+#!/bin/sh
+# postinst script for proftpd-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure|reconfigure)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# created: 2002-11-15 Bozo Juretic <bjuretic@srce.hr>
+# last update: 2007-05-14 Zoran Dzelajlija <zoran.dzelajlija@carnet.hr>
+# last update: 2007-10-27 Dinko Korunic <kreator@carnet.hr>
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+# Import CN toolsa
+. /usr/share/carnet-tools/functions.sh
+
+FTP_CONF=/etc/proftpd/proftpd.conf
+FTP_TMP=`mktemp /etc/proftpd/proftpd.conf.XXXXXX`
+FTP_OLD=/var/backups/proftpd.conf.bak
+SSL_CERT=/etc/ssl/certs/ftpd-rsa.pem
+SSL_KEY=/etc/ssl/certs/ftpd-rsa-key.pem
+
+# Backup stare konfiguracije
+cp_backup_conffile $FTP_CONF
+cp -p $FTP_CONF $FTP_TMP
+
+# Onemogucavanje Anonymous ftp pristupa
+disable_anonymous()
+{
+ if grep -qi "^<Anonymous" $FTP_TMP; then
+ echo "CN: Anonymous access has been disabled in $FTP_CONF."
+ # Brisanje Anonymous linija
+ sed -n -i -e '/<Anonymous /,/\/Anon/!p' $FTP_TMP
+ fi
+}
+
+# Popravi razne stvari u confu
+fix_conf()
+{
+ if [ -f $FTP_TMP ]; then
+ # Stare list opcije
+ sed -i -e 's/lsdefaultoptions/ListOptions/i' $FTP_TMP
+
+ # Stari tcpwin
+ sed -i -e "s/tcpreceivewindow/SocketOptions rcvbuf/i" \
+ -e "s/tcpsendwindow/SocketOptions sndbuf/i" $FTP_TMP
+
+ # Scoreboard
+ sed -i -e "s/\(scoreboardpath.*\)/#\n#ScoreboardPath is deprecated in 1.2.9, use ScoreboardFile instead\n#\1\n#\n#ScoreboardFile\t\/var\/run\/proftpd\/proftpd.scoreboard\n#/i" $FTP_TMP
+
+ # Ubaci pravi hostname
+ CARNET_HOSTNAME=`hostname`
+ CARNET_DOMAINNAME=`hostname --domain`
+ sed -i -e "s/^ServerName.*\"Debian\"/ServerName \"$CARNET_HOSTNAME.$CARNET_DOMAINNAME\"/i" $FTP_TMP
+
+ # Upali DelayEngine
+ sed -i -e 's/^#.*DelayEngine.*/DelayEngine on/i' $FTP_TMP
+
+ # Omoguci da bude standalone servis
+ sed -i -e 's/^\(ServerType.*\)inetd/\1standalone/' $FTP_TMP
+ update-inetd --disable ftp || true
+ db_set shared/proftpd/inetd_or_standalone "standalone"
+ db_go || true
+ db_stop
+ fi
+}
+
+# Dodaj TLS konfiguraciju ako je potrebna
+add_tls()
+{
+ if [ -f $FTP_TMP ]; then
+ cp-update proftpd-cn $FTP_TMP <<EOF
+<IfModule mod_tls.c>
+ TLSEngine on
+
+ # Are clients required to use FTP over TLS when talking to this server?
+ TLSRequired off
+
+ # Server's certificate
+ TLSRSACertificateFile $SSL_CERT
+ TLSRSACertificateKeyFile $SSL_KEY
+
+ # CA the server trusts
+ #TLSCACertificateFile /etc/ftpd/root.cert.pem
+
+ # Authenticate clients that want to use FTP over TLS?
+ TLSVerifyClient off
+
+ # Allow SSL/TLS renegotiations when the client requests them, but
+ # do not force the renegotations. Some clients do not support
+ # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+ # clients will close the data connection, or there will be a timeout
+ # on an idle data connection.
+ TLSRenegotiate required off
+</IfModule>
+EOF
+ fi
+}
+
+# include za slucaj da sistemac nije prihvatio izmjene od Debiana
+include_modules()
+{
+ if [ -f $FTP_TMP ] ; then
+ if ! egrep -qi "^[[:space:]]*Include.*/etc/proftpd/modules.conf" $FTP_TMP ; then
+ printf "#\n# Includes required DSO modules. This is mandatory in proftpd 1.3\n#\nInclude\t/etc/proftpd/modules.conf\n\n" >$FTP_TMP.tmp.$$
+ cat $FTP_TMP >>$FTP_TMP.tmp.$$
+ mv -f $FTP_TMP.tmp.$$ $FTP_TMP
+ fi
+ fi
+}
+
+# Generiranje SSL certifikata
+make_ssl_cert()
+{
+ if [ ! -f $SSL_CERT ] ; then
+ cd $(dirname $SSL_CERT)
+ echo "CN: Generating SSL certificate ... "
+ openssl req -new -x509 -days 365 -nodes -out $(basename $SSL_CERT) -keyout $(basename $SSL_KEY)
+ echo "CN: Self-signed SSL certificate generated in $SSL_CERT."
+ echo "CN: Please note that the certificate will expire in one year."
+ fi
+}
+
+# purge starog proftpd-common paketa bi napravio rusvaj
+defuse_old_postrm()
+{
+ if [ -f /var/lib/dpkg/info/proftpd-common.postrm ]; then
+ cp_check_and_sed '^[^#]*(update-rc.d|update-inetd|/var/run/proftpd)' \
+ '/update-rc.d/d; /update-inetd/d; /var\/run\/proftpd/d' \
+ /var/lib/dpkg/info/proftpd-common.postrm || true
+ fi
+}
+
+defuse_old_postrm
+disable_anonymous
+fix_conf
+add_tls
+include_modules
+make_ssl_cert
+
+if [ -z "$2" ]; then
+ echo "CN: Proftpd-cn is configured with disabled anonymous FTP access,"
+ echo "CN: for the security reasons."
+fi
+
+if ! cmp -s $FTP_TMP $FTP_CONF; then
+ echo "CN: Original configuration file is saved in $FTP_OLD."
+ cp_mv $FTP_TMP $FTP_CONF
+else
+ rm -f $FTP_TMP
+fi
+
+echo "CN: Restarting proftpd ..."
+
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d proftpd restart
+else
+ /etc/init.d/proftpd restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0