diff options
Diffstat (limited to 'import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files')
8 files changed, 685 insertions, 0 deletions
diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch new file mode 100644 index 000000000..69c9be031 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/CVE-2016-3125.patch @@ -0,0 +1,247 @@ +From 7a8f683cedf9b0d1024a80362693c9f8b93a0f2b Mon Sep 17 00:00:00 2001 +From: TJ Saunders <tj@castaglia.org> +Date: Thu, 10 Mar 2016 15:07:58 -0800 +Subject: [PATCH] Backport of fix for Bug#4230 to 1.3.5 branch. + +Upstream-Status: Backport +CVE: CVE-2016-3125 + +Author: TJ Saunders <tj@castaglia.org> +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + contrib/mod_tls.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 147 insertions(+), 20 deletions(-) + +diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c +index df92658..5883cc7 100644 +--- a/contrib/mod_tls.c ++++ b/contrib/mod_tls.c +@@ -411,6 +411,13 @@ static int tls_required_on_ctrl = 0; + static int tls_required_on_data = 0; + static unsigned char *tls_authenticated = NULL; + ++/* Define the minimum DH group length we allow (unless the AllowWeakDH ++ * TLSOption is used). Ideally this would be 2048, per https://weakdh.org, ++ * but for compatibility with older Java versions, which only support up to ++ * 1024, we'll use 1024. For now. ++ */ ++#define TLS_DH_MIN_LEN 1024 ++ + /* mod_tls session flags */ + #define TLS_SESS_ON_CTRL 0x0001 + #define TLS_SESS_ON_DATA 0x0002 +@@ -438,6 +445,7 @@ static unsigned char *tls_authenticated = NULL; + #define TLS_OPT_USE_IMPLICIT_SSL 0x0200 + #define TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS 0x0400 + #define TLS_OPT_VERIFY_CERT_CN 0x0800 ++#define TLS_OPT_ALLOW_WEAK_DH 0x1000 + + /* mod_tls SSCN modes */ + #define TLS_SSCN_MODE_SERVER 0 +@@ -2417,24 +2425,139 @@ static int tls_ctrl_renegotiate_cb(CALLBACK_FRAME) { + + static DH *tls_dh_cb(SSL *ssl, int is_export, int keylength) { + DH *dh = NULL; ++ EVP_PKEY *pkey; ++ int pkeylen = 0, use_pkeylen = FALSE; ++ ++ /* OpenSSL will only ever call us (currently) with a keylen of 512 or 1024; ++ * see the SSL_EXPORT_PKEYLENGTH macro in ssl_locl.h. Sigh. ++ * ++ * Thus we adjust the DH parameter length according to the size of the ++ * RSA/DSA private key used for the current connection. ++ * ++ * NOTE: This MAY cause interoperability issues with some clients, notably ++ * Java 7 (and earlier) clients, since Java 7 and earlier supports ++ * Diffie-Hellman only up to 1024 bits. More sighs. To deal with these ++ * clients, then, you need to configure a certificate/key of 1024 bits. ++ */ ++ pkey = SSL_get_privatekey(ssl); ++ if (pkey != NULL) { ++ if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA || ++ EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++ pkeylen = EVP_PKEY_bits(pkey); ++ ++ if (pkeylen < TLS_DH_MIN_LEN) { ++ if (!(tls_opts & TLS_OPT_ALLOW_WEAK_DH)) { ++ pr_trace_msg(trace_channel, 11, ++ "certificate private key length %d less than %d bits, using %d " ++ "(see AllowWeakDH TLSOption)", pkeylen, TLS_DH_MIN_LEN, ++ TLS_DH_MIN_LEN); ++ pkeylen = TLS_DH_MIN_LEN; ++ } ++ } ++ ++ if (pkeylen != keylen) { ++ pr_trace_msg(trace_channel, 13, ++ "adjusted DH parameter length from %d to %d bits", keylen, pkeylen); ++ use_pkeylen = TRUE; ++ } ++ } ++ } + + if (tls_tmp_dhs != NULL && + tls_tmp_dhs->nelts > 0) { + register unsigned int i; +- DH **dhs; ++ DH *best_dh = NULL, **dhs; ++ int best_dhlen = 0; + + dhs = tls_tmp_dhs->elts; ++ ++ /* Search the configured list of DH parameters twice: once for any sizes ++ * matching the actual requested size (usually 1024), and once for any ++ * matching the certificate private key size (pkeylen). ++ * ++ * This behavior allows site admins to configure a TLSDHParamFile that ++ * contains 1024-bit parameters, for e.g. Java 7 (and earlier) clients. ++ */ ++ ++ /* Note: the keylen argument is in BITS, but DH_size() returns the number ++ * of BYTES. ++ */ + for (i = 0; i < tls_tmp_dhs->nelts; i++) { +- /* Note: the keylength argument is in BITS, but DH_size() returns +- * the number of BYTES. ++ int dhlen; ++ ++ dhlen = DH_size(dhs[i]) * 8; ++ if (dhlen == keylen) { ++ pr_trace_msg(trace_channel, 11, ++ "found matching DH parameter for key length %d", keylen); ++ return dhs[i]; ++ } ++ ++ /* Try to find the next "best" DH to use, where "best" means ++ * the smallest DH that is larger than the necessary keylen. + */ +- if (DH_size(dhs[i]) == (keylength / 8)) { ++ if (dhlen > keylen) { ++ if (best_dh != NULL) { ++ if (dhlen < best_dhlen) { ++ best_dh = dhs[i]; ++ best_dhlen = dhlen; ++ } ++ ++ } else { ++ best_dh = dhs[i]; ++ best_dhlen = dhlen; ++ } ++ } ++ } ++ ++ for (i = 0; i < tls_tmp_dhs->nelts; i++) { ++ int dhlen; ++ ++ dhlen = DH_size(dhs[i]) * 8; ++ if (dhlen == pkeylen) { ++ pr_trace_msg(trace_channel, 11, ++ "found matching DH parameter for certificate private key length %d", ++ pkeylen); + return dhs[i]; + } ++ ++ if (dhlen > pkeylen) { ++ if (best_dh != NULL) { ++ if (dhlen < best_dhlen) { ++ best_dh = dhs[i]; ++ best_dhlen = dhlen; ++ } ++ ++ } else { ++ best_dh = dhs[i]; ++ best_dhlen = dhlen; ++ } ++ } ++ } ++ ++ if (best_dh != NULL) { ++ pr_trace_msg(trace_channel, 11, ++ "using best DH parameter for key length %d (length %d)", keylen, ++ best_dhlen); ++ return best_dh; + } + } + +- switch (keylength) { ++ /* Still no DH parameters found? Use the built-in ones. */ ++ ++ if (keylen < TLS_DH_MIN_LEN) { ++ if (!(tls_opts & TLS_OPT_ALLOW_WEAK_DH)) { ++ pr_trace_msg(trace_channel, 11, ++ "requested key length %d less than %d bits, using %d " ++ "(see AllowWeakDH TLSOption)", keylen, TLS_DH_MIN_LEN, TLS_DH_MIN_LEN); ++ keylen = TLS_DH_MIN_LEN; ++ } ++ } ++ ++ if (use_pkeylen) { ++ keylen = pkeylen; ++ } ++ ++ switch (keylen) { + case 512: + dh = get_dh512(); + break; +@@ -2443,32 +2566,33 @@ static DH *tls_dh_cb(SSL *ssl, int is_export, int keylength) { + dh = get_dh768(); + break; + +- case 1024: +- dh = get_dh1024(); +- break; ++ case 1024: ++ dh = get_dh1024(); ++ break; + +- case 1536: +- dh = get_dh1536(); +- break; ++ case 1536: ++ dh = get_dh1536(); ++ break; + +- case 2048: +- dh = get_dh2048(); +- break; ++ case 2048: ++ dh = get_dh2048(); ++ break; + +- default: +- tls_log("unsupported DH key length %d requested, returning 1024 bits", +- keylength); +- dh = get_dh1024(); +- break; ++ default: ++ tls_log("unsupported DH key length %d requested, returning 1024 bits", ++ keylen); ++ dh = get_dh1024(); ++ break; + } + ++ pr_trace_msg(trace_channel, 11, "using builtin DH for %d bits", keylen); ++ + /* Add this DH to the list, so that it can be freed properly later. */ + if (tls_tmp_dhs == NULL) { + tls_tmp_dhs = make_array(session.pool, 1, sizeof(DH *)); + } + + *((DH **) push_array(tls_tmp_dhs)) = dh; +- + return dh; + } + +@@ -8445,6 +8569,9 @@ MODRET set_tlsoptions(cmd_rec *cmd) { + strcmp(cmd->argv[i], "AllowClientRenegotiations") == 0) { + opts |= TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS; + ++ } else if (strcmp(cmd->argv[i], "AllowWeakDH") == 0) { ++ opts |= TLS_OPT_ALLOW_WEAK_DH; ++ + } else if (strcmp(cmd->argv[i], "EnableDiags") == 0) { + opts |= TLS_OPT_ENABLE_DIAGS; + +-- +2.7.4 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/basic.conf.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/basic.conf.patch new file mode 100644 index 000000000..4967bed1e --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/basic.conf.patch @@ -0,0 +1,21 @@ +Upstream-Status: Inappropriate [configuration] + +proftpd tries to get the IP address from the hostname. +Unluckily now the hostname is not properly configured in /etc/hosts. +We can use this patch as a workaround. + +Author: Dexuan Cui <dexuan.cui@intel.com> +Tue Oct 25 12:59:27 CST 2011 + +--- proftpd-1.3.3c.orig/sample-configurations/basic.conf ++++ proftpd-1.3.3c/sample-configurations/basic.conf +@@ -7,6 +7,9 @@ + ServerType standalone + DefaultServer on + ++#By default we bind to all interfaces. ++DefaultAddress 0.0.0.0 ++ + # Port 21 is the standard FTP port. + Port 21 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/build_fixup.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/build_fixup.patch new file mode 100644 index 000000000..19617a6bb --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/build_fixup.patch @@ -0,0 +1,112 @@ +Upstream-Status: Inappropriate [configuration] + +combined the following patches into one: +make, move-pidfile-to-var-run, move-runfile-to-var-run + +move pidfile to /var/run +redefine PR_RUN_DIR as ${localstatedir}/run + +Signed-off-By: Armin Kuster <akuster808@gmail.com> + + +Index: proftpd-1.3.5/Make.rules.in +=================================================================== +--- proftpd-1.3.5.orig/Make.rules.in ++++ proftpd-1.3.5/Make.rules.in +@@ -29,9 +29,9 @@ INSTALL=@INSTALL@ + INSTALL_STRIP=@INSTALL_STRIP@ + INSTALL_USER=@install_user@ + INSTALL_GROUP=@install_group@ +-INSTALL_BIN=$(INSTALL) $(INSTALL_STRIP) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 +-INSTALL_SBIN=$(INSTALL) $(INSTALL_STRIP) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 +-INSTALL_MAN=$(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 ++INSTALL_BIN=$(INSTALL) -m 0755 ++INSTALL_SBIN=$(INSTALL) -m 0755 ++INSTALL_MAN=$(INSTALL) -m 0644 + + RM=rm -f + SHELL=@CONFIG_SHELL@ +Index: proftpd-1.3.5/Makefile.in +=================================================================== +--- proftpd-1.3.5.orig/Makefile.in ++++ proftpd-1.3.5/Makefile.in +@@ -105,7 +105,6 @@ check: proftpd$(EXEEXT) + $(DESTDIR)$(localedir) $(DESTDIR)$(includedir) $(DESTDIR)$(includedir)/proftpd $(DESTDIR)$(libdir) $(DESTDIR)$(pkgconfigdir) $(DESTDIR)$(libdir)/proftpd $(DESTDIR)$(libexecdir) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) $(DESTDIR)$(bindir) $(DESTDIR)$(sbindir) $(DESTDIR)$(mandir) $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 $(DESTDIR)$(mandir)/man8: + @if [ ! -d $@ ]; then \ + mkdir -p $@; \ +- chown $(INSTALL_USER):$(INSTALL_GROUP) $@; \ + chmod 0755 $@; \ + fi + +@@ -115,7 +114,6 @@ install-proftpd: proftpd $(DESTDIR)$(inc + rm -f $(DESTDIR)$(sbindir)/in.proftpd ; \ + fi + ln -s proftpd $(DESTDIR)$(sbindir)/in.proftpd +- -chown -h $(INSTALL_USER):$(INSTALL_GROUP) $(DESTDIR)$(sbindir)/in.proftpd + + install-libs: $(DESTDIR)$(libdir)/proftpd + cd lib/ && $(MAKE) install +@@ -152,11 +150,11 @@ install-utils: $(DESTDIR)$(sbindir) $(DE + $(INSTALL_SBIN) ftpshut $(DESTDIR)$(sbindir)/ftpshut + $(INSTALL_BIN) ftptop $(DESTDIR)$(bindir)/ftptop + $(INSTALL_BIN) ftpwho $(DESTDIR)$(bindir)/ftpwho +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 src/prxs $(DESTDIR)$(bindir)/prxs ++ $(INSTALL) -m 0755 src/prxs $(DESTDIR)$(bindir)/prxs + + install-conf: $(DESTDIR)$(sysconfdir) + if [ ! -f $(DESTDIR)$(sysconfdir)/proftpd.conf ] ; then \ +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0644 \ ++ $(INSTALL) -m 0644 \ + $(top_srcdir)/sample-configurations/basic.conf \ + $(DESTDIR)$(sysconfdir)/proftpd.conf ; \ + fi +Index: proftpd-1.3.5/configure +=================================================================== +--- proftpd-1.3.5.orig/configure ++++ proftpd-1.3.5/configure +@@ -38255,7 +38255,7 @@ _ACEOF + + + cat >>confdefs.h <<_ACEOF +-#define PR_RUN_DIR "`eval echo "${localstatedir}"`" ++#define PR_RUN_DIR "`eval echo "${localstatedir}"/run/`" + _ACEOF + + cat >>confdefs.h <<_ACEOF +@@ -38263,7 +38263,7 @@ cat >>confdefs.h <<_ACEOF + _ACEOF + + cat >>confdefs.h <<_ACEOF +-#define PR_PID_FILE_PATH "`eval echo "${localstatedir}/proftpd.pid"`" ++#define PR_PID_FILE_PATH "`eval echo "${localstatedir}/run/proftpd.pid"`" + _ACEOF + + +Index: proftpd-1.3.5/configure.in +=================================================================== +--- proftpd-1.3.5.orig/configure.in ++++ proftpd-1.3.5/configure.in +@@ -2971,8 +2971,8 @@ locale_dir="`eval echo ${locale_dir}`" + AC_DEFINE_UNQUOTED(PR_LOCALE_DIR, "`eval echo "${locale_dir}"`") + + AC_DEFINE_UNQUOTED(PR_RUN_DIR, "`eval echo "${localstatedir}"`") +-AC_DEFINE_UNQUOTED(PR_CONFIG_FILE_PATH, "`eval echo "${sysconfdir}/proftpd.conf"`") +-AC_DEFINE_UNQUOTED(PR_PID_FILE_PATH, "`eval echo "${localstatedir}/proftpd.pid"`") ++AC_DEFINE_UNQUOTED(PR_CONFIG_FILE_PATH, "`eval echo "${sysconfdir}/run/proftpd.conf"`") ++AC_DEFINE_UNQUOTED(PR_PID_FILE_PATH, "`eval echo "${localstatedir}/run/proftpd.pid"`") + + prefix="$pr_saved_prefix" + exec_prefix="$pr_saved_exec_prefix" +Index: proftpd-1.3.5/lib/libcap/Makefile +=================================================================== +--- proftpd-1.3.5.orig/lib/libcap/Makefile ++++ proftpd-1.3.5/lib/libcap/Makefile +@@ -26,7 +26,7 @@ OBJS=$(addsuffix .o, $(FILES)) + all: $(LIBNAME) + + _makenames: _makenames.c cap_names.sed +- $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ ++ $(BUILD_CC) $(CFLAGS) $(LDFLAGS) $< -o $@ + + cap_names.h: _makenames + ./_makenames > cap_names.h diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch new file mode 100644 index 000000000..c64535cac --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch @@ -0,0 +1,27 @@ +close RequireValidShell check + +Upstream-Status: Inappropriate [configuration] + +close RequireValidShell check since we like to make /bin/false as shell +for ftp user + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + sample-configurations/basic.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf +index 314eb79..abcb284 100644 +--- a/sample-configurations/basic.conf ++++ b/sample-configurations/basic.conf +@@ -53,6 +53,7 @@ AllowOverwrite on + # We want clients to be able to login with "anonymous" as well as "ftp" + UserAlias anonymous ftp + ++ RequireValidShell off + # Limit the maximum number of anonymous logins + MaxClients 10 + +-- +1.7.10.4 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/contrib.patch b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/contrib.patch new file mode 100644 index 000000000..7e2a8e3ce --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/contrib.patch @@ -0,0 +1,42 @@ +The contrib directory now contains its own Makefile which is +used during installation. It was required to pass DESTDIR through +when it gets called from the base Makefile. + +Upstream-Status: Pending + +Signed-off-by: Kevin Strasser <kevin.strasser@linux.intel.com> +--- + Makefile.in | 2 +- + contrib/Makefile.in | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 5b2e683..ee72fe1 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -120,7 +120,7 @@ install-modules: $(DESTDIR)$(libexecdir) $(DESTDIR)$(sysconfdir) + test -z "$(SHARED_MODULE_OBJS)" -a -z "$(SHARED_MODULE_DIRS)" -a -z "$(STATIC_MODULE_DIRS)" || (cd modules/ && $(MAKE) install) + + install-utils: $(DESTDIR)$(sbindir) $(DESTDIR)$(bindir) +- cd contrib/ && $(MAKE) install-utils ++ cd contrib/ && $(MAKE) DESTDIR=${DESTDIR} install-utils + $(INSTALL_BIN) ftpcount $(DESTDIR)$(bindir)/ftpcount + $(INSTALL_BIN) ftpdctl $(DESTDIR)$(bindir)/ftpdctl + $(INSTALL_SBIN) ftpscrub $(DESTDIR)$(sbindir)/ftpscrub +diff --git a/contrib/Makefile.in b/contrib/Makefile.in +index 5bcc038..51d248c 100644 +--- a/contrib/Makefile.in ++++ b/contrib/Makefile.in +@@ -18,6 +18,6 @@ Makefile: Makefile.in ../config.status + cd ../ && ./config.status + + install-utils: +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 ftpasswd $(DESTDIR)$(bindir)/ftpasswd +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 ftpmail $(DESTDIR)$(bindir)/ftpmail +- $(INSTALL) -o $(INSTALL_USER) -g $(INSTALL_GROUP) -m 0755 ftpquota $(DESTDIR)$(bindir)/ftpquota ++ $(INSTALL) -m 0755 ftpasswd $(DESTDIR)$(bindir)/ftpasswd ++ $(INSTALL) -m 0755 ftpmail $(DESTDIR)$(bindir)/ftpmail ++ $(INSTALL) -m 0755 ftpquota $(DESTDIR)$(bindir)/ftpquota +-- +1.7.9.5 + diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/default b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/default new file mode 100644 index 000000000..b31f36ce2 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/default @@ -0,0 +1,9 @@ +# Defaults for proftpd initscript + +# Master system-wide proftpd switch. The initscript +# will not run if it is not set to yes. +RUN="yes" + +# Default options. +# For more exhaustive logging, try "-d 3". +OPTIONS="" diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd-basic.init b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd-basic.init new file mode 100644 index 000000000..01c998c92 --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd-basic.init @@ -0,0 +1,220 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: proftpd +# Required-Start: $remote_fs $syslog $local_fs $network +# Required-Stop: $remote_fs $syslog $local_fs $network +# Should-Start: $named +# Should-Stop: $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts ProFTPD daemon +# Description: This script runs the FTP service offered +# by the ProFTPD daemon +### END INIT INFO + +# Start the proftpd FTP daemon. + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/proftpd +NAME=proftpd + +# Defaults +RUN="no" +OPTIONS="" +CONFIG_FILE=/etc/proftpd.conf + +PIDFILE=`grep -i '^pidfile' $CONFIG_FILE|awk '{ print $2 }'` +if [ "x$PIDFILE" = "x" ]; +then + PIDFILE=/var/run/proftpd.pid +fi + +# Read config (will override defaults) +[ -r /etc/default/proftpd ] && . /etc/default/proftpd + +trap "" 1 +trap "" 15 + +test -f $DAEMON || exit 0 + +. /etc/init.d/functions + +# +# Servertype could be inetd|standalone|none. +# In all cases check against inetd and xinetd support. +# +if ! egrep -qi "^[[:space:]]*ServerType.*standalone" $CONFIG_FILE +then + if egrep -qi "server[[:space:]]*=[[:space:]]*/usr/sbin/proftpd" /etc/xinetd.conf 2>/dev/null || \ + egrep -qi "server[[:space:]]*=[[:space:]]*/usr/sbin/proftpd" /etc/xinetd.d/* 2>/dev/null || \ + egrep -qi "^ftp.*/usr/sbin/proftpd" /etc/inetd.conf 2>/dev/null + then + RUN="no" + INETD="yes" + else + if ! egrep -qi "^[[:space:]]*ServerType.*inetd" $CONFIG_FILE + then + RUN="yes" + INETD="no" + else + RUN="no" + INETD="no" + fi + fi +fi + +# /var/run could be on a tmpfs + +[ ! -d /var/run/proftpd ] && mkdir /var/run/proftpd + +inetd_check() +{ + if [ ! -x /usr/sbin/inetd -a ! -x /usr/sbin/xinetd ]; then + echo "Neither inetd nor xinetd appears installed: check your configuration." + fi +} + +start() +{ + set -e + echo -n "Starting ftp server $NAME... " + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --oknodo --exec $DAEMON -- -c $CONFIG_FILE $OPTIONS + echo "done." +} + +signal() +{ + + if [ "$1" = "stop" ]; then + SIGNAL="TERM" + echo -n "Stopping ftp server $NAME... " + else + if [ "$1" = "reload" ]; then + SIGNAL="HUP" + echo -n "Reloading ftp server $NAME... " + else + echo "ERR: wrong parameter given to signal()" + exit 1 + fi + fi + if [ -f "$PIDFILE" ]; then + start-stop-daemon --stop --signal $SIGNAL --quiet --pidfile "$PIDFILE" + if [ $? = 0 ]; then + echo "done." + return + else + SIGNAL="KILL" + start-stop-daemon --stop --signal $SIGNAL --quiet --pidfile "$PIDFILE" + if [ $? != 0 ]; then + echo + [ $2 != 0 ] || exit 0 + else + echo "done." + return + fi + fi + if [ "$SIGNAL" = "KILL" ]; then + rm -f "$PIDFILE" + fi + else + echo "done." + return + fi +} + +case "$1" in + start) + if [ "x$RUN" = "xyes" ] ; then + start + else + if [ "x$INETD" = "xyes" ] ; then + echo "ProFTPD is started from inetd/xinetd." + inetd_check + else + echo "ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration." + fi + fi + ;; + + force-start) + if [ "x$INETD" = "xyes" ] ; then + echo "Warning: ProFTPD is started from inetd/xinetd (trying to start anyway)." + inetd_check + fi + start + ;; + + stop) + if [ "x$RUN" = "xyes" ] ; then + signal stop 0 + else + if [ "x$INETD" = "xyes" ] ; then + echo "ProFTPD is started from inetd/xinetd." + inetd_check + else + echo "ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration." + fi + fi + ;; + + force-stop) + if [ "x$INETD" = "xyes" ] ; then + echo "Warning: ProFTPD is started from inetd/xinetd (trying to kill anyway)." + inetd_check + fi + signal stop 0 + ;; + + reload) + signal reload 0 + ;; + + force-reload|restart) + if [ "x$RUN" = "xyes" ] ; then + signal stop 1 + sleep 2 + start + else + if [ "x$INETD" = "xyes" ] ; then + echo "ProFTPD is started from inetd/xinetd." + inetd_check + else + echo "ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration." + fi + fi + ;; + + status) + if [ "x$INETD" = "xyes" ] ; then + echo "ProFTPD is started from inetd/xinetd." + inetd_check + exit 0 + else + if [ -f "$PIDFILE" ]; then + pid=$(cat $PIDFILE) + else + pid="x" + fi + if [ `pidof proftpd|grep "$pid"|wc -l` -ne 0 ] ; then + echo "ProFTPD is started in standalone mode, currently running." + exit 0 + else + echo "ProFTPD is started in standalone mode, currently not running." + exit 3 + fi + fi + ;; + + check-config) + $DAEMON -t >/dev/null && echo "ProFTPD configuration OK" && exit 0 + exit 1 + ;; + + *) + echo "Usage: /etc/init.d/$NAME {start|status|force-start|stop|force-stop|reload|restart|force-reload|check-config}" + exit 1 + ;; +esac + +exit 0 diff --git a/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service new file mode 100644 index 000000000..ba97f8e1c --- /dev/null +++ b/import-layers/meta-openembedded/meta-networking/recipes-daemons/proftpd/files/proftpd.service @@ -0,0 +1,7 @@ +[Unit] +Description=proftpd Daemon + +[Service] +Type=forking +ExecStart=-@SBINDIR@/proftpd -c @SYSCONFDIR@/proftpd.conf +StandardError=syslog |