#!/bin/sh
echo "Don't forget to update this script with the change-log!
Press ENTER to start..."
read

NAME="proftpd"
VERSION="1.3.4a"
SOURCE="ftp://ftp.proftpd.org/distrib/source/proftpd-$VERSION.tar.gz"
CONFIGURE="--prefix=/usr/local --bindir=/usr/local/bin --sysconfdir=/usr/local/etc --libexecdir=/usr/local/libexec --localstatedir=/var/run --sbindir=/usr/local/sbin --disable-ident --enable-nls --enable-scoreboard-updates --enable-tunable-buffer-size --enable-autoshadow --enable-shadow --enable-openssl --enable-pcre --with-modules=mod_tls:mod_ifsession:mod_rewrite:mod_deflate:mod_copy:mod_load"

DATE=`date '+%Y/%m/%d'`
SCRIPT_NAME=$(basename $0)
cp $0 /tmp/
export CFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export CXXFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export LDFLAGS="-Wl,-O1"

echo "Downloading essential packages..."
tce-load -wi compiletc libiconv libiconv-dev gettext squashfs-tools-4.x openssl-1.0.0 openssl-1.0.0-dev zlib_base-dev pcre pcre-dev

cd /tmp/
wget $SOURCE
sudo rm -rf $NAME-$VERSION 2>/dev/null
sudo rm /tmp/$NAME.tcz /tmp/$NAME.tcz.list /tmp/$NAME.tcz.md5.txt /tmp/$NAME.tcz.dep 2>/dev/null
sudo rm -rf /tmp/$NAME 2>/dev/null
sudo rm /tmp/$NAME-doc.tcz /tmp/$NAME-doc.tcz.list /tmp/$NAME-doc.tcz.md5.txt /tmp/$NAME-doc.tcz.dep 2>/dev/null
sudo rm -rf /tmp/$NAME-doc 2>/dev/null
tar xvfz $NAME-$VERSION.tar.gz
cd $NAME-$VERSION

echo "
Starting ./configure $CONFIGURE"
./configure $CONFIGURE
echo "Press ENTER to continue...
"
read
make -j3
echo "
Starting make install to: /tmp/$NAME"
sudo make DESTDIR=/tmp/$NAME install

cd /tmp/$NAME

sudo find . | xargs file | grep "executable" | grep ELF | grep "not stripped" | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
sudo find . | xargs file | grep "shared object" | grep ELF | grep "not stripped" | cut -f 1 -d : | xargs strip -g 2> /dev/null

sudo rm /tmp/$NAME/usr/local/etc/proftpd.conf
sudo echo "##########
# Global #
##########

ServerName			\"proFTPd\"
ServerType			standalone		# Our proftpd will be a standalone daemon, which gives us speed and reliability. 
ServerIdent			on \"Welcome\"
DeferWelcome			on
DefaultServer			on			# If not switched on, won't answer calls from unknown destinations 
DisplayLogin			\"Logged in...\"		# Textfile to display on login
DisplayConnect			\"Connected...\"		# Textfile to display on connection

Port				21
PassivePorts			63300 63399
#DefaultAddress			<IP|FQDN>
#MasqueradeAddress		<IP|FQDN>			# Needed for proper passive mode if you are behind a NAT router
Umask				000
DefaultTransferMode binary
UseIPv6				off			# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseReverseDNS			off			# This will speed up the login process but makes log less readable.
#IdentLookups			off			# Check the users identity.
#MultilineRFC2228		on
ScoreboardFile 			/var/run/proftpd.scoreboard
PidFile				/var/run/proftpd.pid

# Set compression module
<IfModule mod_deflate.c>
	DeflateEngine on
	DeflateLog /var/log/proftpd/proftpd_deflate.log
</IfModule>

# Define 'local' class
<Class local>
	From 192.168.0.0/16
	From 127.0.0.1
	Satisfy any
</Class>

###################
# Traffic Shaping #
###################

<IfClass !local>
# Download Limit per clients in KB/s (zero value means unlimited) : free bytes (free means: you can download without transfer rate limiting)
TransferRate RETR 0:0
# Upload Limit per clients in KB/s (zero value means unlimited : free bytes (Append, Store, StoreUnique)
TransferRate APPE,STOR,STOU 0:0
</IfClass>

###############
# Performance #
###############

MaxInstances			20			# To prevent DoS attacks, set the maximum number of child processes.
MaxClientsPerHost		6			# Limits the connections per client machine. (\"Sorry, the maximum number clients (%m) from your host are already connected.\")
MaxClients			10			# Limits the number of users that can connect at the same time. (\"Sorry, the maximum number of allowed users are already connected (%m)\")
MaxHostsPerUser			10			# Limit the number of connections per userid. (How many different machines can use the same userid at the same time)
MaxLoginAttempts 		1			# Configures the maximum number of times a client may attempt to authenticate to the server during a given connection. After the number of attempts exceeds this value, the user is disconnected and an appropriate message is logged via the syslog mechanism.

TimeoutLogin			60			# The amount of time, in seconds, a user is allowed to spend authenticating to the FTP server.
TimeoutNoTransfer		1800			# The maximum number of seconds a client is allowed to stay connected after authentication without issuing a command.
TimeoutStalled			1800			# Set the maximum number of seconds a data connection is allowed to \"stall\" before being aborted. 
TimeoutIdle			1800			# The maximum number of seconds a client can remain connected without receiving any data on either the control or data connection.
TimeoutSession			0			# The maximum number of seconds a connection between the server and client can exist after the client has successfully authenticated.

SocketOptions sndbuf 16384 rcvbuf 16384			#proFTPd need to be compiled with '--enable-tunable-buffer-size' to use this option

AllowOverride			off			# Another way to speed up directory listings to disable proftpd's checking for .ftpaccess files in every directory encountered

AllowStoreRestart 		on			# Allow clients to resume uploads
AllowRetrieveRestart		on			# Allow clients to resume downloads

UseSendfile off						# Use of sendfile functionality avoids separate read and send operations, and buffer allocations. But on some platforms or within some filesystems, it is better to disable this feature to avoid operational problems.
UseEncoding on						# Enable use of UTF8 encoding and to not allow clients to change the use of UTF8

ScoreboardScrub off					# You can set: \"on\", \"off\" or you can specify an update interval in seconds (default is: 30s). You can use the ftpscrub command to update the scoreboard manually.

ListOptions +R strict				# Recursive directory listing is a server intensive task and normally not allowed. Uncomment this if you trust your clients.

# Reject connections to our busy server (mod_load)
MaxLoad 10.0 \"Server is busy, try again later!\"

############
# Security #
############

RootLogin			off
#User				nobody
#Group				nogroup

AllowForeignAddress on					# By enabling this directive, proftpd will allow clients to transmit foreign data connection addresses that do not match the client's address. This is needed for FXP, but will also allow the type of attack known as \"FTP bounce\" attack.

AuthUserFile			/usr/local/etc/proftpd.passwd
AuthGroupFile			/usr/local/etc/proftpd.group

RequireValidShell		off
PathDenyFilter			\"\\\\.ftp)|\\\\.ht)[a-z]+$\"
DefaultRoot			~
DenyFilter 			\*.*/

# Delay engine reduces impact of the so-called Timing Attack described in:
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
<IfModule mod_delay.c>
	DelayEngine off
</IfModule>

<IfModule mod_tls.c>
	TLSEngine off
	#TLSLog /var/log/proftpd_tls.log

	# Support both SSLv3 and TLSv1
	TLSProtocol SSLv3 TLSv1
	TLSOptions NoCertRequest

	# Are clients required to use FTP over TLS when talking to this server?
	TLSRequired off

	# Server's certificate
	#TLSRSACertificateFile /usr/local/etc/proftpd_server.cert.pem
	#TLSRSACertificateKeyFile /usr/local/etc/proftpd_server.key.pem
	# CA the server trusts
	#TLSCACertificateFile /usr/local/etc/proftpd_rootCA.cert.pem

	# Authenticate clients that want to use FTP over TLS?
	TLSVerifyClient off

	# Allow SSL/TLS renegotiations when the client requests them, but
	# do not force the renegotations.  Some clients do not support
	# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
	# clients will close the data connection, or there will be a timeout
	# on an idle data connection.
	TLSRenegotiate none
</IfModule>

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# Bar use of SITE COPY by default (The mod_copy module implements SITE CPFR and SITE CPTO commands (analogous to RNFR and RNTO), which can be used to copy files/directories from one place to another on the server without having to transfer the data to the client and back.)
<Limit SITE_COPY>
  AllowUser sitecopyexampleuser
  DenyAll
</Limit>

<Directory /mnt/*>
	AllowOverwrite		on
	HideNoAccess		on
	<Limit READ>
		AllowAll
    </Limit>
    <Limit WRITE>
    	DenyGroup	!readwrite
    </Limit>
</Directory>

###########
# Logging #
###########

# Some logging formats
LogFormat			default \"{%F %T}t - %a - %u - %r - %s - %b - %T\"
LogFormat			auth \"%{%F %T}t - %a - %u - %r (%s)\" 
LogFormat			write \"{%F %T}t - %a - %u - %r - %s - %b - %T\"

# Define log-files to use
ExtendedLog         		/var/log/proftpd_access.log    	WRITE,READ write
ExtendedLog          		/var/log/proftpd_auth.log      	AUTH auth
#ExtendedLog          		/var/log/proftpd_paranoid.log  	ALL default
#TransferLog          		/var/log/proftpd_xferlog

# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
SyslogLevel 			alert
SystemLog			/var/log/proftpd_alert.log
" > /tmp/proftpd.conf
sudo mv /tmp/proftpd.conf /tmp/$NAME/usr/local/etc/proftpd.conf

sudo mkdir -p /tmp/$NAME/usr/local/etc/init.d
sudo echo "#!/bin/sh

  # ProFTPD files
  FTPD_BIN=/usr/local/sbin/proftpd
  FTPD_CONF=/usr/local/etc/proftpd.conf
  PIDFILE=/var/run/proftpd.pid

  # If PIDFILE exists we use that PID, if doesn't we try to get the PID from ps|grep
  if [ -f \$PIDFILE ]; then
	pid=\`cat \$PIDFILE\`
  else
	pid=\`ps -ef|grep proftpd|egrep -vi 'grep|init\\.d'|sed -e 's/^[ \t]*//'|cut -d\" \" -f1\`
  fi

  if [ ! -x \$FTPD_BIN ]; then
    echo \"\$FTPD_BIN: cannot execute\"
    exit 1
  fi

  case \$1 in

start)
	if [ -n \"\$pid\" ]; then
		echo \" - proftpd is already running...\"
		exit
	fi
	if [ -r \$FTPD_CONF ]; then
		echo -n \" - Starting proftpd... \"
		echo \"\" >/var/log/proftpd_startup.log
		\$FTPD_BIN -c \$FTPD_CONF >>/var/log/proftpd_startup.log 2>>/var/log/proftpd_startup.log
	else
		echo \"Cannot start proftpd -- \$FTPD_CONF missing\"
	fi
	if [ \`ps|grep proftpd|egrep -vic 'grep|init\\.d'\` -eq 0 ]; then
		echo \"Failed to start\" 1>&2
		exit 1
	else
		echo \"OK\"
	fi
;;

stop)
	if [ -n \"\$pid\" ]; then
		echo -n \" - Stopping proftpd... \"
		kill -TERM \$pid 2>/dev/null
		sleep 1
		kill -KILL \$pid 2>/dev/null
		sleep 0.5
	else
		echo \" - proftpd is not running...\"
		exit 1
	fi
	sleep 0.5
	if [ \`ps|grep proftpd|egrep -vic 'grep|init\\.d'\` -eq 0 ]; then
		echo \"OK\"
	else
		echo \"Failed to stop\" 1>&2
		exit 1
	fi
;;

restart)
	\$0 stop
	\$0 start
;;

reload)
	if [ -n \"\$pid\" ]; then
		echo \"Reloading proftpd configuration\"
		kill -HUP \$pid 2>/dev/null
	else
		echo \" - proftpd is not running...\"
		\$0 start
	fi
;;

*)
	echo \"usage: \$0 {start|stop|restart|reload}\"
	exit 1
;;
esac
exit 0" > /tmp/proftpd-init
sudo chmod +x /tmp/proftpd-init
sudo mv /tmp/proftpd-init /tmp/$NAME/usr/local/etc/init.d/proftpd

sudo echo "#!/usr/bin/perl
# ---------------------------------------------------------------------------
# Copyright (C) 2000-2010 TJ Saunders <tj@castaglia.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
#
# Based on MacGuyver's genuser.pl script, this script generates password
# files suitable for use with proftpd's AuthUserFile directive, in passwd(5)
# format, or AuthGroupFile, in group(5) format.  The idea is somewhat similar
# to Apache's htpasswd program.
#
#  \$Id: ftpasswd,v 1.10.4.2 2010/05/27 17:50:50 castaglia Exp \$
#
# ---------------------------------------------------------------------------

use strict;

use File::Basename qw(basename);
use Getopt::Long;

# turn off auto abbreviation
\$Getopt::Long::auto_abbrev = 0;

my \$program = basename(\$0);
my \$default_passwd_file = \"./ftpd.passwd\";
my \$default_group_file = \"./ftpd.group\";
my \$shell_file = \"/etc/shells\";
my \$default_cracklib_dict = \"/usr/lib/cracklib_dict\";
my \$cracklib_dict;
my \$output_file;
my \$version = \"1.1.3\";

my @data;

my %opts = ();
GetOptions(\%opts,
  'change-password',
  'delete-group',
  'delete-user',
  'des',
  'enable-group-passwd',
  'file=s',
  'F|force',
  'gecos=s',
  'gid=n',
  'group',
  'hash',
  'h|help',
  'home=s',
  'md5',
  'm|member=s@',
  'name=s',
  'not-previous-password',
  'not-system-password',
  'passwd',
  'shell=s',
  'stdin',
  'uid=n',
  'use-cracklib:s',
  'version',
);

usage() if (defined(\$opts{'h'}));

version() if (defined(\$opts{'version'}));

# check if \"use-cracklib\" was given as an option, and whether a path
# to other dictionary files was given.
if (defined(\$opts{'use-cracklib'})) {

  # make sure that Crypt::Cracklib is installed before trying to use
  # it later
  eval { require Crypt::Cracklib };
  die \"\$program: --use-cracklib requires Crypt::Cracklib to be installed\n\" if \$@;

  if (\$opts{'use-cracklib'} ne \"\") {
    \$cracklib_dict = \$opts{'use-cracklib'};

  } else {
    \$cracklib_dict = \$default_cracklib_dict;
  }
}

# make sure that both passwd and group modes haven't been simultaneously
# requested

if ((exists(\$opts{'passwd'}) && exists(\$opts{'group'})) ||
    (exists(\$opts{'passwd'}) && exists(\$opts{'hash'})) ||
    (exists(\$opts{'group'}) && exists(\$opts{'hash'}))) {
  die \"\$program: please use *one*: --passwd, --group, or --hash\n\";

} elsif (defined(\$opts{'passwd'})) {

  # determine to which file to write the passwd entry
  if (defined(\$opts{'file'})) {
    \$output_file = \$opts{'file'}; 
    print STDOUT \"\$program: using alternate file: \$output_file\n\"

  } else {
    \$output_file = \$default_passwd_file;
  } 

  # make sure that the required arguments are present
  die \"\$program: --passwd: missing required argument: --name\n\"
    unless (defined(\$opts{'name'}));

  # check for and handle the --delete-user option.
  if (defined(\$opts{'delete-user'})) {

    # make sure we can write/update the file first
    unless (chmod 0644, \$output_file) {
      die \"\$program: unable to set permissions on \$output_file to 0644: \$!\n\";
    }

    open_output_file();

    my (\$pass, \$uid, \$gid, \$gecos, \$home, \$shell) = find_passwd_entry(name =>
      \$opts{'name'});

    handle_passwd_entry(name => \$opts{'name'}, uid => \$uid, gid => \$gid,
      gecos => \$gecos, home => \$home, shell => \$shell,
      delete_user => \$opts{'delete-user'});

    close_output_file();

    # done
    exit 0;
  }

  # now check for the --change-password option.  If present, lookup
  # the given name in the password file, and reuse all the information
  # except for the password
  if (defined(\$opts{'change-password'})) {
    open_output_file();

    my (\$pass, \$uid, \$gid, \$gecos, \$home, \$shell) = find_passwd_entry(name =>
      \$opts{'name'});

    handle_passwd_entry(name => \$opts{'name'}, uid => \$uid, gid => \$gid,
      gecos => \$gecos, home => \$home, shell => \$shell);

    close_output_file();

    # done
    exit 0;
  }

  # check for the --not-system-password option.  If present, make sure that
  # a) the script is running with root privs, and b) perl on the system is
  # such that getpwnam() will return the system password
  if (defined(\$opts{'not-system-password'})) {
    die \"\$program: must be user root for system password check\n\"
      unless (\$> == 0);
  }

  die \"\$program: --passwd: missing required argument: --home\n\"
    unless (defined(\$opts{'home'}));

  die \"\$program: --passwd: missing required argument: --shell\n\"
    unless (defined(\$opts{'shell'}));

  die \"\$program: --passwd: missing required argument: --uid\n\"
    unless (defined(\$opts{'uid'}));

  # As per Flying Hamster's suggestion, have \$opts{'gid'} default to --uid
  # if none are specified on the command-line via --gid
  unless (defined(\$opts{'gid'})) {
    \$opts{'gid'} = \$opts{'uid'};
    warn \"\$program: --passwd: missing --gid argument: default gid set to uid\n\";
  }

  open_output_file();

  handle_passwd_entry(name => \$opts{'name'}, uid => \$opts{'uid'},
    gid => \$opts{'gid'}, gecos => \$opts{'gecos'}, home => \$opts{'home'},
    shell => \$opts{'shell'}, delete_user => \$opts{'delete-user'});

  close_output_file();

  # NOTE: if this process is not running as root, then the file generated
  # is not owned by root.  Issue a warning reminding the user to make the
  # generated file mode 0400, owned by root, before using it.

} elsif (defined(\$opts{'group'})) {

  # determine to which file to write the group entry
  if (defined(\$opts{'file'})) {
    \$output_file = \$opts{'file'};
    print STDOUT \"\$program: using alternate file: \$output_file\n\";

  } else {
    \$output_file = \$default_group_file;
  }

  # check for and handle the --delete-group option.
  if (defined(\$opts{'delete-group'})) {

    # make sure we can write/update the file first
    unless (chmod 0644, \$output_file) {
      die \"\$program: unable to set permissions on \$output_file to 0644: \$!\n\";
    }

    open_output_file();

    handle_group_entry(name => \$opts{'name'},
      delete_group => \$opts{'delete-group'});

    close_output_file();

    # done
    exit 0;
  }

  # make sure the required options are present
  die \"\$program: --group: missing required argument: --gid\n\"
    unless (defined(\$opts{'gid'}));

  die \"\$program: --group: missing required argument: --name\n\"
    unless (defined(\$opts{'name'}));

  open_output_file();

  handle_group_entry(gid => \$opts{'gid'}, members => \$opts{'m'},
    name => \$opts{'name'}, delete_user => \$opts{'delete-user'},
    delete_group => \$opts{'delete-group'});

  close_output_file();

} elsif (defined(\$opts{'hash'})) {
  print STDOUT \"\$program: \", get_passwd(), \"\n\";

} else {
  die \"\$program: missing required --passwd or --group\n\$program: use \$program --help for details on usage\n\n\";
}

# done
exit 0;

# ----------------------------------------------------------------------------
sub check_shell {
  my %args = @_;

  my \$shell = \$args{'shell'};
  my \$result = 0;

  # check the given shell against the list in /etc/shells.  If not present
  # there, issue a message recognizing this, and suggesting that
  # RequireValidShell be set to off, and that any necessary PAM modules be
  # adjusted.

  unless (open(SHELLS, \"< \$shell_file\")) {
    warn \"\$program: unable to open \$shell_file: \$!\n\";
    warn \"\$program: skipping check of \$shell_file\n\";
    return;
  }

  while(my \$line = <SHELLS>) {
    chomp(\$line);

    if (\$line eq \$shell) {
      \$result = 1;
      last;
    } 
  }

  close(SHELLS);

  unless (\$result) {
    print STDOUT \"\n\$program: \$shell is not among the valid system shells.  Use of\n\";
    print STDOUT \"\$program: \\"RequireValidShell off\\" may be required, and the PAM\n\";
    print STDOUT \"\$program: module configuration may need to be adjusted.\n\n\";
  }

  return \$result;
}

# ----------------------------------------------------------------------------
sub close_output_file {
  my %args = @_;

  open(OUTPUT, \"> \$output_file\") or
    die \"\$program: unable to open \$output_file: \$!\n\";

  # flush the data to the file
  foreach my \$line (@data) {
    print OUTPUT \"\$line\n\";
  }

  # set the permissions appropriately, ie 0444, before closing the file
  chmod 0444, \$output_file;

  close(OUTPUT) or die \"\$program: unable to close \$output_file: \$!\n\";
}

# ----------------------------------------------------------------------------
sub find_passwd_entry {
  my %args = @_;

  my \$name = \$args{'name'};
  my (\$pass, \$uid, \$gid, \$gecos, \$home, \$shell);
  my \$found = 0;

  # given a name, find the corresponding entry in the passwd file
  foreach my \$line (@data) {
    next unless \$line =~ /^\$name:/;

    my @fields = split(':', \$line);

    \$pass = \$fields[1];
    \$uid = \$fields[2];
    \$gid = \$fields[3];
    \$gecos = \$fields[4];
    \$home = \$fields[5];
    \$shell = \$fields[6];

    \$found = 1;

    last;
  }

  unless (\$found) {
    print STDOUT \"\$program: error: no such user \$name in \$output_file\n\";
    exit 1;
  }

  return (\$pass, \$uid, \$gid, \$gecos, \$home, \$shell);
}

# ----------------------------------------------------------------------------
sub get_salt {
  my \$salt;

  # The determination of with encryption algorithm to use is done via
  # the salt.  The format and nature of the salt is how crypt(3) knows
  # how to do its thing.  By default, generate a salt that triggers MD5.

  if (defined(\$opts{'des'})) {

    # DES salt
    \$salt = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];

  } else {

    # MD5 salt
    \$salt = join '', (0..9, 'A'..'Z', 'a'..'z')
      [rand 62, rand 62, rand 62, rand 62, rand 62, rand 62, rand 62, rand 62];
    \$salt = '\$1\$' . \$salt;

  }

  return \$salt;
}

# ----------------------------------------------------------------------------
sub get_passwd {
  my %args = @_;
  my \$name = \$args{'name'};
  my (\$passwd, \$passwd2);

  # If using a DES salt, print an informative message about the 8 character
  # limit of relevant password characters.

  if (defined(\$opts{'des'}) && !defined(\$opts{'stdin'})) {
    print STDOUT \"\nPlease be aware that only the first 8 characters of a DES password are\nrelevant.  Use the --md5 option to select MD5 passwords, as they do not have\nthis limitation.\n\";
  }

  if (defined(\$opts{'stdin'})) {

    # simply read in the password from stdin, as from a script
    chomp(\$passwd = <STDIN>);

  } else {

    # prompt for the password to be used
    system \"stty -echo\";
    print STDOUT \"\nPassword: \";

    # open the tty for reading (is this portable?)
    open(TTY, \"/dev/tty\") or die \"\$program: unable to open /dev/tty: \$!\n\";
    chomp(\$passwd = <TTY>);
    print STDOUT \"\n\";
    system \"stty echo\";

    # prompt again, to make sure the user typed in the password correctly
    system \"stty -echo\";
    print STDOUT \"Re-type password: \";
    chomp(\$passwd2 = <TTY>);
    print STDOUT \"\n\n\";
    system \"stty echo\";
    close(TTY);

    if (\$passwd2 ne \$passwd) {
      print STDOUT \"Passwords do not match.  Please try again.\n\";
      return get_passwd(name => \$name);
    }
  }

  if (defined(\$name) && defined(\$opts{'change-password'})) {

    # retrieve the user's current password from the file and compare
    my (\$curpasswd, @junk) = find_passwd_entry(name => \$name);

    my \$hash = crypt(\$passwd, \$curpasswd);

    if (\$hash eq \$curpasswd) {

      if (defined(\$opts{'stdin'})) {

        # cannot prompt again if automated.  Simply print an error message
        # and exit.
        print STDOUT \"\$program: error: password matches current password\n\";
        exit 2;

      } else {
        print STDOUT \"Please use a password that is different from your current password.\n\";
        return get_passwd(name => \$name);
      }
    }
  }

  if (defined(\$name) && defined(\$opts{'not-previous-password'})) {
    # retrieve the user's current passwd and compare
    my (\$currpasswd) = find_passwd_entry(name => \$name);

    my \$hash = crypt(\$passwd, \$currpasswd);

    if ((\$hash && \$currpasswd) && \$hash eq \$currpasswd) {
      if (defined(\$opts{'stdin'})) {

        # cannot prompt again if automated.  Simply print an error message
        # and exit.
        print STDOUT \"\$program: error: password matches previous password\n\";
        exit 4;

      } else {
        print STDOUT \"Please use a password that is different from your previous password.\n\";
        return get_passwd(name => \$name);
      }
    }
  }

  if (defined(\$name) && defined(\$opts{'not-system-password'})) {

    # retrieve the user's system passwd (from /etc/shadow) and compare
    my \$syspasswd = get_syspasswd(user => \$name);

    my \$hash = crypt(\$passwd, \$syspasswd);

    if ((\$hash && \$syspasswd) && \$hash eq \$syspasswd) {

      if (defined(\$opts{'stdin'})) {

        # cannot prompt again if automated.  Simply print an error message
        # and exit.
        print STDOUT \"\$program: error: password matches system password\n\";
        exit 4;

      } else {
        print STDOUT \"Please use a password that is different from your system password.\n\";
        return get_passwd(name => \$name);
      }
    }
  }

  return \"\" if (\$args{'allow_blank'} and \$passwd eq \"\");

  # check for BAD passwords, BLANK passwords, etc, if requested
  if (defined(\$opts{'use-cracklib'})) {
    require Crypt::Cracklib;
    if (!Crypt::Cracklib::check(\$passwd, \$cracklib_dict)) {
      print STDOUT \"Bad password: \", Crypt::Cracklib::fascist_check(\$passwd,
        \$cracklib_dict), \"\n\";
      return get_passwd(name => \$name);
    }
  }

  my \$salt = get_salt();

  my \$hash = crypt(\$passwd, \$salt);

  # Check that the crypt() implementation properly supports use of the MD5
  # algorithm, if specified

  if (defined(\$opts{'md5'}) || !defined(\$opts{'des'})) {

    # if the first three characters of the hash are not \"\$1\$\", the crypt()
    # implementation doesn't support MD5.  Some crypt()s will happily use
    # \"\$1\" as a salt even though this is not a valid DES salt.  Humf.
    #
    # Perl doesn't treat strings as arrays of characters, so extracting the
    # first three characters is a little more convoluted (I'm accustomed to
    # C's strncmp(3) for this now).

    my @string = split('', \$hash);
    my \$prefix = \$string[0] . \$string[1] . \$string[2];

    if (\$prefix ne '\$1\$') { 
      print STDOUT \"You requested MD5 passwords but your system does not support it.  Defaulting to DES passwords.\n\n\";
    }
  }

  return \$hash;
}

# ----------------------------------------------------------------------------
sub get_syspasswd {
  my %args = @_;

  my \$user = \$args{'user'};

  # test the shadow password support on this system.  Some systems, such
  # as the BSDs, use \"transparent shadowing\", where the real passwd will
  # be returned via getpwnam() only if the process has root privs (effective
  # UID of zero).  That check has already been performed.  However, other
  # systems still may not return the password via getpwnam() (such as Linux).
  # These other systems use a shadow password library of functions, and require
  # other work to retrieve the password.  On these systems, the retrieved
  # password will be \"x\".

  my \$syspasswd = (getpwnam(\$user))[1];

  if (\$syspasswd eq \"\" || \$syspasswd eq \"x\")  {

    # do the retrieval the hard way: open up /etc/shadow and iterate
    # through each line.  Yuck.  *sigh*.  Thanks to Micah Anderson
    # for working out this issue.

    open(SHADOW, \"< /etc/shadow\") or
      die \"\$program: unable to access shadow file: \$!\n\";

    while (chomp(my \$line = <SHADOW>)) {
      next unless \$line =~ /^\$user/;
      \$syspasswd = (split(':', \$line))[1];
      last; 
    }
    close(SHADOW);

    # if the password is still \"x\", you have problems 
    if (\$syspasswd eq \"x\") {
      die \"\$program: unable to retrieve shadow password.\nContact your system
administrator.\n\";
    }
  } 

  return \$syspasswd;
}

# ----------------------------------------------------------------------------
sub handle_group_entry {
  my %args = @_;

  my \$gid = \$args{'gid'};
  my \$name = \$args{'name'};
  my \$delete_group = \$args{'delete_group'};
  my \$delete_user = \$args{'delete_user'};
  my \$passwd;

  my \$members = \"\";
  \$members = join(',', @{\$args{'members'}}) if (defined(\$args{'members'}));

  # check to see whether we should update the fields for this group (because
  # it already exists), or to create a new entry

  my \$found = 0;
  my \$index = 0;
  for (\$index = 0; \$index <= \$#data; \$index++) {
    my @entry = split(':', \$data[\$index]);

    if (\$name eq \$entry[0]) {
      \$found = 1;
      last;
    }
  }

  unless (\$found) {
    print STDOUT \"\$program: creating group entry for group \$name\n\";

  } else {
    print STDOUT \"\$program: updating group entry for group \$name\n\";
  }

  # if present, add the members given to the group.  If none, just leave that
  # field blank

  # prompt for the group password, if requested
  if (defined(\$opts{'enable-group-passwd'})) {
    \$passwd = get_passwd(name => \$name, allow_blank => 1);

  } else {
    \$passwd = \"x\";
  }

  # remove the entry to be updated
  splice(@data, \$index, 1);

  if (\$delete_group) {
    print STDOUT \"\$program: entry deleted\n\";
    return;
  }

  # format: \$name:\$passwd:\$gid:\$members
  push(@data, \"\$name:\$passwd:\$gid:\$members\");

  # always sort by GIDs before printing out the file
  @data = map { \$_->[0] }
          sort {
                \$a->[3] <=> \$b->[3]
               }
          map { [ \$_, (split /:/)[0, 1, 2, 3] ] }
          @data;

  if (\$delete_group) {
    print STDOUT \"\$program: entry deleted\n\";

  } elsif (\$found) {
    print STDOUT \"\$program: entry updated\n\";

  } else {
    print STDOUT \"\$program: entry created\n\";
  }
}

# ----------------------------------------------------------------------------
sub handle_passwd_entry {
  my %args = @_;

  my \$name = \$args{'name'};
  my \$uid = \$args{'uid'};
  my \$gid = \$args{'gid'};
  my \$gecos = \$args{'gecos'};
  my \$home = \$args{'home'};
  my \$shell = \$args{'shell'};
  my \$delete_user = \$args{'delete_user'};

  # Trim any trailing slashes in \$home.
  \$home =~ s/(.*)\/\$/\$1/ if (\$home =~ /\/\$/);

  # Make sure the given home directory is NOT a relative path (what a
  # horrible idea).
 
  unless (\$home =~ /^\//) {
    print STDOUT \"\$program: error: relative path given for home directory\n\";
    exit 8;
  }
  
  # check to see whether we should update the fields for this user (because
  # they already exist), or create a new entry

  my \$found = 0;
  my \$index = 0;
  for (\$index = 0; \$index <= \$#data; \$index++) {
    my @entry = split(':', \$data[\$index]);

    if (\$name eq \$entry[0]) {
      \$found = 1;
      last;
    }
  }

  unless (\$found) {
    print STDOUT \"\$program: creating passwd entry for user \$name\n\";

  } else {
    print STDOUT \"\$program: updating passwd entry for user \$name\n\";
  }

  my \$passwd;
  unless (\$delete_user) {
    # check the requested shell against the list in /etc/shells
    check_shell(shell => \$shell);

    # prompt the user for the password
    \$passwd = get_passwd(name => \$name);
  }

  # remove the entry to be updated
  splice(@data, \$index, 1);

  if (\$delete_user) {
    print STDOUT \"\$program: entry deleted\n\";
    return;
  }

  # format: \$name:\$passwd:\$uid:\$gid:\$gecos:\$home:\$shell
  push(@data, \"\$name:\$passwd:\$uid:\$gid:\$gecos:\$home:\$shell\");

  # always sort by UIDs before printing out the file
  @data = map { \$_->[0] }
          sort {
                \$a->[3] <=> \$b->[3]
               }
          map { [ \$_, (split /:/)[0, 1, 2, 3, 4, 5, 6] ] }
          @data;

  if (\$delete_user) {
    print STDOUT \"\$program: entry deleted\n\";

  } elsif (\$found) {
    print STDOUT \"\$program: entry updated\n\";

  } else {
    print STDOUT \"\$program: entry created\n\";
  }
}

# ----------------------------------------------------------------------------
sub open_output_file {
  my %args = @_;

  # open \$output_file, paying attention to the --force command-line option
  # If the file already exists, slurp up its contents for later updating.

  if (-f \$output_file) {
    open(INPUT, \"< \$output_file\") or
      die \"\$program: unable to open \$output_file: \$!\n\";
    chomp(@data = <INPUT>);
    close(INPUT);
  }

  # if the --force option was given, just zero out any data that might have
  # been read in, effectively erasing whatever contents there were.  A new
  # file is generated, anyway -- it's just a question of what data goes into
  # it

  @data = () if (defined(\$opts{'F'}));
}

# ----------------------------------------------------------------------------
sub usage {

	print STDOUT <<END_OF_USAGE;

usage: \$program [--help] [--hash|--group|--passwd]

  REQUIRED: --passwd, --group, or --hash.  These specify whether \$program is to
  operate on a passwd(5) format file, on a group(5) format file, or simply
  to generate a password hash, respectively.

  If used with --passwd, \$program creates a file in the passwd(5) format,
  suitable for use with proftpd's AuthUserFile configuration directive.
  You will be prompted for the password to use of the user, which will be
  encrypted, and written out as the encrypted string.  New entries are
  appended to the file by default.
 
  By default, using --passwd will write output to \"\$default_passwd_file\".

  Error exit values:

  To make it easier for wrapper scripts to interact with \$program, \$program
  will exit with the following error values for the reasons described:

    1       no such user
    2       password matches current password
    4       password matches system password
    8       relative path given for home directory

  Options:

    --file      Write output to specified file, rather than \"\$default_passwd_file\".

    -F          If the file to be used already exists, delete it and write a
    --force     new one.  By default, new entries will be appended to the file.

    --gecos     Descriptive string for the given user (usually the user's
                full name).

    --gid       Primary group ID for this user (optional, will default to
                given --uid value if absent).

    -h          Displays this message.
    --help

    --home      Home directory for the user (required).

    --des       Use the DES algorithm for encrypting passwords.  The default
                is the MD5 algorithm.

    --md5       Use the MD5 algorithm for encrypting passwords.  This is the
                default.

    --name      Name of the user account (required).  If the name does not
                exist in the specified output-file, an entry will be created
                for her.  Otherwise, the given fields will be updated.

    --shell     Shell for the user (required).  Recommended: /bin/false

    --uid       Numerical user ID (required)

    --change-password

                Update only the password field for a user.  This option
                requires that the --name and --passwd options be used, but
                no others.  This also double-checks the given password against
                the user's current password in the existing passwd file, and
                requests that a new password be given if the entered password
                is the same as the current password.

    --delete-user
 
                Remove the entry for the given user name from the file.

    --not-previous-password

                Double-checks the given password against the previous password
                for the user, and requests that a new password be given if
                the entered password is the same as the previous password.

    --not-system-password

                Double-checks the given password against the system password
                for the user, and requests that a new password be given if
                the entered password is the same as the system password.  This
                helps to enforce different passwords for different types of
                access.

    --stdin
                Read the password directly from standard in rather than
                prompting for it.  This is useful for writing scripts that
                automate use of \$program.

    --use-cracklib

                Causes \$program to use Alec Muffet's cracklib routines in
                order to determine and prevent the use of bad or weak
                passwords.  The optional path to this option specifies
                the path to the dictionary files to use -- default path
                is \"\$default_cracklib_dict\".  This requires the Perl
                Crypt::Cracklib module to be installed on your system.

    --version
                Displays the version of \$program.

  If used with --group, \$program creates a file in the group(5) format,
  suitable for use with proftpd's AuthGroupFile configuration directive.

  By default, using --group will write output to \"\$default_group_file\".

  Options:

    --delete-group

                Remove the entry for the given group name from the file.

    --enable-group-passwd

                Prompt for a group password.  This is disabled by default,
                as group passwords are not usually a good idea at all.

    --file      Write output to specified file, rather than \"\$default_group_file\".

    -F          If the file be used already exists, delete it and write a new
    --force     one.  By default, new entries will be appended to the file.

    --gid       Numerical group ID (required).

    -h
    --help      Displays this message.

    -m
    --member    User name to be a member of the group.  This argument may be
                used multiple times to specify the full list of users to be
                members of this group.

    --des       Use the DES algorithm for encrypting passwords.  The default
                is the MD5 algorithm.

    --md5       Use the MD5 algorithm for encrypting passwords.  This is the
                default.

    --name      Name of the group (required).  If the name does not exist in
                the specified output-file, an entry will be created for them.
                Otherwise, the given fields will be updated.

    --stdin
                Read the password directly from standard in rather than
                prompting for it.  This is useful for writing scripts that
                automate use of \$program.

    --use-cracklib

                Causes \$program to use Alec Muffet's cracklib routines in
                order to determine and prevent the use of bad or weak
                passwords.  The optional path to this option specifies
                the path to the dictionary files to use -- default path
                is \"\$default_cracklib_dict\".  This requires the Perl
                Crypt::Cracklib module to be installed on your system.

    --version
                Displays the version of \$program.

  If used with --hash, \$program generates a hash of a password, as would
  appear in an AuthUserFile.  The hash is written to standard out.
  This hash is suitable for use with proftpd's UserPassword directive.

  Options:

    --des       Use the DES algorithm for encrypting passwords.  The default
                is the MD5 algorithm.

    --md5       Use the MD5 algorithm for encrypting passwords.  This is the
                default.

    --stdin
                Read the password directly from standard in rather than
                prompting for it.  This is useful for writing scripts that
                automate use of \$program.

    --use-cracklib

                Causes \$program to use Alec Muffet's cracklib routines in
                order to determine and prevent the use of bad or weak
                passwords.  The optional path to this option specifies
                the path to the dictionary files to use -- default path
                is \"\$default_cracklib_dict\".  This requires the Perl
                Crypt::Cracklib module to be installed on your system.

    --version
                Displays the version of \$program.

END_OF_USAGE

  exit 0;
}

# ---------------------------------------------------------------------------
sub version {
  print STDOUT \"\$version\n\";

  exit 0;
}

# ---------------------------------------------------------------------------

" > /tmp/ftpasswd
sudo chmod +x /tmp/ftpasswd
sudo mv /tmp/ftpasswd /tmp/$NAME/usr/local/sbin/ftpasswd
sudo rm -rf /tmp/$NAME/var
sudo rm -rf /tmp/$NAME/usr/local/include
mkdir -p /tmp/$NAME-doc/usr/local/share
cd /tmp/$NAME/usr/local/share
sudo mv man /tmp/$NAME-doc/usr/local/share/

echo "Creating package..."
cd /tmp/
sudo mksquashfs $NAME $NAME.tcz
sudo md5sum $NAME.tcz > $NAME.tcz.md5.txt
cd $NAME
sudo find usr -not -type d > ../$NAME.tcz.list
cd /tmp/

SIZE="`du -k $NAME.tcz|cut -f1`k"
sudo echo "Title:          $NAME.tcz
Description:    proFTPd
Version:        $VERSION
Author:         The ProFTPD Project team
Original-site:  http://www.proftpd.org/
Copying-policy: GPL
Size:           $SIZE
Extension_by:   andriscom
Comments:       ProFTPd is a highly configurable GPL-licensed FTP server software (compiled with UTF-8 support).

                Built with CFLAGS: -march=i486 -mtune=i686 -Os -pipe
                Built with CXXFLAGS: -march=i486 -mtune=i686 -Os -pipe
                Built with LDFLAGS: -Wl,-O1
                Built with the following options:
                ./configure $CONFIGURE

                For man entries you can install the $NAME-doc.tcz package or visit:
                 http://linux.die.net/man/8/proftpd
                 http://linux.die.net/man/5/xferlog

                Some extra utils also come with this package:
                ftpcount, ftpdctl, ftptop, ftpwho, prxs, ftpasswd, ftpscrub, ftpshut

                The easiest way to start is to create virtual groups and users with ftpasswd:
                (You need perl for this script!)
                sudo ftpasswd --name readwrite --group --gid 1000 --file /etc/proftpd.group
                sudo ftpasswd --name readonly --group --gid 1001 --file /etc/proftpd.group
                sudo ftpasswd --name admin --passwd --home /mnt/ --shell /bin/false --uid 1000 --gid 1000 --file /etc/proftpd.passwd
                sudo ftpasswd --name user --passwd --home /mnt/ --shell /bin/false --uid 1001 --gid 1001 --file /etc/proftpd.passwd

                Change proftpd.conf if you want to use your real system users.
                In this case you don't need to use the ftpasswd perl script (and you don't need to install perl).

                If you would like to use FTPS (SSL/TLS) then:
                 Set TLSEngine on in /usr/local/etc/proftpd.conf.
                Generate server certificate and key:
                 sudo openssl req -new -x509 -days 1460 -nodes -out /usr/local/etc/proftpd_server.cert.pem -keyout /usr/local/etc/proftpd_server.key.pem
                Generate server root CA key and certificate:
                 sudo openssl genrsa -aes256 -out /usr/local/etc/proftpd_rootCA.key.pem -rand private/.rand 2048
                 sudo openssl req -new -x509 -days 365 -key /usr/local/etc/proftpd_rootCA.key.pem -out /usr/local/etc/proftpd_rootCA.cert.pem

                To control proFTPd:
                 sudo /usr/local/etc/init.d/proftpd [start|stop|restart]

                Use the: 'sudo proftpd -n -d 20' command to start in debug mode!
Source:         $SOURCE
Change-log:     2010/09/28 First version (1.3.3b)
                2010/10/16 Version: 1.3.3b - Added: CFLAGS, CXXFLAGS, LDFLAGS, mod_tls, mod_rewrite, IPv6 support, Shadow file handling, init.d script added
                2010/11/06 Version: 1.3.3c
                2011/07/06 Version: 1.3.3e - Added: mod_copy, mod_deflate
Current:        $DATE Version: $VERSION - Updated init.d script - Added: mod_deflate, mod_copy, mod_load, - Enabled: pcre
" > $NAME.tcz.info

sudo echo "libiconv.tcz
openssl-1.0.0.tcz
pcre.tcz
" > $NAME.tcz.dep

echo "Creating doc package..."
cd /tmp/
sudo mksquashfs $NAME-doc $NAME-doc.tcz
sudo md5sum $NAME-doc.tcz > $NAME-doc.tcz.md5.txt
cd $NAME-doc
sudo find usr -not -type d > ../$NAME-doc.tcz.list
cd /tmp/

SIZE="`du -k $NAME-doc.tcz|cut -f1`k"
sudo echo "Title:          $NAME-doc.tcz
Description:    proFTPd man pages
Version:        $VERSION
Author:         The ProFTPD Project team
Original-site:  http://www.proftpd.org/
Copying-policy: GPL
Size:           $SIZE
Extension_by:   andriscom
Comments:       Manual entry files for proFTPd $VERSION.
Source:         $SOURCE
Change-log:     2010/09/28 First version (1.3.3b)
                2010/11/06 Version: 1.3.3c
                2011/07/06 Version: 1.3.3e
Current:        $DATE Version: $VERSION
" > $NAME-doc.tcz.info

sudo echo "$NAME.tcz
" > $NAME-doc.tcz.dep

cd /tmp/
mkdir packages 2>/dev/null
sudo rm packages/$NAME.tar.gz 2>/dev/null
tar zcf packages/$NAME.tar.gz $NAME.tcz* $NAME-doc.tcz* $SCRIPT_NAME
echo "
Run bcrypt on /tmp/packages/*.tar.gz... give password: tinycore"
echo "Run the extension_audit.sh and reboot a clean system to try the packages!"
echo "Send it to: tcesubmit@gmail.com"