1
by Daniel Jacobowitz
Import upstream version 1.0.0 |
1 |
/*
|
2 |
* Part of Very Secure FTPd
|
|
1.1.1
by LaMont Jones
Import upstream version 2.0.1 |
3 |
* Licence: GPL v2
|
1
by Daniel Jacobowitz
Import upstream version 1.0.0 |
4 |
* Author: Chris Evans
|
5 |
* tunables.c
|
|
6 |
*/
|
|
7 |
||
8 |
#include "tunables.h" |
|
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
9 |
#include "sysutil.h" |
10 |
||
11 |
int tunable_anonymous_enable; |
|
12 |
int tunable_local_enable; |
|
2.5.4
by Daniel Baumann
* Correcting email address in previous changelog. |
13 |
int tunable_utf8_filesystem; |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
14 |
int tunable_pasv_enable; |
15 |
int tunable_port_enable; |
|
16 |
int tunable_chroot_local_user; |
|
17 |
int tunable_write_enable; |
|
18 |
int tunable_anon_upload_enable; |
|
19 |
int tunable_anon_mkdir_write_enable; |
|
20 |
int tunable_anon_other_write_enable; |
|
21 |
int tunable_chown_uploads; |
|
22 |
int tunable_connect_from_port_20; |
|
23 |
int tunable_xferlog_enable; |
|
24 |
int tunable_dirmessage_enable; |
|
25 |
int tunable_anon_world_readable_only; |
|
26 |
int tunable_async_abor_enable; |
|
27 |
int tunable_ascii_upload_enable; |
|
28 |
int tunable_ascii_download_enable; |
|
29 |
int tunable_one_process_model; |
|
30 |
int tunable_xferlog_std_format; |
|
31 |
int tunable_pasv_promiscuous; |
|
32 |
int tunable_deny_email_enable; |
|
33 |
int tunable_chroot_list_enable; |
|
34 |
int tunable_setproctitle_enable; |
|
35 |
int tunable_text_userdb_names; |
|
36 |
int tunable_ls_recurse_enable; |
|
37 |
int tunable_log_ftp_protocol; |
|
38 |
int tunable_guest_enable; |
|
39 |
int tunable_userlist_enable; |
|
40 |
int tunable_userlist_deny; |
|
41 |
int tunable_use_localtime; |
|
42 |
int tunable_check_shell; |
|
43 |
int tunable_hide_ids; |
|
44 |
int tunable_listen; |
|
45 |
int tunable_port_promiscuous; |
|
46 |
int tunable_passwd_chroot_enable; |
|
47 |
int tunable_no_anon_password; |
|
48 |
int tunable_tcp_wrappers; |
|
49 |
int tunable_use_sendfile; |
|
50 |
int tunable_force_dot_files; |
|
51 |
int tunable_listen_ipv6; |
|
52 |
int tunable_dual_log_enable; |
|
53 |
int tunable_syslog_enable; |
|
54 |
int tunable_background; |
|
55 |
int tunable_virtual_use_local_privs; |
|
56 |
int tunable_session_support; |
|
57 |
int tunable_download_enable; |
|
58 |
int tunable_dirlist_enable; |
|
59 |
int tunable_chmod_enable; |
|
60 |
int tunable_secure_email_list_enable; |
|
61 |
int tunable_run_as_launching_user; |
|
62 |
int tunable_no_log_lock; |
|
63 |
int tunable_ssl_enable; |
|
64 |
int tunable_allow_anon_ssl; |
|
65 |
int tunable_force_local_logins_ssl; |
|
66 |
int tunable_force_local_data_ssl; |
|
67 |
int tunable_sslv2; |
|
68 |
int tunable_sslv3; |
|
69 |
int tunable_tlsv1; |
|
70 |
int tunable_tilde_user_enable; |
|
71 |
int tunable_force_anon_logins_ssl; |
|
72 |
int tunable_force_anon_data_ssl; |
|
73 |
int tunable_mdtm_write; |
|
74 |
int tunable_lock_upload_files; |
|
75 |
int tunable_pasv_addr_resolve; |
|
76 |
int tunable_debug_ssl; |
|
77 |
int tunable_require_cert; |
|
78 |
int tunable_validate_cert; |
|
79 |
int tunable_strict_ssl_read_eof; |
|
80 |
int tunable_strict_ssl_write_shutdown; |
|
81 |
int tunable_ssl_request_cert; |
|
82 |
int tunable_delete_failed_uploads; |
|
83 |
int tunable_implicit_ssl; |
|
84 |
int tunable_sandbox; |
|
85 |
int tunable_require_ssl_reuse; |
|
1.2.7
by Daniel Baumann
Import upstream version 2.1.2 |
86 |
int tunable_isolate; |
1.5.1
by Daniel Baumann
Import upstream version 2.2.0~pre1 |
87 |
int tunable_isolate_network; |
1.5.8
by Daniel Baumann
Import upstream version 2.3.0~pre1 |
88 |
int tunable_ftp_enable; |
89 |
int tunable_http_enable; |
|
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
90 |
|
91 |
unsigned int tunable_accept_timeout; |
|
92 |
unsigned int tunable_connect_timeout; |
|
93 |
unsigned int tunable_local_umask; |
|
94 |
unsigned int tunable_anon_umask; |
|
95 |
unsigned int tunable_ftp_data_port; |
|
96 |
unsigned int tunable_idle_session_timeout; |
|
97 |
unsigned int tunable_data_connection_timeout; |
|
98 |
unsigned int tunable_pasv_min_port; |
|
99 |
unsigned int tunable_pasv_max_port; |
|
100 |
unsigned int tunable_anon_max_rate; |
|
101 |
unsigned int tunable_local_max_rate; |
|
102 |
unsigned int tunable_listen_port; |
|
103 |
unsigned int tunable_max_clients; |
|
104 |
unsigned int tunable_file_open_mode; |
|
105 |
unsigned int tunable_max_per_ip; |
|
106 |
unsigned int tunable_trans_chunk_size; |
|
107 |
unsigned int tunable_delay_failed_login; |
|
108 |
unsigned int tunable_delay_successful_login; |
|
109 |
unsigned int tunable_max_login_fails; |
|
110 |
unsigned int tunable_chown_upload_mode; |
|
111 |
||
112 |
const char* tunable_secure_chroot_dir; |
|
113 |
const char* tunable_ftp_username; |
|
114 |
const char* tunable_chown_username; |
|
115 |
const char* tunable_xferlog_file; |
|
116 |
const char* tunable_vsftpd_log_file; |
|
117 |
const char* tunable_message_file; |
|
118 |
const char* tunable_nopriv_user; |
|
119 |
const char* tunable_ftpd_banner; |
|
120 |
const char* tunable_banned_email_file; |
|
121 |
const char* tunable_chroot_list_file; |
|
122 |
const char* tunable_pam_service_name; |
|
123 |
const char* tunable_guest_username; |
|
124 |
const char* tunable_userlist_file; |
|
125 |
const char* tunable_anon_root; |
|
126 |
const char* tunable_local_root; |
|
127 |
const char* tunable_banner_file; |
|
128 |
const char* tunable_pasv_address; |
|
129 |
const char* tunable_listen_address; |
|
130 |
const char* tunable_user_config_dir; |
|
131 |
const char* tunable_listen_address6; |
|
132 |
const char* tunable_cmds_allowed; |
|
133 |
const char* tunable_cmds_denied; |
|
134 |
const char* tunable_hide_file; |
|
135 |
const char* tunable_deny_file; |
|
136 |
const char* tunable_user_sub_token; |
|
137 |
const char* tunable_email_password_file; |
|
138 |
const char* tunable_rsa_cert_file; |
|
139 |
const char* tunable_dsa_cert_file; |
|
140 |
const char* tunable_ssl_ciphers; |
|
141 |
const char* tunable_rsa_private_key_file; |
|
142 |
const char* tunable_dsa_private_key_file; |
|
143 |
const char* tunable_ca_certs_file; |
|
144 |
||
145 |
static void install_str_setting(const char* p_value, const char** p_storage); |
|
146 |
||
147 |
void
|
|
148 |
tunables_load_defaults() |
|
149 |
{
|
|
150 |
tunable_anonymous_enable = 1; |
|
151 |
tunable_local_enable = 0; |
|
2.5.4
by Daniel Baumann
* Correcting email address in previous changelog. |
152 |
tunable_utf8_filesystem = 0; |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
153 |
tunable_pasv_enable = 1; |
154 |
tunable_port_enable = 1; |
|
155 |
tunable_chroot_local_user = 0; |
|
156 |
tunable_write_enable = 0; |
|
157 |
tunable_anon_upload_enable = 0; |
|
158 |
tunable_anon_mkdir_write_enable = 0; |
|
159 |
tunable_anon_other_write_enable = 0; |
|
160 |
tunable_chown_uploads = 0; |
|
161 |
tunable_connect_from_port_20 = 0; |
|
162 |
tunable_xferlog_enable = 0; |
|
163 |
tunable_dirmessage_enable = 0; |
|
164 |
tunable_anon_world_readable_only = 1; |
|
165 |
tunable_async_abor_enable = 0; |
|
166 |
tunable_ascii_upload_enable = 0; |
|
167 |
tunable_ascii_download_enable = 0; |
|
168 |
tunable_one_process_model = 0; |
|
169 |
tunable_xferlog_std_format = 0; |
|
170 |
tunable_pasv_promiscuous = 0; |
|
171 |
tunable_deny_email_enable = 0; |
|
172 |
tunable_chroot_list_enable = 0; |
|
173 |
tunable_setproctitle_enable = 0; |
|
174 |
tunable_text_userdb_names = 0; |
|
175 |
tunable_ls_recurse_enable = 0; |
|
176 |
tunable_log_ftp_protocol = 0; |
|
177 |
tunable_guest_enable = 0; |
|
178 |
tunable_userlist_enable = 0; |
|
179 |
tunable_userlist_deny = 1; |
|
180 |
tunable_use_localtime = 0; |
|
181 |
tunable_check_shell = 1; |
|
182 |
tunable_hide_ids = 0; |
|
1.5.3
by Daniel Baumann
Import upstream version 2.2.0~pre4 |
183 |
tunable_listen = 0; |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
184 |
tunable_port_promiscuous = 0; |
185 |
tunable_passwd_chroot_enable = 0; |
|
186 |
tunable_no_anon_password = 0; |
|
187 |
tunable_tcp_wrappers = 0; |
|
188 |
tunable_use_sendfile = 1; |
|
189 |
tunable_force_dot_files = 0; |
|
190 |
tunable_listen_ipv6 = 0; |
|
191 |
tunable_dual_log_enable = 0; |
|
192 |
tunable_syslog_enable = 0; |
|
193 |
tunable_background = 0; |
|
194 |
tunable_virtual_use_local_privs = 0; |
|
195 |
tunable_session_support = 0; |
|
196 |
tunable_download_enable = 1; |
|
197 |
tunable_dirlist_enable = 1; |
|
198 |
tunable_chmod_enable = 1; |
|
199 |
tunable_secure_email_list_enable = 0; |
|
200 |
tunable_run_as_launching_user = 0; |
|
201 |
tunable_no_log_lock = 0; |
|
202 |
tunable_ssl_enable = 0; |
|
203 |
tunable_allow_anon_ssl = 0; |
|
204 |
tunable_force_local_logins_ssl = 1; |
|
205 |
tunable_force_local_data_ssl = 1; |
|
206 |
tunable_sslv2 = 0; |
|
207 |
tunable_sslv3 = 0; |
|
208 |
tunable_tlsv1 = 1; |
|
209 |
tunable_tilde_user_enable = 0; |
|
210 |
tunable_force_anon_logins_ssl = 0; |
|
211 |
tunable_force_anon_data_ssl = 0; |
|
212 |
tunable_mdtm_write = 1; |
|
213 |
tunable_lock_upload_files = 1; |
|
214 |
tunable_pasv_addr_resolve = 0; |
|
215 |
tunable_debug_ssl = 0; |
|
216 |
tunable_require_cert = 0; |
|
217 |
tunable_validate_cert = 0; |
|
218 |
tunable_strict_ssl_read_eof = 0; |
|
219 |
tunable_strict_ssl_write_shutdown = 0; |
|
220 |
tunable_ssl_request_cert = 1; |
|
221 |
tunable_delete_failed_uploads = 0; |
|
222 |
tunable_implicit_ssl = 0; |
|
223 |
tunable_sandbox = 0; |
|
224 |
tunable_require_ssl_reuse = 1; |
|
1.2.7
by Daniel Baumann
Import upstream version 2.1.2 |
225 |
tunable_isolate = 1; |
1.5.1
by Daniel Baumann
Import upstream version 2.2.0~pre1 |
226 |
tunable_isolate_network = 1; |
1.5.8
by Daniel Baumann
Import upstream version 2.3.0~pre1 |
227 |
tunable_ftp_enable = 1; |
228 |
tunable_http_enable = 0; |
|
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
229 |
|
230 |
tunable_accept_timeout = 60; |
|
231 |
tunable_connect_timeout = 60; |
|
232 |
tunable_local_umask = 077; |
|
233 |
tunable_anon_umask = 077; |
|
234 |
tunable_ftp_data_port = 20; |
|
235 |
tunable_idle_session_timeout = 300; |
|
236 |
tunable_data_connection_timeout = 300; |
|
237 |
/* IPPORT_USERRESERVED + 1 */
|
|
238 |
tunable_pasv_min_port = 5001; |
|
239 |
tunable_pasv_max_port = 0; |
|
240 |
tunable_anon_max_rate = 0; |
|
241 |
tunable_local_max_rate = 0; |
|
242 |
/* IPPORT_FTP */
|
|
243 |
tunable_listen_port = 21; |
|
1.5.3
by Daniel Baumann
Import upstream version 2.2.0~pre4 |
244 |
tunable_max_clients = 2000; |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
245 |
/* -rw-rw-rw- */
|
246 |
tunable_file_open_mode = 0666; |
|
1.5.3
by Daniel Baumann
Import upstream version 2.2.0~pre4 |
247 |
tunable_max_per_ip = 50; |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
248 |
tunable_trans_chunk_size = 0; |
249 |
tunable_delay_failed_login = 1; |
|
250 |
tunable_delay_successful_login = 0; |
|
251 |
tunable_max_login_fails = 3; |
|
252 |
/* -rw------- */
|
|
253 |
tunable_chown_upload_mode = 0600; |
|
254 |
||
2.5.4
by Daniel Baumann
* Correcting email address in previous changelog. |
255 |
install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir); |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
256 |
install_str_setting("ftp", &tunable_ftp_username); |
257 |
install_str_setting("root", &tunable_chown_username); |
|
258 |
install_str_setting("/var/log/xferlog", &tunable_xferlog_file); |
|
259 |
install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file); |
|
260 |
install_str_setting(".message", &tunable_message_file); |
|
261 |
install_str_setting("nobody", &tunable_nopriv_user); |
|
262 |
install_str_setting(0, &tunable_ftpd_banner); |
|
263 |
install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file); |
|
264 |
install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file); |
|
2.5.4
by Daniel Baumann
* Correcting email address in previous changelog. |
265 |
install_str_setting("vsftpd", &tunable_pam_service_name); |
1.2.6
by Daniel Baumann
Import upstream version 2.1.1~pre1 |
266 |
install_str_setting("ftp", &tunable_guest_username); |
267 |
install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file); |
|
268 |
install_str_setting(0, &tunable_anon_root); |
|
269 |
install_str_setting(0, &tunable_local_root); |
|
270 |
install_str_setting(0, &tunable_banner_file); |
|
271 |
install_str_setting(0, &tunable_pasv_address); |
|
272 |
install_str_setting(0, &tunable_listen_address); |
|
273 |
install_str_setting(0, &tunable_user_config_dir); |
|
274 |
install_str_setting(0, &tunable_listen_address6); |
|
275 |
install_str_setting(0, &tunable_cmds_allowed); |
|
276 |
install_str_setting(0, &tunable_cmds_denied); |
|
277 |
install_str_setting(0, &tunable_hide_file); |
|
278 |
install_str_setting(0, &tunable_deny_file); |
|
279 |
install_str_setting(0, &tunable_user_sub_token); |
|
280 |
install_str_setting("/etc/vsftpd.email_passwords", |
|
281 |
&tunable_email_password_file); |
|
282 |
install_str_setting("/usr/share/ssl/certs/vsftpd.pem", |
|
283 |
&tunable_rsa_cert_file); |
|
284 |
install_str_setting(0, &tunable_dsa_cert_file); |
|
285 |
install_str_setting("DES-CBC3-SHA", &tunable_ssl_ciphers); |
|
286 |
install_str_setting(0, &tunable_rsa_private_key_file); |
|
287 |
install_str_setting(0, &tunable_dsa_private_key_file); |
|
288 |
install_str_setting(0, &tunable_ca_certs_file); |
|
289 |
}
|
|
290 |
||
291 |
void
|
|
292 |
install_str_setting(const char* p_value, const char** p_storage) |
|
293 |
{
|
|
294 |
char* p_curr_val = (char*) *p_storage; |
|
295 |
if (p_curr_val != 0) |
|
296 |
{
|
|
297 |
vsf_sysutil_free(p_curr_val); |
|
298 |
}
|
|
299 |
if (p_value != 0) |
|
300 |
{
|
|
301 |
p_value = vsf_sysutil_strdup(p_value); |
|
302 |
}
|
|
303 |
*p_storage = p_value; |
|
304 |
}
|