- Migrate FTPServerMode variable + +* Sat Jan 6 2001 Charlie Brady +- [1.1.0-7] +- Only run %post and %postun scripts if in runlevel 7 + +* Fri Jan 5 2001 Adrian Chung +- [1.1.0-6] +- add selective bind back in. + +* Fri Jan 5 2001 Adrian Chung +- [1.1.0-5] +- backed out bind local interface code, needs to be rethought + to allow access to localhost + +* Thu Jan 4 2001 Adrian Chung +- [1.1.0-4] +- changed 30ftp to only expand if ftp service is enabled. +- if ftp access is set to private, only bind to LocalIP in + xinetd.conf + +* Sun Dec 17 2000 Charlie Brady +- [1.1.0-3] +- Delete /etc/rc.d/init.d/masq template fragment. + +* Mon Dec 4 2000 Adrian Chung +- Added link for post-install. + +* Fri Dec 1 2000 Adrian Chung +- initial release + +%description +Configuration files and templates for the ProFTPd ftp server. + +%prep +%setup + +# Remove the empty template-begin and the directory +rm -rf root/etc/e-smith/templates/etc/pam.d/proftpd/ + +%build +perl createlinks + +%install +rm -rf $RPM_BUILD_ROOT +(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) +rm -f %{name}-%{version}-%{release}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --dir /var/service/proftpd 'attr(01755,root,root)' \ + --file /var/service/proftpd/down 'attr(0644,root,root)' \ + --file /var/service/proftpd/run 'attr(0755,root,root)' \ + --file /var/service/proftpd/control/1 'attr(0755,root,root)' \ + --dir /var/service/proftpd/log 'attr(0755,root,root)' \ + --dir /var/service/proftpd/log/supervise 'attr(0700,root,root)' \ + --dir /var/service/proftpd/supervise 'attr(0700,root,root)' \ + --file /var/service/proftpd/log/run 'attr(0755,root,root)' \ + --dir /var/log/ftp 'attr(2750,smelog,smelog)' \ + > %{name}-%{version}-%{release}-filelist +echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +/sbin/e-smith/create-system-user smelog 1002 \ + 'sme log user' /var/log/smelog /bin/false + +%files -f %{name}-%{version}-%{release}-filelist +%defattr(-,root,root) diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/LoginAccess b/root/etc/e-smith/db/configuration/defaults/ftp/LoginAccess new file mode 100644 index 0000000..3e18ebf --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/LoginAccess @@ -0,0 +1 @@ +private diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/TCPPort b/root/etc/e-smith/db/configuration/defaults/ftp/TCPPort new file mode 100644 index 0000000..aabe6ec --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/TCPPort @@ -0,0 +1 @@ +21 diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable b/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable new file mode 100644 index 0000000..b3d8640 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/TLSEnable @@ -0,0 +1 @@ +on diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired b/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired new file mode 100644 index 0000000..b3d8640 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/TLSRequired @@ -0,0 +1 @@ +on diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient b/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient new file mode 100644 index 0000000..cfb931e --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/TLSVerifyClient @@ -0,0 +1 @@ +off diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/access b/root/etc/e-smith/db/configuration/defaults/ftp/access new file mode 100644 index 0000000..3e18ebf --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/access @@ -0,0 +1 @@ +private diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/status b/root/etc/e-smith/db/configuration/defaults/ftp/status new file mode 100644 index 0000000..7a68b11 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/status @@ -0,0 +1 @@ +disabled diff --git a/root/etc/e-smith/db/configuration/defaults/ftp/type b/root/etc/e-smith/db/configuration/defaults/ftp/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/ftp/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/db/configuration/migrate/20proftpd.access b/root/etc/e-smith/db/configuration/migrate/20proftpd.access new file mode 100644 index 0000000..46718ba --- /dev/null +++ b/root/etc/e-smith/db/configuration/migrate/20proftpd.access @@ -0,0 +1,27 @@ +{ + my $ftp = $DB->get('ftp'); + return unless defined $ftp; + + my $access = $ftp->prop('accessLimits'); + return unless defined $access; # New or already migrated server + + my $login = $ftp->prop('access') || 'private'; + my $status = $ftp->prop('status') || 'disabled'; + if ($access eq "normal") + { + $status = 'enabled'; + $access = 'public'; + } + if ($access eq "off") + { + $status = 'disabled'; + $access = 'private'; + } + + $ftp->delete_prop('accessLimits'); + $ftp->merge_props( + LoginAccess => $login, + access => $access, + status => $status, + ); +} diff --git a/root/etc/e-smith/templates.metadata/etc/ftpusers b/root/etc/e-smith/templates.metadata/etc/ftpusers new file mode 100644 index 0000000..d51d5de --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/ftpusers @@ -0,0 +1,4 @@ +MORE_DATA={ACCOUNTS_DENY_ALLOW_PUBLIC => 1} +TEMPLATE_PATH="/etc/e-smith/pam/accounts.deny" +OUTPUT_FILENAME="/etc/ftpusers" +PERMS=0644 diff --git a/root/etc/e-smith/templates.metadata/etc/proftpd.conf b/root/etc/e-smith/templates.metadata/etc/proftpd.conf new file mode 100644 index 0000000..2306005 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/proftpd.conf @@ -0,0 +1 @@ +PERMS=0640 diff --git a/root/etc/e-smith/templates.metadata/var/service/ftp/peers/0 b/root/etc/e-smith/templates.metadata/var/service/ftp/peers/0 new file mode 100644 index 0000000..7ff21a7 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/var/service/ftp/peers/0 @@ -0,0 +1,2 @@ +PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('ftp')->prop('access') eq "private") ? "000" : "0644" +FILTER=sub { $_[0] =~ /^#/ ? '' : $_[0] } # Remove comments diff --git a/root/etc/e-smith/templates.metadata/var/service/ftp/peers/local b/root/etc/e-smith/templates.metadata/var/service/ftp/peers/local new file mode 100644 index 0000000..cd9cb43 --- /dev/null +++ b/root/etc/e-smith/templates.metadata/var/service/ftp/peers/local @@ -0,0 +1,2 @@ +PERMS=use esmith::ConfigDB; (esmith::ConfigDB->open_ro->get('ftp')->prop('status') eq "enabled") ? "0644" : "0000" +FILTER=sub { $_[0] =~ /^#/ ? '' : $_[0] } # Remove comments diff --git a/root/etc/e-smith/templates/etc/logrotate.d/proftpd/var.log.proftpd b/root/etc/e-smith/templates/etc/logrotate.d/proftpd/var.log.proftpd new file mode 100644 index 0000000..3d961c4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/logrotate.d/proftpd/var.log.proftpd @@ -0,0 +1,6 @@ + +/var/log/proftpd/*.log \{ + compress + missingok +\} + diff --git a/root/etc/e-smith/templates/etc/logrotate.d/proftpd/xferlog b/root/etc/e-smith/templates/etc/logrotate.d/proftpd/xferlog new file mode 100644 index 0000000..db1b72b --- /dev/null +++ b/root/etc/e-smith/templates/etc/logrotate.d/proftpd/xferlog @@ -0,0 +1,4 @@ +/var/log/xferlog \{ + compress + missingok +\} diff --git a/root/etc/e-smith/templates/etc/pam.d/ftp/10authFTPusers b/root/etc/e-smith/templates/etc/pam.d/ftp/10authFTPusers new file mode 100644 index 0000000..a027b11 --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/ftp/10authFTPusers @@ -0,0 +1 @@ +auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed diff --git a/root/etc/e-smith/templates/etc/pam.d/ftp/20auth b/root/etc/e-smith/templates/etc/pam.d/ftp/20auth new file mode 100644 index 0000000..eb305a1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/ftp/20auth @@ -0,0 +1,3 @@ +auth { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/ftp/30account b/root/etc/e-smith/templates/etc/pam.d/ftp/30account new file mode 100644 index 0000000..6b209c2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/ftp/30account @@ -0,0 +1,3 @@ +account { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/ftp/40session b/root/etc/e-smith/templates/etc/pam.d/ftp/40session new file mode 100644 index 0000000..e89f2b9 --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/ftp/40session @@ -0,0 +1,3 @@ +session { -f "/lib/security/pam_pwdb.so" || + -f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" : + "include system-auth" } diff --git a/root/etc/e-smith/templates/etc/pam.d/ftp/template-begin b/root/etc/e-smith/templates/etc/pam.d/ftp/template-begin new file mode 120000 index 0000000..7de688d --- /dev/null +++ b/root/etc/e-smith/templates/etc/pam.d/ftp/template-begin @@ -0,0 +1 @@ +/etc/e-smith/templates-default/template-begin-pam \ No newline at end of file diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/00Documentation b/root/etc/e-smith/templates/etc/proftpd.conf/00Documentation new file mode 100644 index 0000000..e5ce190 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/00Documentation @@ -0,0 +1,42 @@ +{ +#------------------------------------------------------------ +# FILE ACCESS PERMISSIONS RULES +# +# - There are three types of user that can connect to the ftp +# server: regular users, "admin", and information bay users. +# +# - When "information bay" users connect, their permissions are +# set by the Anonymous sections below. +# +# - All other users are governed by the permissions declared in +# this main section of the proftpd.conf file. +# +# - The main section permits access only from the local network. +# Hence, only the anonymous information bays can be accessed +# remotely. +# +# - Regular users as well as the "admin" account can connect +# locally, and the ftp server will switch to their user/group +# immediately upon connection. Therefore we program the FTP +# server to permit write access to all these users; the Unix +# filesystem will sort out who gets to update which files. +# +# - All Unix accounts have the same primary group name as user +# name (normal for Red Hat Linux). However, all user accounts +# also belong to group "shared". +# +# - Files in user accounts are owned by "user/user" (i.e. group +# name same as user). +# +# - For all the other files (primary web site, information bay +# files, etc.) either they can only be written by "admin" or +# they can be written by any local user. If the former, we +# make the files owned by "admin/shared", with permissions +# 750/640. If the latter, we make the files owned by +# ???/shared, with permissions 770/660. Each file is owned +# by the user that created it. +# +# - Make all directories setgid, so that they continue to be +# owned by "shared". +#------------------------------------------------------------ +} diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/00localAccess b/root/etc/e-smith/templates/etc/proftpd.conf/00localAccess new file mode 100644 index 0000000..2b22227 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/00localAccess @@ -0,0 +1,9 @@ +{ + # Work out local access specification + use esmith::NetworksDB; + + my $ndb = esmith::NetworksDB->open_ro(); + @local_access = $ndb->local_access_spec; + + return ""; +} diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05AllowRestart b/root/etc/e-smith/templates/etc/proftpd.conf/05AllowRestart new file mode 100644 index 0000000..5c151be --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05AllowRestart @@ -0,0 +1,2 @@ +AllowRetrieveRestart on +AllowStoreRestart on diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05Chroot b/root/etc/e-smith/templates/etc/proftpd.conf/05Chroot new file mode 100644 index 0000000..e80790d --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05Chroot @@ -0,0 +1,25 @@ +{ + use esmith::AccountsDB; + + $OUT = ""; + my $accounts = esmith::AccountsDB->open; + my @users = $accounts->users; + + foreach my $user (@users) + { + my $chrootDir = $user->prop('ChrootDir') || $ftp{'ChrootDir'} || next; + + if ( $chrootDir =~ m#^/# && -d $chrootDir ) + { + $OUT .= "DefaultRoot $chrootDir ".$user->key."\n"; + } + elsif ( -d "/home/e-smith/files/ibays/$chrootDir" ) + { + $OUT .= "DefaultRoot /home/e-smith/files/ibays/$chrootDir ".$user->key."\n"; + } + elsif ( $chrootDir =~ m#home$# ) + { + $OUT .= "DefaultRoot /home/e-smith/files/users/".$user->key."/home ".$user->key."\n"; + } + } +} diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05DefaultRoot b/root/etc/e-smith/templates/etc/proftpd.conf/05DefaultRoot new file mode 100644 index 0000000..e6d6015 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05DefaultRoot @@ -0,0 +1 @@ +DefaultRoot /home/e-smith/files diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05DefaultServer b/root/etc/e-smith/templates/etc/proftpd.conf/05DefaultServer new file mode 100644 index 0000000..f8c7adc --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05DefaultServer @@ -0,0 +1 @@ +DefaultServer on diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05DenyFilter b/root/etc/e-smith/templates/etc/proftpd.conf/05DenyFilter new file mode 100644 index 0000000..c2b33f1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05DenyFilter @@ -0,0 +1 @@ +DenyFilter \*.*/ diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05DisplayChdir b/root/etc/e-smith/templates/etc/proftpd.conf/05DisplayChdir new file mode 100644 index 0000000..0845479 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05DisplayChdir @@ -0,0 +1 @@ +DisplayChdir .message diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05DisplayLogin b/root/etc/e-smith/templates/etc/proftpd.conf/05DisplayLogin new file mode 100644 index 0000000..b17dcfe --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05DisplayLogin @@ -0,0 +1 @@ +DisplayLogin welcome.msg diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05Group b/root/etc/e-smith/templates/etc/proftpd.conf/05Group new file mode 100644 index 0000000..50c88e2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05Group @@ -0,0 +1 @@ +Group public diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05IdentLookups b/root/etc/e-smith/templates/etc/proftpd.conf/05IdentLookups new file mode 100644 index 0000000..2b8bd29 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05IdentLookups @@ -0,0 +1 @@ +IdentLookups off diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05MaxInstances b/root/etc/e-smith/templates/etc/proftpd.conf/05MaxInstances new file mode 100644 index 0000000..d603938 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05MaxInstances @@ -0,0 +1 @@ +MaxInstances 30 diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05PersistentPasswd b/root/etc/e-smith/templates/etc/proftpd.conf/05PersistentPasswd new file mode 100644 index 0000000..6dfa718 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05PersistentPasswd @@ -0,0 +1 @@ +PersistentPasswd off diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05ScoreboardFile b/root/etc/e-smith/templates/etc/proftpd.conf/05ScoreboardFile new file mode 100644 index 0000000..0e471df --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05ScoreboardFile @@ -0,0 +1 @@ +ScoreboardFile /var/run/proftpd/scoreboard diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05ServerAdmin b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerAdmin new file mode 100644 index 0000000..1e7c8e4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerAdmin @@ -0,0 +1 @@ +ServerAdmin admin@{ $DomainName } diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05ServerIdent b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerIdent new file mode 100644 index 0000000..65826e2 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerIdent @@ -0,0 +1 @@ +ServerIdent off diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05ServerName b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerName new file mode 100644 index 0000000..5edca72 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerName @@ -0,0 +1 @@ +ServerName "ProFTPD SME Server installation" diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05ServerType b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerType new file mode 100644 index 0000000..7704cf1 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05ServerType @@ -0,0 +1 @@ +ServerType inetd diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05ShowSymlinks b/root/etc/e-smith/templates/etc/proftpd.conf/05ShowSymlinks new file mode 100644 index 0000000..359dabd --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05ShowSymlinks @@ -0,0 +1 @@ +ShowSymlinks off diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05UseFtpUsers b/root/etc/e-smith/templates/etc/proftpd.conf/05UseFtpUsers new file mode 100644 index 0000000..27f0d6d --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05UseFtpUsers @@ -0,0 +1 @@ +UseFtpUsers on diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05UseReverseDNS b/root/etc/e-smith/templates/etc/proftpd.conf/05UseReverseDNS new file mode 100644 index 0000000..cfb2caa --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05UseReverseDNS @@ -0,0 +1 @@ +UseReverseDNS off diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05User b/root/etc/e-smith/templates/etc/proftpd.conf/05User new file mode 100644 index 0000000..4bb34f4 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05User @@ -0,0 +1 @@ +User public diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/05port b/root/etc/e-smith/templates/etc/proftpd.conf/05port new file mode 100644 index 0000000..afcce03 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/05port @@ -0,0 +1 @@ +Port 21 diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS b/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS new file mode 100644 index 0000000..840dd9e --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS @@ -0,0 +1,41 @@ +{ + #check if TLS is enabled + if (($ftp{TLSEnable} || 'on') eq 'on') { + + #check if TLS is required: values "on", "off" + #if "on" normal ftp connections are dropped + my $tlsrequired = $ftp{'TLSRequired'} || "on"; + my $tlsclient = $ftp{'TLSVerifyClient'} || "off"; + #use the same crt and key of httpd + my $defaultcrt = "/home/e-smith/ssl.crt/${SystemName}.${DomainName}.crt"; + my $defaultkey = "/home/e-smith/ssl.key/${SystemName}.${DomainName}.key"; + + my $crt = $modSSL{'crt'} || $defaultcrt; + $crt = $defaultcrt unless -e $crt; + my $key = $modSSL{'key'} || $defaultkey; + $key = $defaultkey unless -e $key; + + my $chain_file = $modSSL{CertificateChainFile} || + "# no chain cert"; + $chain_file = "# no chain cert" unless -e $chain_file; + + $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file"; + + $OUT .= < +TLSEngine on +TLSLog /var/log/proftpd/tls.log +TLSProtocol TLSv1.1 TLSv1.2 +TLSOptions NoCertRequest AllowClientRenegotiations +TLSRSACertificateFile $crt +TLSRSACertificateKeyFile $key +$chain_file +TLSVerifyClient $tlsclient +TLSRequired $tlsrequired + +SSL_END + + } +} + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/09DirectorySlashBegin b/root/etc/e-smith/templates/etc/proftpd.conf/09DirectorySlashBegin new file mode 100644 index 0000000..b23d81b --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/09DirectorySlashBegin @@ -0,0 +1 @@ + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/10LimitDenyWrite b/root/etc/e-smith/templates/etc/proftpd.conf/10LimitDenyWrite new file mode 100644 index 0000000..6b5bf54 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/10LimitDenyWrite @@ -0,0 +1,3 @@ + { # deny all write access unless given explicitly } + DenyAll + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/10LimitSiteChmod b/root/etc/e-smith/templates/etc/proftpd.conf/10LimitSiteChmod new file mode 100644 index 0000000..8060b7b --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/10LimitSiteChmod @@ -0,0 +1,3 @@ + { # deny all chmod } + DenyAll + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/11DirectorySlashEnd b/root/etc/e-smith/templates/etc/proftpd.conf/11DirectorySlashEnd new file mode 100644 index 0000000..0a7aa3e --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/11DirectorySlashEnd @@ -0,0 +1 @@ + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/15LimitLOGIN b/root/etc/e-smith/templates/etc/proftpd.conf/15LimitLOGIN new file mode 100644 index 0000000..cdee9fe --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/15LimitLOGIN @@ -0,0 +1,22 @@ +{ +# allow normal user connections either only from local network, +# or from anywhere +} +{ + my $access = $ftp{LoginAccess} || "private"; + if ($access eq 'public') + { + $OUT = " AllowAll"; + } + else + { + use Net::IPv4Addr qw(ipv4_parse); + + $OUT = " Order Allow,Deny\n"; + $OUT .= join "\n", + map { " Allow from " . join '/', ipv4_parse($_) } + @local_access; + $OUT .= "\n Deny from all"; + } +} + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/30UserDirAccess b/root/etc/e-smith/templates/etc/proftpd.conf/30UserDirAccess new file mode 100644 index 0000000..e6af7cf --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/30UserDirAccess @@ -0,0 +1,15 @@ +{ +# Local access to "home" subdirectory of user directories. +# (Don't set group, since files are in user's primary group. umask is +# 007 to generate permissions of 770/660.) +# +# NOTE: Users cannot write to their real home directory ~user as it +# is blocked by the default deny write +} + + AllowOverwrite on + Umask 007 + + AllowAll + + diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/40IBayAccess b/root/etc/e-smith/templates/etc/proftpd.conf/40IBayAccess new file mode 100644 index 0000000..b7c7240 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/40IBayAccess @@ -0,0 +1,42 @@ +{ +# Local access to bay directories. Note that in this context, we can +# ignore the public access rules associated with each bay, since this +# section of the config file applies only to local logins. We can also +# ignore the usepassword rules, since anonymous login is handled +# below. + + use esmith::AccountsDB; + + $OUT = ""; + + my $adb = esmith::AccountsDB->open_ro(); + foreach my $ibay ($adb->ibays) + { + my %properties = $ibay->props; + my $key = $ibay->key; + my $umask = "027"; + + if ($properties{'UserAccess'} eq 'wr-admin-rd-group') + { + $umask = "027"; + } + elsif ($properties{'UserAccess'} eq 'wr-group-rd-group') + { + $umask = "007"; + } + elsif ($properties{'UserAccess'} eq 'wr-group-rd-everyone') + { + $umask = "002"; + } + + $OUT .= "\n"; + $OUT .= "\n"; + $OUT .= " AllowOverwrite on\n"; + $OUT .= " GroupOwner shared\n"; + $OUT .= " Umask $umask\n"; + $OUT .= " \n"; + $OUT .= " AllowAll\n"; + $OUT .= " \n"; + $OUT .= "\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/50AnonymousPrimary b/root/etc/e-smith/templates/etc/proftpd.conf/50AnonymousPrimary new file mode 100644 index 0000000..0755357 --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/50AnonymousPrimary @@ -0,0 +1,29 @@ +{ +#------------------------------------------------------------ +# How to handle anonymous FTP logins: chroot to the Primary +# i-bay files directory. +#------------------------------------------------------------ + return "" if ($ftp{DisableAnonymous} || 'no') eq 'yes'; + + $OUT = << 'EOF'; + + User public + Group public + UserAlias anonymous public + UserAlias ftp public + AnonRequirePassword off + UseFtpUsers on + MaxClients 10 + DisplayLogin welcome.msg + DisplayChdir .message + + AllowAll + + + + DenyAll + + + +EOF +} diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/60AnonymousIBay b/root/etc/e-smith/templates/etc/proftpd.conf/60AnonymousIBay new file mode 100644 index 0000000..68bb2ca --- /dev/null +++ b/root/etc/e-smith/templates/etc/proftpd.conf/60AnonymousIBay @@ -0,0 +1,84 @@ +{ +#------------------------------------------------------------ +# How to handle logins from information bay accounts: chroot to the +# files part of the information bay directory. +#------------------------------------------------------------ + + use esmith::AccountsDB; + use Net::IPv4Addr qw(ipv4_parse); + + $OUT .= ""; + + my $adb = esmith::AccountsDB->open_ro(); + my @local = map { join '/', ipv4_parse($_) } @local_access; + my @all = ('all'); + foreach my $ibay ($adb->ibays) + { + my $key = $ibay->key; + my %properties = $ibay->props; + + next if ($key eq "Primary"); + + my $pass; + + my $access = $ibay->prop('PublicAccess') || 'none'; + + if ($access eq 'none') + { + @allow = ('127.0.0.1'); + $pass = 1; + } + elsif ($access eq 'local') + { + @allow = @local; + $pass = 0; + } + elsif ($access eq 'local-pw') + { + @allow = @local; + $pass = 1; + } + elsif ($access eq 'global') + { + @allow = @all; + $pass = 0; + } + elsif ($access eq 'global-pw') + { + @allow = @all; + $pass = 1; + } + elsif ($access eq 'global-pw-remote') + { + @allow = @all; + $pass = 1; + } + + # variables: $allow (IP), $pass (bool) + + if ( ($ftp{DisableAnonymous} || 'no') ne 'yes' && + ($ibay->prop('DisableAnonymous') || 'no') ne 'yes' ) + { + $OUT .= "\n"; + $OUT .= "\n"; + $OUT .= " User $key\n"; + $OUT .= " Group $key\n"; + $OUT .= " AnonRequirePassword " . ($pass ? "on" : "off") . "\n"; + $OUT .= " UseFtpUsers on\n"; + $OUT .= " MaxClients 10\n"; + $OUT .= " DisplayLogin welcome.msg\n"; + $OUT .= " DisplayChdir .message\n"; + $OUT .= " \n"; + $OUT .= " Order Allow,Deny\n"; + $OUT .= " Allow from $_\n" foreach @allow; + $OUT .= " Deny from all\n"; + $OUT .= " \n"; + $OUT .= " \n"; + $OUT .= " \n"; + $OUT .= " DenyAll\n"; + $OUT .= " \n"; + $OUT .= " \n"; + $OUT .= "\n"; + } + } +} diff --git a/root/etc/e-smith/templates/etc/rsyslog.conf/32proftpd b/root/etc/e-smith/templates/etc/rsyslog.conf/32proftpd new file mode 100644 index 0000000..3168e8d --- /dev/null +++ b/root/etc/e-smith/templates/etc/rsyslog.conf/32proftpd @@ -0,0 +1,6 @@ + +#proftpd +if $programname == 'proftpd' and $syslogfacility-text == 'authpriv' then /var/log/secure +:programname, isequal, "proftpd" /var/log/proftpd/proftpd.log +& stop + diff --git a/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/10localhost b/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/10localhost new file mode 100644 index 0000000..2e3fca5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/10localhost @@ -0,0 +1,2 @@ +127.0.0.1:allow +{ $LocalIP }:allow diff --git a/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/80localNetworks b/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/80localNetworks new file mode 100644 index 0000000..debac72 --- /dev/null +++ b/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/80localNetworks @@ -0,0 +1,22 @@ +{ + use esmith::util; + + my @prefixes = esmith::util::computeAllLocalNetworkPrefixes($LocalIP, + $LocalNetmask); + + require esmith::NetworksDB; + my $n = esmith::NetworksDB->open; + foreach my $network ($n->get_all_by_prop(type => 'network')) + { + push(@prefixes, + esmith::util::computeAllLocalNetworkPrefixes( + $network->key, $network->prop('Mask'))); + } + + foreach my $prefix ( @prefixes ) + { + my $dot = ( $prefix =~ /\d+\.\d+\.\d+\.\d+/ ) ? '' : '.'; + + $OUT .= $prefix . $dot . ":allow\n"; + } +} diff --git a/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/90default b/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/90default new file mode 100644 index 0000000..7c3c206 --- /dev/null +++ b/root/etc/e-smith/templates/etc/tcprules/tcp.proftpd/90default @@ -0,0 +1,4 @@ +:{ + my $access = $ftp{'access'} || 'private'; + $OUT = ($access eq "public") ? "allow" : "deny" +} diff --git a/root/etc/e-smith/templates/var/service/ftp/peers/0/ConcurrencyPerIP b/root/etc/e-smith/templates/var/service/ftp/peers/0/ConcurrencyPerIP new file mode 100644 index 0000000..e8e479f --- /dev/null +++ b/root/etc/e-smith/templates/var/service/ftp/peers/0/ConcurrencyPerIP @@ -0,0 +1 @@ +C4 diff --git a/root/etc/e-smith/templates/var/service/ftp/peers/local/ConcurrencyPerIP b/root/etc/e-smith/templates/var/service/ftp/peers/local/ConcurrencyPerIP new file mode 100644 index 0000000..e8e479f --- /dev/null +++ b/root/etc/e-smith/templates/var/service/ftp/peers/local/ConcurrencyPerIP @@ -0,0 +1 @@ +C4 diff --git a/root/etc/e-smith/templates/var/service/proftpd/peers/0/template-begin b/root/etc/e-smith/templates/var/service/proftpd/peers/0/template-begin new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/e-smith/templates/var/service/proftpd/peers/local/template-begin b/root/etc/e-smith/templates/var/service/proftpd/peers/local/template-begin new file mode 100644 index 0000000..e69de29 diff --git a/root/service/ftp b/root/service/ftp new file mode 120000 index 0000000..a6f38e3 --- /dev/null +++ b/root/service/ftp @@ -0,0 +1 @@ +/var/service/proftpd \ No newline at end of file diff --git a/root/usr/lib/systemd/system/ftp.service b/root/usr/lib/systemd/system/ftp.service new file mode 100644 index 0000000..3b1d24e --- /dev/null +++ b/root/usr/lib/systemd/system/ftp.service @@ -0,0 +1,16 @@ +[Unit] +Description=ftp (proftpd) +After=network.target +Requires=runit.service + +[Service] +Type=oneshot +ExecStartPre=/sbin/e-smith/service-status ftp +ExecStart=/usr/bin/sv u /service/ftp +ExecStop=/usr/bin/sv stop /service/ftp +ExecReload=/usr/bin/sv t /service/ftp +RemainAfterExit=yes + +[Install] +WantedBy=sme-server.target +Alias=proftpd.service diff --git a/root/usr/lib/systemd/system/proftpd.service.d/51koozali.conf b/root/usr/lib/systemd/system/proftpd.service.d/51koozali.conf new file mode 100644 index 0000000..5469c78 --- /dev/null +++ b/root/usr/lib/systemd/system/proftpd.service.d/51koozali.conf @@ -0,0 +1,5 @@ +[Service] +ExecStart= +ExecStart=/bin/false +ExecReload=/bin/false +# disabled for Koozali, please use ftp.service instead diff --git a/root/var/log/ftp/.gitignore b/root/var/log/ftp/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/proftpd/control/1 b/root/var/service/proftpd/control/1 new file mode 100644 index 0000000..743295a --- /dev/null +++ b/root/var/service/proftpd/control/1 @@ -0,0 +1,27 @@ +#!/usr/bin/perl -w +#---------------------------------------------------------------------- +# copyright (C) 2005 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use esmith::tcpsvd; + +esmith::tcpsvd::configure_peers('ftp'); + +exit(0); diff --git a/root/var/service/proftpd/down b/root/var/service/proftpd/down new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/proftpd/env/.gitignore b/root/var/service/proftpd/env/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/proftpd/log/run b/root/var/service/proftpd/log/run new file mode 100644 index 0000000..3ec23a1 --- /dev/null +++ b/root/var/service/proftpd/log/run @@ -0,0 +1,23 @@ +#!/bin/sh + +#---------------------------------------------------------------------- +# copyright (C) 2003-2006 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- +exec \ + /usr/local/bin/setuidgid smelog \ + /usr/local/bin/multilog t s5000000 \ + /var/log/ftp diff --git a/root/var/service/proftpd/log/supervise/.gitignore b/root/var/service/proftpd/log/supervise/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/proftpd/peers/.gitignore b/root/var/service/proftpd/peers/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/root/var/service/proftpd/run b/root/var/service/proftpd/run new file mode 100644 index 0000000..9d55c73 --- /dev/null +++ b/root/var/service/proftpd/run @@ -0,0 +1,36 @@ +#!/bin/sh +#---------------------------------------------------------------------- +# copyright (C) 2003-5 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +[ -f ./runenv ] && . ./runenv + +exec 2>&1 +# Adjust ACLs in ./peers +./control/1 +exec /usr/bin/tcpsvd \ + -v \ + -i ./peers \ + -c ${CONCURRENCYREMOTE:-40} \ + -C ${PER_IP_INSTANCES:-4}:'421 per host concurrency limit reached\r\n' \ + -l ${LOCALNAME:-0} \ + ${LISTENIP:-0} \ + ${PORT:-ftp} \ + /usr/sbin/in.proftpd diff --git a/root/var/service/proftpd/supervise/.gitignore b/root/var/service/proftpd/supervise/.gitignore new file mode 100644 index 0000000..e69de29