ftp/vsftpd: add full dual stack support

make option PIDFILE default
add second binary and config for full dual stack support
use @sample
fix build for FreeBSD-14

support: USERS and GROUPS
PR: 257803

8 files changed, 113 insertions, 17 deletions

diff --git a/ftp/vsftpd/Makefile b/ftp/vsftpd/Makefile
index 06994ea91785..266693ae4aab 100644
--- a/ftp/vsftpd/Makefile
+++ b/ftp/vsftpd/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	vsftpd
 PORTVERSION=	3.0.5
+PORTREVISION=	1
 CATEGORIES=	ftp
 MASTER_SITES=	https://security.appspot.com/downloads/ \
 		GENTOO
@@ -11,11 +12,11 @@ WWW=		https://security.appspot.com/vsftpd.html
 
 LICENSE=	GPLv2
 
-#USERS=		ftp
-#GROUPS=	ftp
+USERS=		ftp
+GROUPS=		ftp
 USES=		cpe alias
 ALL_TARGET=	vsftpd
-USE_RC_SUBR=	vsftpd
+USE_RC_SUBR=	vsftpd vsftpd6
 DOCFILES=	AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \
 		README README.security README.ssl REFS REWARD \
 		SIZE SPEED TODO TUNING
@@ -23,7 +24,7 @@ DOCFILES=	AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \
 CPE_VENDOR=	vsftpd_project
 
 OPTIONS_DEFINE=	VSFTPD_SSL PIDFILE STACKPROTECTOR DOCS
-OPTIONS_DEFAULT?=	VSFTPD_SSL STACKPROTECTOR
+OPTIONS_DEFAULT?=	VSFTPD_SSL PIDFILE STACKPROTECTOR
 NO_OPTIONS_SORT=yes
 
 VSFTPD_SSL_DESC=Include support for SSL
@@ -78,17 +79,21 @@ do-configure:
 		-e "s|	-Wl,-s|	${VSFTPD_LIBS}|" \
 		${WRKSRC}/Makefile
 	${REINPLACE_CMD} -e '/-lutil/d' ${WRKSRC}/vsf_findlibs.sh
-	@${ECHO_CMD} "secure_chroot_dir=${PREFIX}/share/vsftpd/empty" >> \
-		${WRKSRC}/vsftpd.conf
-	@${ECHO_CMD} >>${WRKSRC}/vsftpd.conf ""
-	@${ECHO_CMD} >>${WRKSRC}/vsftpd.conf \
-		"# If using vsftpd in standalone mode, uncomment the next two lines:"
-	@${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "# listen=YES"
-	@${ECHO_CMD} >>${WRKSRC}/vsftpd.conf "# background=YES"
+	${CAT} ${FILESDIR}/chroot.conf >> ${WRKSRC}/vsftpd.conf
+	${CP} ${WRKSRC}/vsftpd.conf ${WRKSRC}/vsftpd6.conf
+.if ${PORT_OPTIONS:MPIDFILE}
+	${CAT} ${FILESDIR}/pidfile.conf >> ${WRKSRC}/vsftpd.conf
+	${SED} -e 's|vsftpd.pid|vsftpd6.pid|' ${FILESDIR}/pidfile.conf \
+		>> ${WRKSRC}/vsftpd6.conf
+.endif
+	${CAT} ${FILESDIR}/listen.conf >> ${WRKSRC}/vsftpd.conf
+	${CAT} ${FILESDIR}/listen6.conf >> ${WRKSRC}/vsftpd6.conf
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/vsftpd ${STAGEDIR}${PREFIX}/libexec/
-	${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.dist
+	${LN} ${STAGEDIR}${PREFIX}/libexec/vsftpd ${STAGEDIR}${PREFIX}/libexec/vsftpd6
+	${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.sample
+	${INSTALL_DATA} ${WRKSRC}/vsftpd6.conf ${STAGEDIR}${PREFIX}/etc/vsftpd6.conf.sample
 	${INSTALL_MAN} ${WRKSRC}/vsftpd.conf.5 ${STAGEDIR}${PREFIX}/man/man5/
 	${INSTALL_MAN} ${WRKSRC}/vsftpd.8 ${STAGEDIR}${PREFIX}/man/man8/
 	${MKDIR} ${STAGEDIR}/var/ftp ${STAGEDIR}${PREFIX}/share/vsftpd/empty
diff --git a/ftp/vsftpd/files/chroot.conf b/ftp/vsftpd/files/chroot.conf
new file mode 100644
index 000000000000..6756a5256231
--- /dev/null
+++ b/ftp/vsftpd/files/chroot.conf
@@ -0,0 +1,7 @@
+
+# This option should be the name of a directory which is empty.
+# Also, the directory should not be writable by the ftp user. This
+# directory is used as a secure chroot() jail at times vsftpd does
+# not require filesystem access.
+secure_chroot_dir=/usr/local/share/vsftpd/empty
+
diff --git a/ftp/vsftpd/files/listen.conf b/ftp/vsftpd/files/listen.conf
new file mode 100644
index 000000000000..4af4d079c871
--- /dev/null
+++ b/ftp/vsftpd/files/listen.conf
@@ -0,0 +1,5 @@
+
+# If using vsftpd in standalone mode, uncomment the next two lines:
+# listen=YES
+# background=YES
+
diff --git a/ftp/vsftpd/files/listen6.conf b/ftp/vsftpd/files/listen6.conf
new file mode 100644
index 000000000000..85ec034a61ee
--- /dev/null
+++ b/ftp/vsftpd/files/listen6.conf
@@ -0,0 +1,5 @@
+
+# If using vsftpd6 in standalone mode, uncomment the next two lines:
+listen_ipv6=YES
+background=YES
+
diff --git a/ftp/vsftpd/files/patch-ssl.c b/ftp/vsftpd/files/patch-ssl.c
index c5d1cb7be75f..5ff044dab8d5 100644
--- a/ftp/vsftpd/files/patch-ssl.c
+++ b/ftp/vsftpd/files/patch-ssl.c
@@ -1,5 +1,18 @@
 --- ssl.c.orig	2021-08-02 06:24:35 UTC
 +++ ssl.c
+@@ -31,10 +31,10 @@
+ #include <errno.h>
+ #include <limits.h>
+ 
+-static char* get_ssl_error();
++static char* get_ssl_error(void);
+ static SSL* get_ssl(struct vsf_session* p_sess, int fd);
+ static int ssl_session_init(struct vsf_session* p_sess);
+-static void setup_bio_callbacks();
++static void setup_bio_callbacks(SSL* p_ssl);
+ static long bio_callback(
+   BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
+ static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
 @@ -93,10 +93,12 @@ ssl_init(struct vsf_session* p_sess)
      {
        options |= SSL_OP_NO_TLSv1_2;
@@ -13,3 +26,12 @@
      SSL_CTX_set_options(p_ctx, options);
      if (tunable_rsa_cert_file)
      {
+@@ -683,7 +685,7 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess
+ }
+ 
+ static char*
+-get_ssl_error()
++get_ssl_error(void)
+ {
+   SSL_load_error_strings();
+   return ERR_error_string(ERR_get_error(), NULL);
diff --git a/ftp/vsftpd/files/pidfile.conf b/ftp/vsftpd/files/pidfile.conf
new file mode 100644
index 000000000000..71288a9035a3
--- /dev/null
+++ b/ftp/vsftpd/files/pidfile.conf
@@ -0,0 +1,6 @@
+
+# This option has efect only if background is set.
+# It writes pid of running daemon to file at the specified path.
+# Default: (none) (no pidfile is created)
+#pid_file=/var/run/vsftpd.pid
+
diff --git a/ftp/vsftpd/files/vsftpd6.in b/ftp/vsftpd/files/vsftpd6.in
new file mode 100644
index 000000000000..a9ed8625b043
--- /dev/null
+++ b/ftp/vsftpd/files/vsftpd6.in
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+# PROVIDE: vsftpd6
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+#
+# To enable 'vsftpd' in standalone mode, you need to edit two files.
+# 1. add the following line(s) to /etc/rc.conf to enable `vsftpd':
+#
+# vsftpd6_enable="YES"
+# vsftpd6_flags="-ooption=value" # Not required
+# vsftpd6_config="/some/path/conf.file" # Not required
+#
+
+. /etc/rc.subr
+
+name="vsftpd6"
+desc="Vsftpd FTP IPv6 Server"
+rcvar="vsftpd6_enable"
+
+load_rc_config "$name"
+
+: ${vsftpd6_enable:="NO"}
+: ${vsftpd6_config:="%%PREFIX%%/etc/$name.conf"}
+: ${vsftpd6_flags:=-olisten_ipv6=YES -obackground=YES}
+command="%%PREFIX%%/libexec/$name"
+required_files="${vsftpd6_config}"
+start_precmd="vsftpd6_check"
+extra_commands="reload"
+vsftpd6_flags="${vsftpd6_config} ${vsftpd6_flags}"
+
+vsftpd6_check()
+{
+	if grep -q "^ftp[ 	]" /etc/inetd.conf
+	then
+		err 1 "ftp is already activated in /etc/inetd.conf"
+	fi
+	if ! egrep -q -i -E "^listen_ipv6.*=.*YES$" ${vsftpd6_config}
+	then
+		err 1 'vsftpd6 script need "listen=YES" in config file'
+	fi
+	if ! egrep -q -i -E "^background.*=.*YES$" ${vsftpd6_config}
+	then
+		err 1 'vsftpd6 script need "background=YES" in config file'
+	fi
+}
+
+run_rc_command "$1"
diff --git a/ftp/vsftpd/pkg-plist b/ftp/vsftpd/pkg-plist
index 0f3c55c7d8ea..830b1c012748 100644
--- a/ftp/vsftpd/pkg-plist
+++ b/ftp/vsftpd/pkg-plist
@@ -1,11 +1,9 @@
 libexec/vsftpd
+libexec/vsftpd6
 man/man5/vsftpd.conf.5.gz
 man/man8/vsftpd.8.gz
-@preexec if ! pw groupshow ftp 2>/dev/null; then pw groupadd ftp -g 14; fi
-@preexec if ! pw usershow ftp 2>/dev/null; then pw useradd ftp -g ftp -u 14 -h - -d /var/ftp -s /nonexistent -c "Anonymous FTP"; fi
-@preunexec if diff -q %D/etc/vsftpd.conf %D/etc/vsftpd.conf.dist; then rm %D/etc/vsftpd.conf; fi
-etc/vsftpd.conf.dist
-@postexec if [ ! -f %B/vsftpd.conf ]; then cp %B/vsftpd.conf.dist %B/vsftpd.conf; fi
+@sample etc/vsftpd.conf.sample
+@sample etc/vsftpd6.conf.sample
 @postunexec rmdir /var/ftp 2>/dev/null || true
 @postexec if [ ! -d /var/ftp ]; then mkdir /var/ftp ; fi
 @dir %%DATADIR%%/empty