pure-ftpd compatible password hashes for ftp users

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/configfiles/bionic.xml

@@ -4333,6 +4333,26 @@ TLSVerifyClient                         off
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
 					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
+					<file name="/etc/pure-ftpd/conf/TLS"
+						chown="root:0" chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
 					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0"
 						chmod="0644">
 						<content><![CDATA[
@@ -4439,7 +4459,7 @@ MYSQLCrypt      any
 
 # Query to execute in order to fetch the password
 
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 
 
 # Query to execute in order to fetch the system user name or uid

lib/configfiles/bookworm.xml

@@ -2972,6 +2972,26 @@ TLSVerifyClient                         off
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
 					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
+					<file name="/etc/pure-ftpd/conf/TLS"
+						chown="root:0" chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
 					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0"
 						chmod="0644">
 						<content><![CDATA[
@@ -3078,7 +3098,7 @@ MYSQLCrypt      any
 
 # Query to execute in order to fetch the password
 
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 
 
 # Query to execute in order to fetch the system user name or uid

lib/configfiles/bullseye.xml

@@ -4544,6 +4544,26 @@ TLSVerifyClient                         off
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
 					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
+					<file name="/etc/pure-ftpd/conf/TLS"
+						chown="root:0" chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
 					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0"
 						chmod="0644">
 						<content><![CDATA[
@@ -4650,7 +4670,7 @@ MYSQLCrypt      any
 
 # Query to execute in order to fetch the password
 
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 
 
 # Query to execute in order to fetch the system user name or uid

lib/configfiles/buster.xml

@@ -4535,6 +4535,26 @@ TLSVerifyClient                         off
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
 					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
+					<file name="/etc/pure-ftpd/conf/TLS"
+						chown="root:0" chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
 					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0"
 						chmod="0644">
 						<content><![CDATA[
@@ -4641,7 +4661,7 @@ MYSQLCrypt      any
 
 # Query to execute in order to fetch the password
 
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 
 
 # Query to execute in order to fetch the system user name or uid

lib/configfiles/focal.xml

@@ -3750,6 +3750,26 @@ TLSVerifyClient                         off
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
 					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
+					<file name="/etc/pure-ftpd/conf/TLS"
+						chown="root:0" chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
 					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0"
 						chmod="0644">
 						<content><![CDATA[
@@ -3856,7 +3876,7 @@ MYSQLCrypt      any
 
 # Query to execute in order to fetch the password
 
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 
 
 # Query to execute in order to fetch the system user name or uid

lib/configfiles/gentoo.xml

@@ -3525,6 +3525,19 @@ UseReverseDNS off
 				<daemon name="pureftpd" title="PureFTPd">
 					<command><![CDATA[echo "net-ftp/pure-ftpd mysql" >> /etc/portage/package.use/froxlor]]></command>
 					<install><![CDATA[emerge net-ftp/pure-ftpd]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
 					<file name="/etc/conf.d/pure-ftpd" chown="root:0" chmod="0644"
 						backup="true">
 						<content><![CDATA[
@@ -3550,7 +3563,7 @@ DISK_FULL="-k 90%"
 AUTH="-l mysql:/etc/pureftpd-mysql.conf"
 
 ## Misc. Others ##
-MISC_OTHER="-A -x -j -Z"
+MISC_OTHER="-A -x -j -Z -Y 1"
 ]]>
 						</content>
 					</file>
@@ -3563,8 +3576,8 @@ MYSQLSocket     /var/run/mysqld/mysqld.sock
 MYSQLUser       <SQL_UNPRIVILEGED_USER>
 MYSQLPassword   <SQL_UNPRIVILEGED_PASSWORD>
 MYSQLDatabase   <SQL_DB>
-MYSQLCrypt      Crypt
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLCrypt      any
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 MYSQLGetUID     SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y"
 MYSQLGetGID     SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y"
 MYSQLGetDir     SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"

lib/configfiles/jammy.xml

@@ -3750,6 +3750,26 @@ TLSVerifyClient                         off
 				<!-- Pureftpd -->
 				<daemon name="pureftpd" title="PureFTPd">
 					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/create-cert.sh" chown="root:0"
+						chmod="0700">
+						<content><![CDATA[#!/bin/bash
+[ -f /etc/ssl/private/pure-ftpd.pem ] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072
+chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem
+]]>
+						</content>
+					</file>
+					<commands index="1">
+						<command><![CDATA[/etc/pure-ftpd/create-cert.sh]]></command>
+						<command><![CDATA[rm -f /etc/pure-ftpd/create-cert.sh]]></command>
+					</commands>
+					<file name="/etc/pure-ftpd/conf/TLS"
+						chown="root:0" chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
 					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0"
 						chmod="0644">
 						<content><![CDATA[
@@ -3856,7 +3876,7 @@ MYSQLCrypt      any
 
 # Query to execute in order to fetch the password
 
-MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetPW      SELECT password_compat FROM ftp_users WHERE username="\L" AND login_enabled="y"
 
 
 # Query to execute in order to fetch the system user name or uid