#!/bin/sh
#
# This file is part of OpenMediaVault.
#
# @license   http://www.gnu.org/licenses/gpl.html GPL Version 3
# @author    Volker Theile <volker.theile@openmediavault.org>
# @copyright Copyright (c) 2009-2012 Volker Theile
#
# OpenMediaVault is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# OpenMediaVault is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with OpenMediaVault. If not, see <http://www.gnu.org/licenses/>.

# Documentation/Howto:
# http://wiki.ubuntuusers.de/ProFTPD
# http://www.proftpd.de/HowTo-Server-Config.42.0.html
# http://wiki.ubuntu-forum.de/index.php/ProFTPd

set -e

. /etc/default/openmediavault
. /usr/share/openmediavault/scripts/helper-functions

OMV_PROFTPD_MODTLS_CONFIG=${OMV_PROFTPD_MODTLS_CONFIG:-"/etc/proftpd/tls.conf"}
OMV_PROFTPD_MODTLS_TLSLOG=${OMV_PROFTPD_MODTLS_TLSLOG:-"/var/log/proftpd/tls.log"}
OMV_PROFTPD_MODTLS_TLSPROTOCOL=${OMV_PROFTPD_MODTLS_TLSPROTOCOL:-"SSLv23"}
OMV_PROFTPD_MODTLS_TLSVERIFYCLIENT=${OMV_PROFTPD_MODTLS_TLSVERIFYCLIENT:-"off"}
OMV_PROFTPD_MODTLS_TLSRENEGOTIATE=${OMV_PROFTPD_MODTLS_TLSRENEGOTIATE:-"required off"}

# Create SSL/TLS certificates and configuration file
# Create a SSL certificate:
# openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key
xmlstarlet sel -t -m "//services/ftp/modules/mod_tls" \
  -o "&lt;IfModule mod_tls.c&gt;" -n \
  -i "enable[. = '0']" -o "  TLSEngine off" -n -b \
  -i "enable[. = '1']" -o "  TLSEngine on" -n -b \
  -o "  TLSLog ${OMV_PROFTPD_MODTLS_TLSLOG}" -n \
  -o "  TLSProtocol ${OMV_PROFTPD_MODTLS_TLSPROTOCOL}" -n \
  -i "nocertrequest[. = '1'] | nosessionreuserequired[. = '1'] | useimplicitssl[. = '1']" \
	  -o "  TLSOptions " \
	  -i "nocertrequest[. = '1']" -o "NoCertRequest " -b \
	  -i "nosessionreuserequired[. = '1']" -o "NoSessionReuseRequired " -b \
	  -i "useimplicitssl[. = '1']" -o "UseImplicitSSL " -b \
	  -n \
  -b \
  -v "concat('  TLSRSACertificateFile ${OMV_CERTIFICATE_DIR}/certs/',sslcertificateref,'.crt')" -n \
  -v "concat('  TLSRSACertificateKeyFile ${OMV_CERTIFICATE_DIR}/private/',sslcertificateref,'.key')" -n \
  -o "  TLSVerifyClient ${OMV_PROFTPD_MODTLS_TLSVERIFYCLIENT}" -n \
  -o "  TLSRenegotiate ${OMV_PROFTPD_MODTLS_TLSRENEGOTIATE}" -n \
  -i "required[. = '0']" -o "  TLSRequired off" -n -b \
  -i "required[. = '1']" -o "  TLSRequired on" -n -b \
  -i "string-length(extraoptions) > 0" -v extraoptions -n -b \
  -o "&lt;/ifModule&gt;" \
  ${OMV_CONFIG_FILE} | xmlstarlet unesc > ${OMV_PROFTPD_MODTLS_CONFIG}
