File: tunables.c

package info (click to toggle)
vsftpd 3.0.3-13
  • links: PTS
  • area: main
  • in suites: bookworm, sid, trixie
  • size: 2,628 kB
  • sloc: ansic: 16,636; sh: 267; makefile: 51; python: 18
file content (312 lines) | stat: -rw-r--r-- 10,115 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
 
/*
 * Part of Very Secure FTPd
 * Licence: GPL v2
 * Author: Chris Evans
 * tunables.c
 */

#include "tunables.h"
#include "sysutil.h"

int tunable_anonymous_enable;
int tunable_local_enable;
int tunable_utf8_filesystem;
int tunable_pasv_enable;
int tunable_port_enable;
int tunable_chroot_local_user;
int tunable_write_enable;
int tunable_anon_upload_enable;
int tunable_anon_mkdir_write_enable;
int tunable_anon_other_write_enable;
int tunable_chown_uploads;
int tunable_connect_from_port_20;
int tunable_xferlog_enable;
int tunable_dirmessage_enable;
int tunable_anon_world_readable_only;
int tunable_async_abor_enable;
int tunable_ascii_upload_enable;
int tunable_ascii_download_enable;
int tunable_one_process_model;
int tunable_xferlog_std_format;
int tunable_pasv_promiscuous;
int tunable_deny_email_enable;
int tunable_chroot_list_enable;
int tunable_setproctitle_enable;
int tunable_text_userdb_names;
int tunable_ls_recurse_enable;
int tunable_log_ftp_protocol;
int tunable_guest_enable;
int tunable_userlist_enable;
int tunable_userlist_deny;
int tunable_use_localtime;
int tunable_check_shell;
int tunable_hide_ids;
int tunable_listen;
int tunable_port_promiscuous;
int tunable_passwd_chroot_enable;
int tunable_no_anon_password;
int tunable_tcp_wrappers;
int tunable_use_sendfile;
int tunable_force_dot_files;
int tunable_listen_ipv6;
int tunable_dual_log_enable;
int tunable_syslog_enable;
int tunable_background;
int tunable_virtual_use_local_privs;
int tunable_session_support;
int tunable_download_enable;
int tunable_dirlist_enable;
int tunable_chmod_enable;
int tunable_secure_email_list_enable;
int tunable_run_as_launching_user;
int tunable_no_log_lock;
int tunable_ssl_enable;
int tunable_allow_anon_ssl;
int tunable_force_local_logins_ssl;
int tunable_force_local_data_ssl;
int tunable_sslv2;
int tunable_sslv3;
int tunable_tlsv1;
int tunable_tilde_user_enable;
int tunable_force_anon_logins_ssl;
int tunable_force_anon_data_ssl;
int tunable_mdtm_write;
int tunable_lock_upload_files;
int tunable_pasv_addr_resolve;
int tunable_debug_ssl;
int tunable_require_cert;
int tunable_validate_cert;
int tunable_strict_ssl_read_eof;
int tunable_strict_ssl_write_shutdown;
int tunable_ssl_request_cert;
int tunable_delete_failed_uploads;
int tunable_implicit_ssl;
int tunable_ptrace_sandbox;
int tunable_require_ssl_reuse;
int tunable_isolate;
int tunable_isolate_network;
int tunable_ftp_enable;
int tunable_http_enable;
int tunable_seccomp_sandbox;
int tunable_allow_writeable_chroot;

unsigned int tunable_accept_timeout;
unsigned int tunable_connect_timeout;
unsigned int tunable_local_umask;
unsigned int tunable_anon_umask;
unsigned int tunable_ftp_data_port;
unsigned int tunable_idle_session_timeout;
unsigned int tunable_data_connection_timeout;
unsigned int tunable_pasv_min_port;
unsigned int tunable_pasv_max_port;
unsigned int tunable_anon_max_rate;
unsigned int tunable_local_max_rate;
unsigned int tunable_listen_port;
unsigned int tunable_max_clients;
unsigned int tunable_file_open_mode;
unsigned int tunable_max_per_ip;
unsigned int tunable_trans_chunk_size;
unsigned int tunable_delay_failed_login;
unsigned int tunable_delay_successful_login;
unsigned int tunable_max_login_fails;
unsigned int tunable_chown_upload_mode;

const char* tunable_secure_chroot_dir;
const char* tunable_ftp_username;
const char* tunable_chown_username;
const char* tunable_xferlog_file;
const char* tunable_vsftpd_log_file;
const char* tunable_message_file;
const char* tunable_nopriv_user;
const char* tunable_ftpd_banner;
const char* tunable_banned_email_file;
const char* tunable_chroot_list_file;
const char* tunable_pam_service_name;
const char* tunable_guest_username;
const char* tunable_userlist_file;
const char* tunable_anon_root;
const char* tunable_local_root;
const char* tunable_banner_file;
const char* tunable_pasv_address;
const char* tunable_listen_address;
const char* tunable_user_config_dir;
const char* tunable_listen_address6;
const char* tunable_cmds_allowed;
const char* tunable_cmds_denied;
const char* tunable_hide_file;
const char* tunable_deny_file;
const char* tunable_upload_file;
const char* tunable_download_file;
const char* tunable_user_sub_token;
const char* tunable_email_password_file;
const char* tunable_rsa_cert_file;
const char* tunable_dsa_cert_file;
const char* tunable_ssl_ciphers;
const char* tunable_rsa_private_key_file;
const char* tunable_dsa_private_key_file;
const char* tunable_ca_certs_file;

static void install_str_setting(const char* p_value, const char** p_storage);

void
tunables_load_defaults()
{
  tunable_anonymous_enable = 1;
  tunable_local_enable = 0;
  tunable_utf8_filesystem = 0;
  tunable_pasv_enable = 1;
  tunable_port_enable = 1;
  tunable_chroot_local_user = 0;
  tunable_write_enable = 0;
  tunable_anon_upload_enable = 0;
  tunable_anon_mkdir_write_enable = 0;
  tunable_anon_other_write_enable = 0;
  tunable_chown_uploads = 0;
  tunable_connect_from_port_20 = 0;
  tunable_xferlog_enable = 0;
  tunable_dirmessage_enable = 0;
  tunable_anon_world_readable_only = 1;
  tunable_async_abor_enable = 0;
  tunable_ascii_upload_enable = 0;
  tunable_ascii_download_enable = 0;
  tunable_one_process_model = 0;
  tunable_xferlog_std_format = 0;
  tunable_pasv_promiscuous = 0;
  tunable_deny_email_enable = 0;
  tunable_chroot_list_enable = 0;
  tunable_setproctitle_enable = 0;
  tunable_text_userdb_names = 0;
  tunable_ls_recurse_enable = 0;
  tunable_log_ftp_protocol = 0;
  tunable_guest_enable = 0;
  tunable_userlist_enable = 0;
  tunable_userlist_deny = 1;
  tunable_use_localtime = 0;
  tunable_check_shell = 1;
  tunable_hide_ids = 0;
  tunable_listen = 0;
  tunable_port_promiscuous = 0;
  tunable_passwd_chroot_enable = 0;
  tunable_no_anon_password = 0;
  tunable_tcp_wrappers = 0;
  tunable_use_sendfile = 1;
  tunable_force_dot_files = 0;
  tunable_listen_ipv6 = 0;
  tunable_dual_log_enable = 0;
  tunable_syslog_enable = 0;
  tunable_background = 0;
  tunable_virtual_use_local_privs = 0;
  tunable_session_support = 0;
  tunable_download_enable = 1;
  tunable_dirlist_enable = 1;
  tunable_chmod_enable = 1;
  tunable_secure_email_list_enable = 0;
  tunable_run_as_launching_user = 0;
  tunable_no_log_lock = 0;
  tunable_ssl_enable = 0;
  tunable_allow_anon_ssl = 0;
  tunable_force_local_logins_ssl = 1;
  tunable_force_local_data_ssl = 1;
  tunable_sslv2 = 0;
  tunable_sslv3 = 0;
  tunable_tlsv1 = 1;
  tunable_tilde_user_enable = 0;
  tunable_force_anon_logins_ssl = 0;
  tunable_force_anon_data_ssl = 0;
  tunable_mdtm_write = 1;
  tunable_lock_upload_files = 1;
  tunable_pasv_addr_resolve = 0;
  tunable_debug_ssl = 0;
  tunable_require_cert = 0;
  tunable_validate_cert = 0;
  tunable_strict_ssl_read_eof = 1;
  tunable_strict_ssl_write_shutdown = 0;
  tunable_ssl_request_cert = 1;
  tunable_delete_failed_uploads = 0;
  tunable_implicit_ssl = 0;
  tunable_ptrace_sandbox = 0;
  tunable_require_ssl_reuse = 1;
  tunable_isolate = 1;
  tunable_isolate_network = 1;
  tunable_ftp_enable = 1;
  tunable_http_enable = 0;
  tunable_seccomp_sandbox = 0;
  tunable_allow_writeable_chroot = 0;

  tunable_accept_timeout = 60;
  tunable_connect_timeout = 60;
  tunable_local_umask = 077;
  tunable_anon_umask = 077;
  tunable_ftp_data_port = 20;
  tunable_idle_session_timeout = 300;
  tunable_data_connection_timeout = 300;
  /* IPPORT_USERRESERVED + 1 */
  tunable_pasv_min_port = 5001;
  tunable_pasv_max_port = 0;
  tunable_anon_max_rate = 0;
  tunable_local_max_rate = 0;
  /* IPPORT_FTP */
  tunable_listen_port = 21;
  tunable_max_clients = 2000;
  /* -rw-rw-rw- */
  tunable_file_open_mode = 0666;
  tunable_max_per_ip = 50;
  tunable_trans_chunk_size = 0;
  tunable_delay_failed_login = 1;
  tunable_delay_successful_login = 0;
  tunable_max_login_fails = 3;
  /* -rw------- */
  tunable_chown_upload_mode = 0600;

  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
  install_str_setting("ftp", &tunable_ftp_username);
  install_str_setting("root", &tunable_chown_username);
  install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
  install_str_setting("/var/log/vsftpd.log", &tunable_vsftpd_log_file);
  install_str_setting(".message", &tunable_message_file);
  install_str_setting("nobody", &tunable_nopriv_user);
  install_str_setting(0, &tunable_ftpd_banner);
  install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
  install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
  install_str_setting("vsftpd", &tunable_pam_service_name);
  install_str_setting("ftp", &tunable_guest_username);
  install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
  install_str_setting(0, &tunable_anon_root);
  install_str_setting(0, &tunable_local_root);
  install_str_setting(0, &tunable_banner_file);
  install_str_setting(0, &tunable_pasv_address);
  install_str_setting(0, &tunable_listen_address);
  install_str_setting(0, &tunable_user_config_dir);
  install_str_setting(0, &tunable_listen_address6);
  install_str_setting(0, &tunable_cmds_allowed);
  install_str_setting(0, &tunable_cmds_denied);
  install_str_setting(0, &tunable_hide_file);
  install_str_setting(0, &tunable_deny_file);
  install_str_setting(0, &tunable_upload_file);
  install_str_setting(0, &tunable_download_file);
  install_str_setting(0, &tunable_user_sub_token);
  install_str_setting("/etc/vsftpd.email_passwords",
                      &tunable_email_password_file);
  install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
                      &tunable_rsa_cert_file);
  install_str_setting(0, &tunable_dsa_cert_file);
  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
  install_str_setting(0, &tunable_rsa_private_key_file);
  install_str_setting(0, &tunable_dsa_private_key_file);
  install_str_setting(0, &tunable_ca_certs_file);
}

void
install_str_setting(const char* p_value, const char** p_storage)
{
  char* p_curr_val = (char*) *p_storage;
  if (p_curr_val != 0)
  {
    vsf_sysutil_free(p_curr_val);
  }
  if (p_value != 0)
  {
    p_value = vsf_sysutil_strdup(p_value);
  }
  *p_storage = p_value;
}