diff --git a/net/vsftpd/Makefile b/net/vsftpd/Makefile index 34f26e3e28627..b4ffe3bc01932 100644 --- a/net/vsftpd/Makefile +++ b/net/vsftpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vsftpd PKG_VERSION:=3.0.5 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://security.appspot.com/downloads/ @@ -92,6 +92,8 @@ define Package/vsftpd/install $(INSTALL_CONF) ./files/$(PKG_NAME).conf $(1)/etc/$(PKG_NAME).conf $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/$(PKG_NAME).uci $(1)/etc/config/$(PKG_NAME) $(INSTALL_DIR) $(1)/etc/vsftpd endef diff --git a/net/vsftpd/files/vsftpd.init b/net/vsftpd/files/vsftpd.init index a1673ee43f8e2..610253d194576 100644 --- a/net/vsftpd/files/vsftpd.init +++ b/net/vsftpd/files/vsftpd.init @@ -5,9 +5,149 @@ START=50 USE_PROCD=1 BIN=vsftpd +. /lib/functions.sh + +PORT=21 +OUTPUT_CONF="/var/etc/vsftpd.conf" +readonly TEMP_OUTPUT_CONF="/var/etc/vsftpd.conf.tmp" + +write_conf() { + local key="$1" + local value="$2" + + if [ -n "$key" ] && [ -n "$value" ]; then + echo "$key=$value" >> "$TEMP_OUTPUT_CONF" + fi +} + +write_conf_bool() { + local key="$1" + local value="$2" + + if [ "$value" = "1" ]; then + write_conf "$key" "YES" + else + write_conf "$key" "NO" + fi +} + +validate_vsftpd_section() { + uci_load_validate vsftpd global "$1" "$2" \ + 'listen:bool:1' \ + 'listen_ipv6:bool:0' \ + 'listen_port:port' \ + 'anonymous_enable:bool:0' \ + 'anon_root:directory' \ + 'local_enable:bool:1' \ + 'local_root:directory' \ + 'write_enable:bool:1' \ + 'local_umask:uinteger:022' \ + 'check_shell:bool:0' \ + 'dirmessage_enable:bool:1' \ + 'secure_chroot_dir:directory' \ + 'ftpd_banner:string' \ + 'session_support:bool:0' \ + 'syslog_enable:bool' \ + 'userlist_enable:bool' \ + 'userlist_deny:bool' \ + 'userlist_file:file' \ + 'xferlog_enable:bool' \ + 'xferlog_file:file' \ + 'xferlog_std_format:bool' \ + 'ssl_enable:bool' \ + 'allow_anon_ssl:bool' \ + 'force_local_data_ssl:bool' \ + 'force_local_logins_ssl:bool' \ + 'ssl_tlsv1:bool' \ + 'ssl_sslv2:bool' \ + 'ssl_sslv3:bool' \ + 'rsa_cert_file:file' \ + 'rsa_private_key_file:file' +} + +setup_vsftpd() { + local section="$1" + local validation_result="$2" + + if [ "$validation_result" != "0" ]; then + echo "Validation failed for section: $section" + return 1 + fi + + rm -rf "$TEMP_OUTPUT_CONF" # Clear temporary file + touch "$TEMP_OUTPUT_CONF" + + # always run in foreground + write_conf_bool "background" "0" + + [ -n "$listen" ] && write_conf_bool "listen" "$listen" + [ -n "$listen_ipv6" ] && write_conf_bool "listen_ipv6" "$listen_ipv6" + [ -n "$anonymous_enable" ] && write_conf_bool "anonymous_enable" "$anonymous_enable" + [ -n "$local_enable" ] && write_conf_bool "local_enable" "$local_enable" + [ -n "$write_enable" ] && write_conf_bool "write_enable" "$write_enable" + [ -n "$check_shell" ] && write_conf_bool "check_shell" "$check_shell" + [ -n "$dirmessage_enable" ] && write_conf_bool "dirmessage_enable" "$dirmessage_enable" + [ -n "$session_support" ] && write_conf_bool "session_support" "$session_support" + [ -n "$syslog_enable" ] && write_conf_bool "syslog_enable" "$syslog_enable" + [ -n "$userlist_enable" ] && write_conf_bool "userlist_enable" "$userlist_enable" + [ -n "$userlist_deny" ] && write_conf_bool "userlist_deny" "$userlist_deny" + [ -n "$xferlog_enable" ] && write_conf_bool "xferlog_enable" "$xferlog_enable" + [ -n "$xferlog_std_format" ] && write_conf_bool "xferlog_std_format" "$xferlog_std_format" + [ -n "$ssl_enable" ] && write_conf_bool "ssl_enable" "$ssl_enable" + [ -n "$allow_anon_ssl" ] && write_conf_bool "allow_anon_ssl" "$allow_anon_ssl" + [ -n "$force_local_data_ssl" ] && write_conf_bool "force_local_data_ssl" "$force_local_data_ssl" + [ -n "$force_local_logins_ssl" ] && write_conf_bool "force_local_logins_ssl" "$force_local_logins_ssl" + [ -n "$ssl_tlsv1" ] && write_conf_bool "ssl_tlsv1" "$ssl_tlsv1" + [ -n "$ssl_sslv2" ] && write_conf_bool "ssl_sslv2" "$ssl_sslv2" + [ -n "$ssl_sslv3" ] && write_conf_bool "ssl_sslv3" "$ssl_sslv3" + + [ -n "$anon_root" ] && write_conf "anon_root" "$anon_root" + [ -n "$ftpd_banner" ] && write_conf "ftpd_banner" "$ftpd_banner" + [ -n "$listen_port" ] && { write_conf "listen_port" "$listen_port"; PORT="$listen_port"; } + [ -n "$local_umask" ] && write_conf "local_umask" "$local_umask" + [ -n "$local_root" ] && write_conf "local_root" "$local_root" + [ -n "$rsa_cert_file" ] && write_conf "rsa_cert_file" "$rsa_cert_file" + [ -n "$rsa_private_key_file" ] && write_conf "rsa_private_key_file" "$rsa_private_key_file" + [ -n "$secure_chroot_dir" ] && write_conf "secure_chroot_dir" "$secure_chroot_dir" + [ -n "$userlist_file" ] && write_conf "userlist_file" "$userlist_file" + [ -n "$xferlog_file" ] && write_conf "xferlog_file" "$xferlog_file" + + # move temporary file to the main configuration file + mv "$TEMP_OUTPUT_CONF" "$OUTPUT_CONF" +} + start_service() { - procd_open_instance - procd_set_param command $BIN + local disabled mdns conf_file + + # Load UCI configuration for vsftpd + config_load vsftpd + + # if disabled, just return + config_get_bool disabled global disabled 0 + if [ "${disabled}" -eq 1 ]; then + return + fi + + config_get_bool conf_file global conf_file "" + if [ -n "$conf_file" ]; then + # use user defined conf file instead of UCI + OUTPUT_CONF="$conf_file" + else + # Process the global configuration + config_foreach validate_vsftpd_section global setup_vsftpd + fi + + procd_open_instance "vsftpd" + + config_get_bool mdns global mdns 0 + [ "${mdns}" -eq 1 ] && procd_add_mdns "ftp" "tcp" "$PORT" "daemon=$BIN" + + procd_set_param command "$BIN" "$OUTPUT_CONF" procd_set_param respawn procd_close_instance } + +service_triggers() { + procd_add_reload_trigger "vsftpd" + procd_add_validation validate_vsftpd_section +} diff --git a/net/vsftpd/files/vsftpd.uci b/net/vsftpd/files/vsftpd.uci new file mode 100644 index 0000000000000..1394742df188e --- /dev/null +++ b/net/vsftpd/files/vsftpd.uci @@ -0,0 +1,6 @@ +config global 'global' + option listen '1' + option write_enable '1' + option anonymous_enable '0' + option local_enable '1' + option mdns '0'