Bug#1041283: pure-ftpd-common: pure-ftpd-wrapper does not support setting TLS certificate/key file

[Anselm Lingnau]

Package: pure-ftpd-common
Version: 1.0.50-2.1
Severity: wishlist
Tags: patch

Hi –

It seems that Pure-Ftpd now has a command line option that lets the admin
configure the location of the TLS certificate/key file(s). This option,
however, is not supported by the pure-ftpd-wrapper script.

I'm enclosing a patch that adds support for the two settings mentioned
in the pure-ftpd.conf file (CertFile and CertFileAndKey). The "CertFile"
configuration file specifies a single file name, referring to a file that
contains the certificate and the corresponding private key, while the
"CertFileAndKey" configuration file specifies two file names on the same
line, separated by ":", ",", a space or a tab, giving the file containing
the certificate and that containing the key separately. (In both cases,
the certificate can actually be a bundle of certificates including any
required intermediate certificates.)

It would be great if this patch (or something else to the same effect)
could be made part of the official distribution.

-- System Information:
Debian Release: 12.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pure-ftpd-common depends on:
ii debconf [debconf-2.0] 1.5.82
ii libpam-modules 1.5.2-6
ii perl 5.36.0-7

Versions of packages pure-ftpd-common recommends:
pn pure-ftpd <none>

pure-ftpd-common suggests no packages.

--- pure-ftpd-wrapper.orig 2023-07-16 21:28:46.981044290 +0000
+++ pure-ftpd-wrapper 2023-07-16 21:36:46.454419036 +0000
@@ -65,6 +65,8 @@
'Bind' => ['-S %s', \&parse_string],
'BrokenClientsCompatibility' => ['-b'],
'CallUploadScript' => ['-o'],
+ 'CertFile' => ['-2 %s', \&parse_filename],
+ 'CertFileAndKey' => ['-2 %s,%s', \&parse_filename_2],
'ChrootEveryone' => ['-A'],
'CreateHomeDir' => ['-j'],
'CustomerProof' => ['-Z'],
@@ -240,6 +242,25 @@
return 1;
}

+sub parse_filename_2 {
+ my ($buf, $fmt, $val) = @_;
+
+ if ($val =~ /^(.*)[,:\s](.*)$/) {
+ unless (-f $1) {
+ $$buf = qq{"$1": No such file};
+ return;
+ }
+ unless (-f $2) {
+ $$buf = qq{"$2": No such file};
+ return;
+ }
+ $$buf = sprintf $fmt, $1, $2;
+ return 1
+ }
+
+ $$buf = qq{"$val": must be two file names separated by comma, colon, or space};
+}
+
sub parse_ip {
my ($buf, $fmt, $val) = @_;