Description: Patches up to linux-ftpd-ssl 0.17.18+0.3-3 Author: Christoph Martin Cai Qian and probably others Last-Update: 2010-06-09 Index: linux-ftpd-ssl/ftpd/ftpd.8 =================================================================== --- linux-ftpd-ssl.orig/ftpd/ftpd.8 2010-07-25 01:21:47.000000000 +0100 +++ linux-ftpd-ssl/ftpd/ftpd.8 2010-07-25 01:21:47.000000000 +0100 @@ -148,6 +148,53 @@ .It Fl u Change the default umask from 027 to .Ar mask . +.It Fl z Ar SSL-parameter +This option is only valid if +.Nm ftpd +has been built with SSL (Secure Socket Layer) support. +.Bl -tag -width Fl +.It Ic debug +Enable SSL related debugging. +.It Ic ssl +Negotiate SSL at first, then use ftp protocol. In this mode ftpd +only accepts connections from SSL enhanced ftp with option +.Ic -z ssl . +(Not yet implemented) +.It Ic nossl, !ssl +switch of SSL negotiation +.It Ic certsok +Look username up in /etc/ssl.users. The format of this file is lines +of this form: +.Ar user1,user2:/C=US/..... +where user1 and user2 are usernames. If client certificate is valid, +authenticate without password. +.It Ic certrequired +client certificate is mandatory +.It Ic secure +Don't switch back to unencrypted mode (no SSL) if SSL is not available. +.It Ic verify=int +.\" TODO +Set the SSL verify flags (SSL_VERIFY_* in +.Ar ssl/ssl.h +). +.\" TODO +.It Ic cert=cert_file +.\" TODO +Use the certificate(s) in +.Ar cert_file . +.It Ic key=key_file +.\" TODO +Use the key(s) in +.Ar key_file . +.It Ic cipher=ciph_list +.\" TODO +Set the preferred ciphers to +.Ar ciph_list . +.\" TODO: possible values; comma-separated list? +(See +.Ar ssl/ssl.h +). +.El .El .Pp The file Index: linux-ftpd-ssl/ftpd/ftpd.c =================================================================== --- linux-ftpd-ssl.orig/ftpd/ftpd.c 2010-07-25 01:21:47.000000000 +0100 +++ linux-ftpd-ssl/ftpd/ftpd.c 2010-07-25 01:21:47.000000000 +0100 @@ -1426,7 +1426,7 @@ #ifdef USE_SSL && !ssl_auto_login #endif - ) { /* "ftp" is only account allowed no password */ + ) { /* "ftp" is only account allowed no password */ #endif /* * Try to authenticate the user @@ -1447,7 +1447,11 @@ return; } #ifdef USE_PAM - if (guest) { + if (guest +#ifdef USE_SSL + || ssl_auto_login +#endif + ) { #else } else { #endif @@ -1988,10 +1992,7 @@ BIO_printf(bio_err,"===>DONE SSL_accept on DATA\n"); } else { - reply(150, "Opening %s mode data connection for %s%s.", - type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); - } -#else /* !USE_SSL */ +#endif /* USE_SSL */ if (stou) { reply(150, "FILE: %s", name); } else { @@ -2000,6 +2001,8 @@ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); } +#ifdef USE_SSL + } #endif /* USE_SSL */ return (fdopen(pdata, mode)); } @@ -2122,10 +2125,7 @@ BIO_printf(bio_err,"===>DONE SSL_accept on DATA\n"); } else { - reply(150, "Opening %s mode data connection for %s%s.", - type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); - } -#else /* !USE_SSL */ +#endif /* USE_SSL */ if (stou) { reply(150, "FILE: %s", name); } else { @@ -2134,6 +2134,8 @@ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); } +#ifdef USE_SSL + } #endif /* USE_SSL */ return (file); } Index: linux-ftpd-ssl/ftpd/ftpcmd.y =================================================================== --- linux-ftpd-ssl.orig/ftpd/ftpcmd.y 2010-07-25 01:21:47.000000000 +0100 +++ linux-ftpd-ssl/ftpd/ftpcmd.y 2010-07-25 01:21:47.000000000 +0100 @@ -227,7 +227,7 @@ { if (!strncmp((char *) $3,"SSL",3)) { #ifdef USE_SSL - reply(334, "AUTH SSL OK."); + reply(234, "AUTH SSL OK."); /* now do all the hard work :-) */ do_ssl_start();