From 50db7cbd5a33ca66a840938659fee91607348cdb Mon Sep 17 00:00:00 2001
From: camield <camield@openbsd.org>
Date: Mon, 28 Feb 2000 09:27:02 +0000
Subject: [PATCH] set of programs to enhance firewall security (currently
 ftp-proxy only)

---
 net/proxy-suite/Makefile               | 30 +++++++++++++
 net/proxy-suite/files/md5              |  3 ++
 net/proxy-suite/patches/patch-includes | 15 +++++++
 net/proxy-suite/patches/patch-regex    | 22 +++++++++
 net/proxy-suite/pkg/COMMENT            |  1 +
 net/proxy-suite/pkg/DESCR              | 22 +++++++++
 net/proxy-suite/pkg/INSTALL            | 62 ++++++++++++++++++++++++++
 net/proxy-suite/pkg/PLIST              |  6 +++
 8 files changed, 161 insertions(+)
 create mode 100644 net/proxy-suite/Makefile
 create mode 100644 net/proxy-suite/files/md5
 create mode 100644 net/proxy-suite/patches/patch-includes
 create mode 100644 net/proxy-suite/patches/patch-regex
 create mode 100644 net/proxy-suite/pkg/COMMENT
 create mode 100644 net/proxy-suite/pkg/DESCR
 create mode 100755 net/proxy-suite/pkg/INSTALL
 create mode 100644 net/proxy-suite/pkg/PLIST

diff --git a/net/proxy-suite/Makefile b/net/proxy-suite/Makefile
new file mode 100644
index 00000000000..1a9d6885075
--- /dev/null
+++ b/net/proxy-suite/Makefile
@@ -0,0 +1,30 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2000/02/28 09:27:02 camield Exp $
+
+DISTNAME=	proxy-suite-1.7
+CATEGORIES=    	net security
+MAINTAINER=	cd@sentia.nl
+HOMEPAGE=	http://proxy-suite.suse.de
+
+LICENSE_TYPE=		GPL
+PERMIT_PACKAGE_CDROM=	Yes
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM=	Yes
+PERMIT_DISTFILES_FTP=	Yes
+
+MASTER_SITES= \
+	ftp://ftp.suse.com/pub/projects/proxy-suite/ \
+	ftp://ftp.crc.ca/pub/systems/linux/suse/projects/proxy-suite/ \
+	ftp://ftp.gwdg.de/pub/linux/suse/ftp.suse.com/projects/proxy-suite/ \
+	ftp://ftp.funet.fi/pub/mirrors/ftp.suse.com/pub/projects/proxy-suite/
+
+USE_GMAKE=	Yes
+GNU_CONFIGURE=	Yes
+CONFIGURE_ARGS=	--with-libwrap=/usr/lib/
+
+pre-install:
+	${STRIP} ${WRKSRC}/ftp-proxy/ftp-proxy
+
+post-install:
+	@PREFIX=${PREFIX} ${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL
+
+.include <bsd.port.mk>
diff --git a/net/proxy-suite/files/md5 b/net/proxy-suite/files/md5
new file mode 100644
index 00000000000..11933202863
--- /dev/null
+++ b/net/proxy-suite/files/md5
@@ -0,0 +1,3 @@
+MD5 (proxy-suite-1.7.tar.gz) = de879e5d0c6398fde9970db3c5877fad
+RMD160 (proxy-suite-1.7.tar.gz) = 00e211d7b4137e29add4f3306d53b1e8c91af8f0
+SHA1 (proxy-suite-1.7.tar.gz) = f5f738929c72b7fabdd99e5b93c893518b46dc48
diff --git a/net/proxy-suite/patches/patch-includes b/net/proxy-suite/patches/patch-includes
new file mode 100644
index 00000000000..7230eb8f022
--- /dev/null
+++ b/net/proxy-suite/patches/patch-includes
@@ -0,0 +1,15 @@
+$OpenBSD: patch-includes,v 1.1.1.1 2000/02/28 09:27:02 camield Exp $
+
+--- common/com-socket.c.orig	Fri Feb 11 15:20:33 2000
++++ common/com-socket.c	Fri Feb 11 15:20:52 2000
+@@ -71,8 +71,9 @@
+ #include <sys/ioctl.h>
+ 
+ #include <netdb.h>
+-#include <netinet/ip.h>
+ #include <netinet/in.h>
++#include <netinet/in_systm.h>
++#include <netinet/ip.h>
+ #include <sys/socket.h>
+ #include <arpa/inet.h>
+ 
diff --git a/net/proxy-suite/patches/patch-regex b/net/proxy-suite/patches/patch-regex
new file mode 100644
index 00000000000..4e40b28d3cd
--- /dev/null
+++ b/net/proxy-suite/patches/patch-regex
@@ -0,0 +1,22 @@
+$OpenBSD: patch-regex,v 1.1.1.1 2000/02/28 09:27:02 camield Exp $
+
+regex is only defined in the cmd struct when HAVE_REGEX is defined
+
+--- ftp-proxy/ftp-cmds.c.orig	Fri Feb 11 15:23:59 2000
++++ ftp-proxy/ftp-cmds.c	Fri Feb 11 15:25:33 2000
+@@ -371,6 +371,7 @@ static void cmds_user(CONTEXT *ctx, char
+ 	for (cmd = cmdlist; cmd->name != NULL; cmd++) {
+ 		if (strcasecmp("USER", cmd->name) != 0)
+ 			continue;
++#if defined(HAVE_REGEX)
+ 		if (cmd->regex == NULL)
+ 			break;
+ 		if ((p = cmds_reg_exec(cmd->regex, arg)) != NULL) {
+@@ -383,6 +384,7 @@ static void cmds_user(CONTEXT *ctx, char
+ 				ctx->cli_ctrl->peer, p);
+ 			return;
+ 		}
++#endif
+ 		break;
+ 	}
+ 
diff --git a/net/proxy-suite/pkg/COMMENT b/net/proxy-suite/pkg/COMMENT
new file mode 100644
index 00000000000..00854b9543a
--- /dev/null
+++ b/net/proxy-suite/pkg/COMMENT
@@ -0,0 +1 @@
+set of programs to enhance firewall security
diff --git a/net/proxy-suite/pkg/DESCR b/net/proxy-suite/pkg/DESCR
new file mode 100644
index 00000000000..b21d2e8b648
--- /dev/null
+++ b/net/proxy-suite/pkg/DESCR
@@ -0,0 +1,22 @@
+This is the the SuSE Proxy-Suite, a set of programs to enhance firewall
+security. The first (and currently only) component being released is the
+FTP-Proxy.
+
+FTP-Proxy
+---------
+
+- Securely relays FTP connections between clients and servers 
+- Can switch connections from active to passive and vice versa 
+- Utilizes port ranges for both control and data connections 
+- Provides extensive auditing (via syslog or rotating log files) 
+- Can separate user related from system triggered audit events 
+- Provides command restriction based on logged in user name 
+- Allows command argument checking with regular expressions (*)
+- Is able to retrieve configuration data from an LDAP directory (*)
+- Has been thoroughly tested against buffer overflow attacks 
+- Fully conforms to RFC 959 and 1123 (the basic FTP RFCs) 
+- Planned to support RFC 1579 ("Firewall Friendly FTP") 
+- Planned to support RFC 2428 (IPv6 Extensions for FTP) 
+- Based on GNU AutoConf, supposed to run on many UNIX systems
+
+(*) Not in this OpenBSD port.
diff --git a/net/proxy-suite/pkg/INSTALL b/net/proxy-suite/pkg/INSTALL
new file mode 100755
index 00000000000..688034bfdb1
--- /dev/null
+++ b/net/proxy-suite/pkg/INSTALL
@@ -0,0 +1,62 @@
+#!/bin/sh
+# $OpenBSD: INSTALL,v 1.1.1.1 2000/02/28 09:27:02 camield Exp $
+#
+# Pre/post-installation setup of proxy-suite
+# (based on the squid INSTALL file)
+
+set -e
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+PREFIX=${PREFIX:-$PKG_PREFIX}
+SYSCONFDIR=${SYSCONFDIR:-/etc}
+SAMPLE_DIR=$PREFIX/lib/proxy-suite/conf
+
+do_notice_conf()
+{
+    # Copy configuration files so they can be packaged.
+    # Package builders: manually remove the configuration files,
+    # to be sure that vanilla ones get packaged.
+
+    if [ ! -f $SAMPLEDIR/ftp-proxy.conf ]; then
+	mkdir -p $SAMPLE_DIR
+	cp $SYSCONFDIR/ftp-proxy.conf $SAMPLE_DIR
+    fi
+    cat <<FMT | fmt
+The existing $1 configuration files in $SYSCONFDIR have NOT been changed.
+You may want to compare them to the samples in $SAMPLE_DIR, and update
+your configuration files as needed.
+FMT
+    echo
+}
+
+do_install_conf()
+{
+    cp $SAMPLE_DIR/ftp-proxy.conf $SYSCONFDIR
+    cat <<FMT | fmt
+Sample configuration files can be found in $SAMPLE_DIR. A fresh set of
+configuration files have been copied to $SYSCONFDIR. Please change those
+to meet your needs.
+FMT
+    echo
+}
+
+case $2 in
+    PRE-INSTALL)
+        ;;
+    POST-INSTALL)
+	echo "+----------------"
+	echo "| Finished installing $1"
+	echo "+----------------"
+	echo
+        if [ -f $SYSCONFDIR/ftp-proxy.conf ]; then
+            do_notice_conf $1
+        else
+            do_install_conf $1
+        fi
+        ;;
+    *)
+        echo "usage: `basename $0` distname <PRE-INSTALL|POST-INSTAL>" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/net/proxy-suite/pkg/PLIST b/net/proxy-suite/pkg/PLIST
new file mode 100644
index 00000000000..667407c7e68
--- /dev/null
+++ b/net/proxy-suite/pkg/PLIST
@@ -0,0 +1,6 @@
+lib/proxy-suite/conf/ftp-proxy.conf
+man/man5/ftp-proxy.conf.5
+man/man8/ftp-proxy.8
+sbin/ftp-proxy
+@dirrm lib/proxy-suite/conf
+@dirrm lib/proxy-suite