nuke insecure proftpd port. ok'd by maint.

This commit is contained in:
turan 1999-11-08 15:54:41 +00:00
parent 001e0de728
commit 7de6073ffa
11 changed files with 0 additions and 350 deletions

View File

@ -1,65 +0,0 @@
# $OpenBSD: Makefile,v 1.15 1999/10/27 22:54:42 brad Exp $
# $FreeBSD: Makefile,v 1.7 1999/02/12 21:55:04 obrien Exp $
DISTNAME= proftpd-1.2.0pre9
PKGNAME= proftpd-1.2.0
CATEGORIES= net
MASTER_SITES= ftp://ftp.tos.net/pub/proftpd/ \
NEED_VERSION= 1.73
# If you remove that BROKEN line, the port will build.
#
# But there have been a series of holes and exploits posted recently,
# so using proftpd is a sure way to let yourself be vulnerable.
#
# It is recommended that you don't use proftpd for now,
# unless you're really sure you know what you are doing.
#
BROKEN= "Needs a security audit. Use at your own risk"
MAINTAINER= brad@openbsd.org
USE_GMAKE= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir="/var/run" \
--with-modules="mod_ratio:mod_readme"
post-configure:
@${MV} ${WRKSRC}/src/proftpd.8 ${WRKSRC}/src/proftpd.8.pre_sed
@${SED} -e 's:/usr/sbin/proftpd:${PREFIX}/libexec/proftpd:' \
-e 's:/usr/sbin:${PREFIX}/sbin:' \
-e 's:/usr/bin:${PREFIX}/bin:' \
-e 's:/var/run:/var/run/proftpd:' \
< ${WRKSRC}/src/proftpd.8.pre_sed > ${WRKSRC}/src/proftpd.8
@${MV} ${WRKSRC}/src/ftpshut.8 ${WRKSRC}/src/ftpshut.8.pre_sed
@${SED} -e 's:/usr/sbin:${PREFIX}/sbin:' \
-e 's:/etc:/var/run:' \
-e 's:/var/run:/var/run/proftpd:' \
< ${WRKSRC}/src/ftpshut.8.pre_sed > ${WRKSRC}/src/ftpshut.8
@${MV} ${WRKSRC}/src/ftpcount.1 ${WRKSRC}/src/ftpcount.1.pre_sed
@${SED} -e 's:/usr/bin:${PREFIX}/bin:' \
-e 's:/var/run:/var/run/proftpd:' \
< ${WRKSRC}/src/ftpcount.1.pre_sed > ${WRKSRC}/src/ftpcount.1
@${MV} ${WRKSRC}/src/ftpwho.1 ${WRKSRC}/src/ftpwho.1.pre_sed
@${SED} -e 's:/usr/bin:${PREFIX}/bin:' \
-e 's:/var/run:/var/run/proftpd:' \
< ${WRKSRC}/src/ftpwho.1.pre_sed > ${WRKSRC}/src/ftpwho.1
do-install:
@${MKDIR} ${PREFIX}/lib/proftpd
${INSTALL_PROGRAM} ${WRKSRC}/ftpcount ${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKSRC}/ftpwho ${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKSRC}/proftpd ${PREFIX}/libexec
${INSTALL_PROGRAM} ${WRKSRC}/ftpshut ${PREFIX}/sbin
${INSTALL_MAN} ${WRKSRC}/src/ftpcount.1 ${PREFIX}/man/man1
${INSTALL_MAN} ${WRKSRC}/src/ftpwho.1 ${PREFIX}/man/man1
${INSTALL_MAN} ${WRKSRC}/src/xferlog.5 ${PREFIX}/man/man5
${INSTALL_MAN} ${WRKSRC}/src/ftpshut.8 ${PREFIX}/man/man8
${INSTALL_MAN} ${WRKSRC}/src/proftpd.8 ${PREFIX}/man/man8
${INSTALL_DATA} ${WRKSRC}/sample-configurations/basic.conf ${PREFIX}/lib/proftpd/proftpd.conf.sample
post-install:
@PKG_PREFIX="${PREFIX}" ${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL
.include <bsd.port.mk>

View File

@ -1,3 +0,0 @@
MD5 (proftpd-1.2.0pre9.tar.gz) = 0ad6feb4b59b29240632b77ffc303b14
RMD160 (proftpd-1.2.0pre9.tar.gz) = eeb3dc4de8920380e18737a8489abaee90a2a701
SHA1 (proftpd-1.2.0pre9.tar.gz) = c291e48e20aedfac640bc242c2b48a063f9f060a

View File

@ -1,69 +0,0 @@
--- sample-configurations/basic.conf.orig Sat Oct 17 22:24:41 1998
+++ sample-configurations/basic.conf Fri Mar 12 10:00:16 1999
@@ -1,3 +1,8 @@
+#
+# To have more informations about Proftpd configuration
+# look at : http://www.proftpd.org/
+#
+
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
@@ -30,24 +35,37 @@
AllowOverwrite on
</Directory>
-# A basic anonymous configuration, no upload directories.
-<Anonymous ~ftp>
- User ftp
- Group ftp
- # We want clients to be able to login with "anonymous" as well as "ftp"
- UserAlias anonymous ftp
-
- # Limit the maximum number of anonymous logins
- MaxClients 10
-
- # We want 'welcome.msg' displayed at login, and '.message' displayed
- # in each newly chdired directory.
- DisplayLogin welcome.msg
- DisplayFirstChdir .message
-
- # Limit WRITE everywhere in the anonymous chroot
- <Limit WRITE>
- DenyAll
- </Limit>
+#########################################################################
+# #
+# Uncomment lines with only one # to allow basic anonymous access #
+# #
+#########################################################################
+
+### A basic anonymous configuration, no upload directories.
+# <Anonymous ~ftp>
+# User ftp
+# Group ftp
+ ### We want clients to be able to login with "anonymous" as well as "ftp"
+ # UserAlias anonymous ftp
+
+ ### Limit the maximum number of anonymous logins
+ # MaxClients 10
+
+ ### It is wise when making an 'ftp' user that you either block its
+ ### ability to login either via /etc/login.access or my giving it
+ ### an invalid shell.
+ ### Uncomment this if the 'ftp' user you made has an invalid shell
+
+ # RequireValidShell off
+
+ ### We want 'welcome.msg' displayed at login, and '.message' displayed
+ ### in each newly chdired directory.
+ # DisplayLogin welcome.msg
+ # DisplayFirstChdir .message
+
+ ### Limit WRITE everywhere in the anonymous chroot
+ # <Limit WRITE>
+ # DenyAll
+ # </Limit>
-</Anonymous>
+# </Anonymous>

View File

@ -1,29 +0,0 @@
--- src/log.c.orig Sun Oct 10 23:13:13 1999
+++ src/log.c Wed Oct 27 17:29:28 1999
@@ -46,7 +46,7 @@
static int syslog_discard = FALSE;
static int logstderr = TRUE;
static int debug_level = DEBUG0; /* Default is no debug logging */
-static int facility = LOG_DAEMON;
+static int facility = LOG_FTP;
static int set_facility = -1;
static char *syslog_fn = NULL;
static char *syslog_hostname;
@@ -772,7 +772,7 @@
log(priority, facility, buf);
}
-/* Like log_pri(), but sends the log entry in the LOG_AUTHPRIV
+/* Like log_pri(), but sends the log entry in the LOG_FTP
* facility (presumable it doesn't need to be seen by everyone
*/
@@ -787,7 +787,7 @@
buf[sizeof(buf) - 1] = '\0';
- log(priority, LOG_AUTHPRIV, buf);
+ log(priority, LOG_FTP, buf);
}
/* Disable logging to stderr, should be done right before forking

View File

@ -1,50 +0,0 @@
--- modules/mod_auth.c.orig Sat Oct 23 01:18:49 1999
+++ modules/mod_auth.c Wed Oct 27 17:36:14 1999
@@ -70,7 +70,7 @@
"closing control connection.",
TimeoutLogin);
- main_exit((void*) LOG_NOTICE, "FTP login timed out, disconnected.",
+ main_exit((void*) LOG_INFO, "FTP login timed out, disconnected.",
(void*) 0, NULL);
/* should never be reached */
@@ -784,9 +784,9 @@
resolve_anonymous_dirs(c->subset);
if(c)
- log_auth(LOG_NOTICE, "ANON %s: Login successful.", origuser);
+ log_auth(LOG_INFO, "ANON %s: Login successful.", origuser);
else
- log_auth(LOG_NOTICE,"USER %s: Login successful.", origuser);
+ log_auth(LOG_INFO,"USER %s: Login successful.", origuser);
/* Write the login to wtmp. This must be done here because we won't
* have access after we give up root. This can result in falsified
@@ -1146,7 +1146,7 @@
"Too many users in your class, "
"please try again later.");
- log_auth(LOG_NOTICE, "Connection refused (max clients for class %s).",
+ log_auth(LOG_INFO, "Connection refused (max clients for class %s).",
session.class->name);
end_login(0);
@@ -1179,7 +1179,7 @@
send_response(R_530,"%s",
sreplace(cmd->tmp_pool,maxstr,"%m",maxn,NULL));
- log_auth(LOG_NOTICE, "Connection refused (max clients per host %d).",
+ log_auth(LOG_INFO, "Connection refused (max clients per host %d).",
max);
end_login(0);
@@ -1203,7 +1203,7 @@
if(cur >= max) {
send_response(R_530, "%s",
sreplace(cmd->tmp_pool, maxstr, "%m", maxn, NULL));
- log_auth(LOG_NOTICE, "Connection refused (max clients %d).", max);
+ log_auth(LOG_INFO, "Connection refused (max clients %d).", max);
end_login(0);
}

View File

@ -1,15 +0,0 @@
--- src/proftpd.8.orig Sun Feb 21 23:13:30 1999
+++ src/proftpd.8 Sun Feb 21 23:14:10 1999
@@ -21,6 +21,12 @@
may be invoked by the Internet "super-server" inetd(8) each time a
connection to the FTP service is made, or alternatively it can be run as a
stand-alone daemon.
+.br
+.PP
+Each successful and failed ftp(1) session is logged using syslog with a
+facility of LOG_FTP. Note: LOG_FTP messages are not displayed
+by syslogd(8) by default, and may have to be enabled in syslogd(8)'s
+configuration file.
When
.B proftpd

View File

@ -1 +0,0 @@
highly configurable ftp daemon

View File

@ -1,27 +0,0 @@
# $OpenBSD: DEINSTALL,v 1.2 1999/10/27 22:54:43 brad Exp $
#
# proftpd de-installation
set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin
PREFIX=${PKG_PREFIX:-/usr/local}
CONFIG_FILE=/etc/proftpd.conf
rm -rf /var/run/proftpd
if [ -f ${CONFIG_FILE} ]; then
echo
echo "+---------------"
echo "| To completely deinstall the $1 package you need to perform"
echo "| this step as root:"
echo "|"
echo "| rm -f ${CONFIG_FILE}"
echo "| rm -rf /var/run/proftpd"
echo "|"
echo "| Do not do this if you plan on re-installing $1"
echo "| at some future time."
echo "+---------------"
echo
fi
exit 0

View File

@ -1,10 +0,0 @@
ProFTPD is a highly configurable ftp daemon for unix
and unix-like operating systems. ProFTPD is designed
to be somewhat of a "drop-in" replacement for wu-ftpd.
Full online documentation is available at
http://www.proftpd.org/, including a server
configuration directive reference manual.
- Stephane Legrand
stephane@lituus.fr

View File

@ -1,70 +0,0 @@
#!/bin/sh
# $OpenBSD: INSTALL,v 1.1 1999/04/27 19:34:42 brad Exp $
#
# Pre/post-installation setup of proftpd
# exit on errors, use a sane path and install prefix
#
set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin
PREFIX=${PKG_PREFIX:-/usr/local}
CONFIG_FILE=/etc/proftpd.conf
mkdir -p /var/run/proftpd
# Function: tell the user what s/he needs to do to use the port just installed
#
do_notice()
{
echo
echo "+---------------"
echo "| The existing $1 configuration file, ${CONFIG_FILE},"
echo "| has NOT been changed. You may want to compare it to the"
echo "| current sample file, ${PREFIX}/lib/proftpd/proftpd.conf.sample,"
echo "| and update your configuration as needed."
echo "+---------------"
echo
}
# Function: install the system proftpd.conf from the sample
#
do_install()
{
cp ${PREFIX}/lib/proftpd/proftpd.conf.sample ${CONFIG_FILE}
echo
echo "+---------------"
echo "| The $1 configuration file, ${CONFIG_FILE},"
echo "| has been installed. Please view this file and change"
echo "| the configuration to meet your needs"
echo "+---------------"
echo
}
# verify proper execution
#
if [ $# -ne 2 ]; then
echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
exit 1
fi
# Verify/process the command
#
case $2 in
PRE-INSTALL)
: nothing to pre-install for this port
;;
POST-INSTALL)
if [ -f $CONFIG_FILE ]; then
do_notice $1
else
do_install $1
fi
;;
*)
echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
exit 1
;;
esac
exit 0

View File

@ -1,11 +0,0 @@
bin/ftpcount
bin/ftpwho
lib/proftpd/proftpd.conf.sample
libexec/proftpd
sbin/ftpshut
man/man1/ftpcount.1
man/man1/ftpwho.1
man/man5/xferlog.5
man/man8/proftpd.8
man/man8/ftpshut.8
@dirrm lib/proftpd