2 * Part of Very Secure FTPd
11 int tunable_anonymous_enable
;
12 int tunable_local_enable
;
13 int tunable_pasv_enable
;
14 int tunable_port_enable
;
15 int tunable_chroot_local_user
;
16 int tunable_write_enable
;
17 int tunable_anon_upload_enable
;
18 int tunable_anon_mkdir_write_enable
;
19 int tunable_anon_other_write_enable
;
20 int tunable_chown_uploads
;
21 int tunable_connect_from_port_20
;
22 int tunable_xferlog_enable
;
23 int tunable_dirmessage_enable
;
24 int tunable_anon_world_readable_only
;
25 int tunable_async_abor_enable
;
26 int tunable_ascii_upload_enable
;
27 int tunable_ascii_download_enable
;
28 int tunable_one_process_model
;
29 int tunable_xferlog_std_format
;
30 int tunable_pasv_promiscuous
;
31 int tunable_deny_email_enable
;
32 int tunable_chroot_list_enable
;
33 int tunable_setproctitle_enable
;
34 int tunable_text_userdb_names
;
35 int tunable_ls_recurse_enable
;
36 int tunable_log_ftp_protocol
;
37 int tunable_guest_enable
;
38 int tunable_userlist_enable
;
39 int tunable_userlist_deny
;
40 int tunable_use_localtime
;
41 int tunable_check_shell
;
44 int tunable_port_promiscuous
;
45 int tunable_passwd_chroot_enable
;
46 int tunable_no_anon_password
;
47 int tunable_tcp_wrappers
;
48 int tunable_use_sendfile
;
49 int tunable_force_dot_files
;
50 int tunable_listen_ipv6
;
51 int tunable_dual_log_enable
;
52 int tunable_syslog_enable
;
53 int tunable_background
;
54 int tunable_virtual_use_local_privs
;
55 int tunable_session_support
;
56 int tunable_download_enable
;
57 int tunable_dirlist_enable
;
58 int tunable_chmod_enable
;
59 int tunable_secure_email_list_enable
;
60 int tunable_run_as_launching_user
;
61 int tunable_no_log_lock
;
62 int tunable_ssl_enable
;
63 int tunable_allow_anon_ssl
;
64 int tunable_force_local_logins_ssl
;
65 int tunable_force_local_data_ssl
;
69 int tunable_tilde_user_enable
;
70 int tunable_force_anon_logins_ssl
;
71 int tunable_force_anon_data_ssl
;
72 int tunable_mdtm_write
;
73 int tunable_lock_upload_files
;
74 int tunable_pasv_addr_resolve
;
75 int tunable_debug_ssl
;
76 int tunable_require_cert
;
77 int tunable_validate_cert
;
78 int tunable_strict_ssl_read_eof
;
79 int tunable_strict_ssl_write_shutdown
;
80 int tunable_ssl_request_cert
;
81 int tunable_delete_failed_uploads
;
82 int tunable_implicit_ssl
;
84 int tunable_require_ssl_reuse
;
86 int tunable_isolate_network
;
87 int tunable_ftp_enable
;
88 int tunable_http_enable
;
90 unsigned int tunable_accept_timeout
;
91 unsigned int tunable_connect_timeout
;
92 unsigned int tunable_local_umask
;
93 unsigned int tunable_anon_umask
;
94 unsigned int tunable_ftp_data_port
;
95 unsigned int tunable_idle_session_timeout
;
96 unsigned int tunable_data_connection_timeout
;
97 unsigned int tunable_pasv_min_port
;
98 unsigned int tunable_pasv_max_port
;
99 unsigned int tunable_anon_max_rate
;
100 unsigned int tunable_local_max_rate
;
101 unsigned int tunable_listen_port
;
102 unsigned int tunable_max_clients
;
103 unsigned int tunable_file_open_mode
;
104 unsigned int tunable_max_per_ip
;
105 unsigned int tunable_trans_chunk_size
;
106 unsigned int tunable_delay_failed_login
;
107 unsigned int tunable_delay_successful_login
;
108 unsigned int tunable_max_login_fails
;
109 unsigned int tunable_chown_upload_mode
;
111 const char* tunable_secure_chroot_dir
;
112 const char* tunable_ftp_username
;
113 const char* tunable_chown_username
;
114 const char* tunable_xferlog_file
;
115 const char* tunable_vsftpd_log_file
;
116 const char* tunable_message_file
;
117 const char* tunable_nopriv_user
;
118 const char* tunable_ftpd_banner
;
119 const char* tunable_banned_email_file
;
120 const char* tunable_chroot_list_file
;
121 const char* tunable_pam_service_name
;
122 const char* tunable_guest_username
;
123 const char* tunable_userlist_file
;
124 const char* tunable_anon_root
;
125 const char* tunable_local_root
;
126 const char* tunable_banner_file
;
127 const char* tunable_pasv_address
;
128 const char* tunable_listen_address
;
129 const char* tunable_user_config_dir
;
130 const char* tunable_listen_address6
;
131 const char* tunable_cmds_allowed
;
132 const char* tunable_cmds_denied
;
133 const char* tunable_hide_file
;
134 const char* tunable_deny_file
;
135 const char* tunable_user_sub_token
;
136 const char* tunable_email_password_file
;
137 const char* tunable_rsa_cert_file
;
138 const char* tunable_dsa_cert_file
;
139 const char* tunable_ssl_ciphers
;
140 const char* tunable_rsa_private_key_file
;
141 const char* tunable_dsa_private_key_file
;
142 const char* tunable_ca_certs_file
;
144 static void install_str_setting(const char* p_value
, const char** p_storage
);
147 tunables_load_defaults()
149 tunable_anonymous_enable
= 1;
150 tunable_local_enable
= 0;
151 tunable_pasv_enable
= 1;
152 tunable_port_enable
= 1;
153 tunable_chroot_local_user
= 0;
154 tunable_write_enable
= 0;
155 tunable_anon_upload_enable
= 0;
156 tunable_anon_mkdir_write_enable
= 0;
157 tunable_anon_other_write_enable
= 0;
158 tunable_chown_uploads
= 0;
159 tunable_connect_from_port_20
= 0;
160 tunable_xferlog_enable
= 0;
161 tunable_dirmessage_enable
= 0;
162 tunable_anon_world_readable_only
= 1;
163 tunable_async_abor_enable
= 0;
164 tunable_ascii_upload_enable
= 0;
165 tunable_ascii_download_enable
= 0;
166 tunable_one_process_model
= 0;
167 tunable_xferlog_std_format
= 0;
168 tunable_pasv_promiscuous
= 0;
169 tunable_deny_email_enable
= 0;
170 tunable_chroot_list_enable
= 0;
171 tunable_setproctitle_enable
= 0;
172 tunable_text_userdb_names
= 0;
173 tunable_ls_recurse_enable
= 0;
174 tunable_log_ftp_protocol
= 0;
175 tunable_guest_enable
= 0;
176 tunable_userlist_enable
= 0;
177 tunable_userlist_deny
= 1;
178 tunable_use_localtime
= 0;
179 tunable_check_shell
= 1;
180 tunable_hide_ids
= 0;
182 tunable_port_promiscuous
= 0;
183 tunable_passwd_chroot_enable
= 0;
184 tunable_no_anon_password
= 0;
185 tunable_tcp_wrappers
= 0;
186 tunable_use_sendfile
= 1;
187 tunable_force_dot_files
= 0;
188 tunable_listen_ipv6
= 0;
189 tunable_dual_log_enable
= 0;
190 tunable_syslog_enable
= 0;
191 tunable_background
= 0;
192 tunable_virtual_use_local_privs
= 0;
193 tunable_session_support
= 0;
194 tunable_download_enable
= 1;
195 tunable_dirlist_enable
= 1;
196 tunable_chmod_enable
= 1;
197 tunable_secure_email_list_enable
= 0;
198 tunable_run_as_launching_user
= 0;
199 tunable_no_log_lock
= 0;
200 tunable_ssl_enable
= 0;
201 tunable_allow_anon_ssl
= 0;
202 tunable_force_local_logins_ssl
= 1;
203 tunable_force_local_data_ssl
= 1;
207 tunable_tilde_user_enable
= 0;
208 tunable_force_anon_logins_ssl
= 0;
209 tunable_force_anon_data_ssl
= 0;
210 tunable_mdtm_write
= 1;
211 tunable_lock_upload_files
= 1;
212 tunable_pasv_addr_resolve
= 0;
213 tunable_debug_ssl
= 0;
214 tunable_require_cert
= 0;
215 tunable_validate_cert
= 0;
216 tunable_strict_ssl_read_eof
= 0;
217 tunable_strict_ssl_write_shutdown
= 0;
218 tunable_ssl_request_cert
= 1;
219 tunable_delete_failed_uploads
= 0;
220 tunable_implicit_ssl
= 0;
222 tunable_require_ssl_reuse
= 1;
224 tunable_isolate_network
= 1;
225 tunable_ftp_enable
= 1;
226 tunable_http_enable
= 0;
228 tunable_accept_timeout
= 60;
229 tunable_connect_timeout
= 60;
230 tunable_local_umask
= 077;
231 tunable_anon_umask
= 077;
232 tunable_ftp_data_port
= 20;
233 tunable_idle_session_timeout
= 300;
234 tunable_data_connection_timeout
= 300;
235 /* IPPORT_USERRESERVED + 1 */
236 tunable_pasv_min_port
= 5001;
237 tunable_pasv_max_port
= 0;
238 tunable_anon_max_rate
= 0;
239 tunable_local_max_rate
= 0;
241 tunable_listen_port
= 21;
242 tunable_max_clients
= 2000;
244 tunable_file_open_mode
= 0666;
245 tunable_max_per_ip
= 50;
246 tunable_trans_chunk_size
= 0;
247 tunable_delay_failed_login
= 1;
248 tunable_delay_successful_login
= 0;
249 tunable_max_login_fails
= 3;
251 tunable_chown_upload_mode
= 0600;
253 install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir
);
254 install_str_setting("ftp", &tunable_ftp_username
);
255 install_str_setting("root", &tunable_chown_username
);
256 install_str_setting("/var/log/xferlog", &tunable_xferlog_file
);
257 install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file
);
258 install_str_setting(".message", &tunable_message_file
);
259 install_str_setting("nobody", &tunable_nopriv_user
);
260 install_str_setting(0, &tunable_ftpd_banner
);
261 install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file
);
262 install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file
);
263 install_str_setting("ftp", &tunable_pam_service_name
);
264 install_str_setting("ftp", &tunable_guest_username
);
265 install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file
);
266 install_str_setting(0, &tunable_anon_root
);
267 install_str_setting(0, &tunable_local_root
);
268 install_str_setting(0, &tunable_banner_file
);
269 install_str_setting(0, &tunable_pasv_address
);
270 install_str_setting(0, &tunable_listen_address
);
271 install_str_setting(0, &tunable_user_config_dir
);
272 install_str_setting(0, &tunable_listen_address6
);
273 install_str_setting(0, &tunable_cmds_allowed
);
274 install_str_setting(0, &tunable_cmds_denied
);
275 install_str_setting(0, &tunable_hide_file
);
276 install_str_setting(0, &tunable_deny_file
);
277 install_str_setting(0, &tunable_user_sub_token
);
278 install_str_setting("/etc/vsftpd.email_passwords",
279 &tunable_email_password_file
);
280 install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
281 &tunable_rsa_cert_file
);
282 install_str_setting(0, &tunable_dsa_cert_file
);
283 install_str_setting("DES-CBC3-SHA", &tunable_ssl_ciphers
);
284 install_str_setting(0, &tunable_rsa_private_key_file
);
285 install_str_setting(0, &tunable_dsa_private_key_file
);
286 install_str_setting(0, &tunable_ca_certs_file
);
290 install_str_setting(const char* p_value
, const char** p_storage
)
292 char* p_curr_val
= (char*) *p_storage
;
295 vsf_sysutil_free(p_curr_val
);
299 p_value
= vsf_sysutil_strdup(p_value
);
301 *p_storage
= p_value
;