path: root/net/vsftpd/files/vsftpd.init

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org

START=50
USE_PROCD=1
BIN="/usr/sbin/vsftpd"

. /lib/functions.sh

PORT=21
OUTPUT_CONF="/var/etc/vsftpd.conf"
readonly DEFAULT_SECURE_CHROOT="/var/run/vsftpd"
readonly TEMP_OUTPUT_CONF="/var/etc/vsftpd.conf.tmp"

write_conf() {
	local key="$1"
	local value="$2"

	if [ -n "$key" ] && [ -n "$value" ]; then
		echo "$key=$value" >> "$TEMP_OUTPUT_CONF"
	fi
}

write_conf_bool() {
	local key="$1"
	local value="$2"

	if  [ "$value" = "1" ]; then
		write_conf "$key" "YES"
	else
		write_conf "$key" "NO"
	fi
}

validate_vsftpd_section() {
	uci_load_validate vsftpd global "$1" "$2" \
		'listen:bool:1' \
		'listen_ipv6:bool:0' \
		'listen_port:port' \
		'anonymous_enable:bool:0' \
		'anon_root:directory' \
		'local_enable:bool:1' \
		'local_root:directory' \
		'write_enable:bool:1' \
		'local_umask:uinteger:022' \
		'check_shell:bool:0' \
		'dirmessage_enable:bool:1' \
		'secure_chroot_dir:directory' \
		'ftpd_banner:string' \
		'session_support:bool:0' \
		'syslog_enable:bool' \
		'userlist_enable:bool' \
		'userlist_deny:bool' \
		'userlist_file:file' \
		'xferlog_enable:bool' \
		'xferlog_file:file' \
		'xferlog_std_format:bool' \
		'ssl_enable:bool' \
		'allow_anon_ssl:bool' \
		'force_local_data_ssl:bool' \
		'force_local_logins_ssl:bool' \
		'ssl_tlsv1:bool' \
		'ssl_sslv2:bool' \
		'ssl_sslv3:bool' \
		'rsa_cert_file:file' \
		'rsa_private_key_file:file'
}

setup_vsftpd() {
	local section="$1"
	local validation_result="$2"

	if [ "$validation_result" != "0" ]; then
		echo "Validation failed for section: $section"
		return 1
	fi

	# Clean up
	rm -rf "$TEMP_OUTPUT_CONF"  # Clear temporary file
	touch "$TEMP_OUTPUT_CONF"

	# always run in foreground
	write_conf_bool "background" "0"

	[ -n "$listen" ] && write_conf_bool "listen" "$listen"
	[ -n "$listen_ipv6" ] && write_conf_bool "listen_ipv6" "$listen_ipv6"
	[ -n "$anonymous_enable" ] && write_conf_bool "anonymous_enable" "$anonymous_enable"
	[ -n "$local_enable" ] && write_conf_bool "local_enable" "$local_enable"
	[ -n "$write_enable" ] && write_conf_bool "write_enable" "$write_enable"
	[ -n "$check_shell" ] && write_conf_bool "check_shell" "$check_shell"
	[ -n "$dirmessage_enable" ] && write_conf_bool "dirmessage_enable" "$dirmessage_enable"
	[ -n "$session_support" ] && write_conf_bool "session_support" "$session_support"
	[ -n "$syslog_enable" ] && write_conf_bool "syslog_enable" "$syslog_enable"
	[ -n "$userlist_enable" ] && write_conf_bool "userlist_enable" "$userlist_enable"
	[ -n "$userlist_deny" ] && write_conf_bool "userlist_deny" "$userlist_deny"
	[ -n "$xferlog_enable" ] && write_conf_bool "xferlog_enable" "$xferlog_enable"
	[ -n "$xferlog_std_format" ] && write_conf_bool "xferlog_std_format" "$xferlog_std_format"
	[ -n "$ssl_enable" ] && write_conf_bool "ssl_enable" "$ssl_enable"
	[ -n "$allow_anon_ssl" ] && write_conf_bool "allow_anon_ssl" "$allow_anon_ssl"
	[ -n "$force_local_data_ssl" ] && write_conf_bool "force_local_data_ssl" "$force_local_data_ssl"
	[ -n "$force_local_logins_ssl" ] && write_conf_bool "force_local_logins_ssl" "$force_local_logins_ssl"
	[ -n "$ssl_tlsv1" ] && write_conf_bool "ssl_tlsv1" "$ssl_tlsv1"
	[ -n "$ssl_sslv2" ] && write_conf_bool "ssl_sslv2" "$ssl_sslv2"
	[ -n "$ssl_sslv3" ] && write_conf_bool "ssl_sslv3" "$ssl_sslv3"

	[ -n "$anon_root" ] && write_conf "anon_root" "$anon_root"
	[ -n "$ftpd_banner" ] && write_conf "ftpd_banner" "$ftpd_banner"
	[ -n "$listen_port" ] && { write_conf "listen_port" "$listen_port"; PORT="$listen_port"; }
	[ -n "$local_umask" ] && write_conf "local_umask" "$local_umask"
	[ -n "$local_root" ] && write_conf "local_root" "$local_root"
	[ -n "$rsa_cert_file" ] && write_conf "rsa_cert_file" "$rsa_cert_file"
	[ -n "$rsa_private_key_file" ] && write_conf "rsa_private_key_file" "$rsa_private_key_file"
	[ -n "$userlist_file" ] && write_conf "userlist_file" "$userlist_file"
	[ -n "$xferlog_file" ] && write_conf "xferlog_file" "$xferlog_file"

	if [ -n "$secure_chroot_dir" ] && [ "$secure_chroot_dir" != "$DEFAULT_SECURE_CHROOT" ]; then
		# remove the DEFAULT_SECURE_CHROOT directory
		# it is not needed now
		rm -rf "$DEFAULT_SECURE_CHROOT"
		write_conf "secure_chroot_dir" "$secure_chroot_dir"
	fi

	# move temporary file to the main configuration file
	mv "$TEMP_OUTPUT_CONF" "$OUTPUT_CONF"
}

start_service() {
	local disabled mdns conf_file

	# Load UCI configuration for vsftpd
	config_load vsftpd

	# if disabled, just return
	config_get_bool disabled global disabled 0
	if [ "${disabled}" -eq 1 ]; then
		return
	fi

	# clean and create the default chroot directory
	rm -rf "$DEFAULT_SECURE_CHROOT"
	mkdir -m 0755 -p "$DEFAULT_SECURE_CHROOT"
	chown root:root "$DEFAULT_SECURE_CHROOT"

	config_get conf_file global conf_file ""
	if [ -n "$conf_file" ]; then 
		# use user defined conf file instead of UCI
		OUTPUT_CONF="$conf_file"
	else
		# Process the global configuration
		config_foreach validate_vsftpd_section global setup_vsftpd
	fi

	procd_open_instance "vsftpd"

	config_get_bool mdns global mdns 0
	[ "${mdns}" -eq 1 ] && procd_add_mdns "ftp" "tcp" "$PORT" "daemon=vsftpd"

	procd_set_param command "$BIN" "$OUTPUT_CONF"
	procd_set_param respawn
	procd_close_instance
}

service_triggers() {
	procd_add_reload_trigger "vsftpd"
	procd_add_validation validate_vsftpd_section
}