2 * Part of Very Secure FTPd
11 int tunable_anonymous_enable
;
12 int tunable_local_enable
;
13 int tunable_pasv_enable
;
14 int tunable_port_enable
;
15 int tunable_chroot_local_user
;
16 int tunable_write_enable
;
17 int tunable_anon_upload_enable
;
18 int tunable_anon_mkdir_write_enable
;
19 int tunable_anon_other_write_enable
;
20 int tunable_chown_uploads
;
21 int tunable_connect_from_port_20
;
22 int tunable_xferlog_enable
;
23 int tunable_dirmessage_enable
;
24 int tunable_anon_world_readable_only
;
25 int tunable_async_abor_enable
;
26 int tunable_ascii_upload_enable
;
27 int tunable_ascii_download_enable
;
28 int tunable_one_process_model
;
29 int tunable_xferlog_std_format
;
30 int tunable_pasv_promiscuous
;
31 int tunable_deny_email_enable
;
32 int tunable_chroot_list_enable
;
33 int tunable_setproctitle_enable
;
34 int tunable_text_userdb_names
;
35 int tunable_ls_recurse_enable
;
36 int tunable_log_ftp_protocol
;
37 int tunable_guest_enable
;
38 int tunable_userlist_enable
;
39 int tunable_userlist_deny
;
40 int tunable_use_localtime
;
41 int tunable_check_shell
;
44 int tunable_port_promiscuous
;
45 int tunable_passwd_chroot_enable
;
46 int tunable_no_anon_password
;
47 int tunable_tcp_wrappers
;
48 int tunable_use_sendfile
;
49 int tunable_force_dot_files
;
50 int tunable_listen_ipv6
;
51 int tunable_dual_log_enable
;
52 int tunable_syslog_enable
;
53 int tunable_background
;
54 int tunable_virtual_use_local_privs
;
55 int tunable_session_support
;
56 int tunable_download_enable
;
57 int tunable_dirlist_enable
;
58 int tunable_chmod_enable
;
59 int tunable_secure_email_list_enable
;
60 int tunable_run_as_launching_user
;
61 int tunable_no_log_lock
;
62 int tunable_ssl_enable
;
63 int tunable_allow_anon_ssl
;
64 int tunable_force_local_logins_ssl
;
65 int tunable_force_local_data_ssl
;
69 int tunable_tilde_user_enable
;
70 int tunable_force_anon_logins_ssl
;
71 int tunable_force_anon_data_ssl
;
72 int tunable_mdtm_write
;
73 int tunable_lock_upload_files
;
74 int tunable_pasv_addr_resolve
;
75 int tunable_debug_ssl
;
76 int tunable_require_cert
;
77 int tunable_validate_cert
;
78 int tunable_strict_ssl_read_eof
;
79 int tunable_strict_ssl_write_shutdown
;
80 int tunable_ssl_request_cert
;
81 int tunable_delete_failed_uploads
;
82 int tunable_implicit_ssl
;
84 int tunable_require_ssl_reuse
;
87 unsigned int tunable_accept_timeout
;
88 unsigned int tunable_connect_timeout
;
89 unsigned int tunable_local_umask
;
90 unsigned int tunable_anon_umask
;
91 unsigned int tunable_ftp_data_port
;
92 unsigned int tunable_idle_session_timeout
;
93 unsigned int tunable_data_connection_timeout
;
94 unsigned int tunable_pasv_min_port
;
95 unsigned int tunable_pasv_max_port
;
96 unsigned int tunable_anon_max_rate
;
97 unsigned int tunable_local_max_rate
;
98 unsigned int tunable_listen_port
;
99 unsigned int tunable_max_clients
;
100 unsigned int tunable_file_open_mode
;
101 unsigned int tunable_max_per_ip
;
102 unsigned int tunable_trans_chunk_size
;
103 unsigned int tunable_delay_failed_login
;
104 unsigned int tunable_delay_successful_login
;
105 unsigned int tunable_max_login_fails
;
106 unsigned int tunable_chown_upload_mode
;
108 const char* tunable_secure_chroot_dir
;
109 const char* tunable_ftp_username
;
110 const char* tunable_chown_username
;
111 const char* tunable_xferlog_file
;
112 const char* tunable_vsftpd_log_file
;
113 const char* tunable_message_file
;
114 const char* tunable_nopriv_user
;
115 const char* tunable_ftpd_banner
;
116 const char* tunable_banned_email_file
;
117 const char* tunable_chroot_list_file
;
118 const char* tunable_pam_service_name
;
119 const char* tunable_guest_username
;
120 const char* tunable_userlist_file
;
121 const char* tunable_anon_root
;
122 const char* tunable_local_root
;
123 const char* tunable_banner_file
;
124 const char* tunable_pasv_address
;
125 const char* tunable_listen_address
;
126 const char* tunable_user_config_dir
;
127 const char* tunable_listen_address6
;
128 const char* tunable_cmds_allowed
;
129 const char* tunable_cmds_denied
;
130 const char* tunable_hide_file
;
131 const char* tunable_deny_file
;
132 const char* tunable_user_sub_token
;
133 const char* tunable_email_password_file
;
134 const char* tunable_rsa_cert_file
;
135 const char* tunable_dsa_cert_file
;
136 const char* tunable_ssl_ciphers
;
137 const char* tunable_rsa_private_key_file
;
138 const char* tunable_dsa_private_key_file
;
139 const char* tunable_ca_certs_file
;
141 static void install_str_setting(const char* p_value
, const char** p_storage
);
144 tunables_load_defaults()
146 tunable_anonymous_enable
= 1;
147 tunable_local_enable
= 0;
148 tunable_pasv_enable
= 1;
149 tunable_port_enable
= 1;
150 tunable_chroot_local_user
= 0;
151 tunable_write_enable
= 0;
152 tunable_anon_upload_enable
= 0;
153 tunable_anon_mkdir_write_enable
= 0;
154 tunable_anon_other_write_enable
= 0;
155 tunable_chown_uploads
= 0;
156 tunable_connect_from_port_20
= 0;
157 tunable_xferlog_enable
= 0;
158 tunable_dirmessage_enable
= 0;
159 tunable_anon_world_readable_only
= 1;
160 tunable_async_abor_enable
= 0;
161 tunable_ascii_upload_enable
= 0;
162 tunable_ascii_download_enable
= 0;
163 tunable_one_process_model
= 0;
164 tunable_xferlog_std_format
= 0;
165 tunable_pasv_promiscuous
= 0;
166 tunable_deny_email_enable
= 0;
167 tunable_chroot_list_enable
= 0;
168 tunable_setproctitle_enable
= 0;
169 tunable_text_userdb_names
= 0;
170 tunable_ls_recurse_enable
= 0;
171 tunable_log_ftp_protocol
= 0;
172 tunable_guest_enable
= 0;
173 tunable_userlist_enable
= 0;
174 tunable_userlist_deny
= 1;
175 tunable_use_localtime
= 0;
176 tunable_check_shell
= 1;
177 tunable_hide_ids
= 0;
179 tunable_port_promiscuous
= 0;
180 tunable_passwd_chroot_enable
= 0;
181 tunable_no_anon_password
= 0;
182 tunable_tcp_wrappers
= 0;
183 tunable_use_sendfile
= 1;
184 tunable_force_dot_files
= 0;
185 tunable_listen_ipv6
= 0;
186 tunable_dual_log_enable
= 0;
187 tunable_syslog_enable
= 0;
188 tunable_background
= 0;
189 tunable_virtual_use_local_privs
= 0;
190 tunable_session_support
= 0;
191 tunable_download_enable
= 1;
192 tunable_dirlist_enable
= 1;
193 tunable_chmod_enable
= 1;
194 tunable_secure_email_list_enable
= 0;
195 tunable_run_as_launching_user
= 0;
196 tunable_no_log_lock
= 0;
197 tunable_ssl_enable
= 0;
198 tunable_allow_anon_ssl
= 0;
199 tunable_force_local_logins_ssl
= 1;
200 tunable_force_local_data_ssl
= 1;
204 tunable_tilde_user_enable
= 0;
205 tunable_force_anon_logins_ssl
= 0;
206 tunable_force_anon_data_ssl
= 0;
207 tunable_mdtm_write
= 1;
208 tunable_lock_upload_files
= 1;
209 tunable_pasv_addr_resolve
= 0;
210 tunable_debug_ssl
= 0;
211 tunable_require_cert
= 0;
212 tunable_validate_cert
= 0;
213 tunable_strict_ssl_read_eof
= 0;
214 tunable_strict_ssl_write_shutdown
= 0;
215 tunable_ssl_request_cert
= 1;
216 tunable_delete_failed_uploads
= 0;
217 tunable_implicit_ssl
= 0;
219 tunable_require_ssl_reuse
= 1;
222 tunable_accept_timeout
= 60;
223 tunable_connect_timeout
= 60;
224 tunable_local_umask
= 077;
225 tunable_anon_umask
= 077;
226 tunable_ftp_data_port
= 20;
227 tunable_idle_session_timeout
= 300;
228 tunable_data_connection_timeout
= 300;
229 /* IPPORT_USERRESERVED + 1 */
230 tunable_pasv_min_port
= 5001;
231 tunable_pasv_max_port
= 0;
232 tunable_anon_max_rate
= 0;
233 tunable_local_max_rate
= 0;
235 tunable_listen_port
= 21;
236 tunable_max_clients
= 0;
238 tunable_file_open_mode
= 0666;
239 tunable_max_per_ip
= 0;
240 tunable_trans_chunk_size
= 0;
241 tunable_delay_failed_login
= 1;
242 tunable_delay_successful_login
= 0;
243 tunable_max_login_fails
= 3;
245 tunable_chown_upload_mode
= 0600;
247 install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir
);
248 install_str_setting("ftp", &tunable_ftp_username
);
249 install_str_setting("root", &tunable_chown_username
);
250 install_str_setting("/var/log/xferlog", &tunable_xferlog_file
);
251 install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file
);
252 install_str_setting(".message", &tunable_message_file
);
253 install_str_setting("nobody", &tunable_nopriv_user
);
254 install_str_setting(0, &tunable_ftpd_banner
);
255 install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file
);
256 install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file
);
257 install_str_setting("ftp", &tunable_pam_service_name
);
258 install_str_setting("ftp", &tunable_guest_username
);
259 install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file
);
260 install_str_setting(0, &tunable_anon_root
);
261 install_str_setting(0, &tunable_local_root
);
262 install_str_setting(0, &tunable_banner_file
);
263 install_str_setting(0, &tunable_pasv_address
);
264 install_str_setting(0, &tunable_listen_address
);
265 install_str_setting(0, &tunable_user_config_dir
);
266 install_str_setting(0, &tunable_listen_address6
);
267 install_str_setting(0, &tunable_cmds_allowed
);
268 install_str_setting(0, &tunable_cmds_denied
);
269 install_str_setting(0, &tunable_hide_file
);
270 install_str_setting(0, &tunable_deny_file
);
271 install_str_setting(0, &tunable_user_sub_token
);
272 install_str_setting("/etc/vsftpd.email_passwords",
273 &tunable_email_password_file
);
274 install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
275 &tunable_rsa_cert_file
);
276 install_str_setting(0, &tunable_dsa_cert_file
);
277 install_str_setting("DES-CBC3-SHA", &tunable_ssl_ciphers
);
278 install_str_setting(0, &tunable_rsa_private_key_file
);
279 install_str_setting(0, &tunable_dsa_private_key_file
);
280 install_str_setting(0, &tunable_ca_certs_file
);
284 install_str_setting(const char* p_value
, const char** p_storage
)
286 char* p_curr_val
= (char*) *p_storage
;
289 vsf_sysutil_free(p_curr_val
);
293 p_value
= vsf_sysutil_strdup(p_value
);
295 *p_storage
= p_value
;