pure-ftpd-1.0.46.orig/0000755000000000000000000000000013077430117011340 5ustar pure-ftpd-1.0.46.orig/AUTHORS0000644000000000000000000001641313077406215012417 0ustar Credits for Troll-FTPd are going to the following dudes. * Original Troll-FTPd authors : Arnt Gulbrandsen troll.no> Troll Tech AS * Original Troll-FTPd contributors : Janos Farkas localnet.com> August Fullford Ximenes Zalteca Patrick Michael Kane asimov.net> Credits for Pure-FTPd are going to the following ones. * Michal Moskal pld-linux.org> * Arkadiusz Miskiewicz pld-linux.org> : IPv6 support. Polish translation. * Michael K. Johnson redhat.com> * Kelley Lingerfelt cococo.net> : PAM support. * Sebastian Andersson diegeekdie.com> : ASCII transfers. sendfile() usage. Capability drop. * Andreas Westin student.luth.se> : FXP support. ftpwho design and reference implementation. * The OpenBSD team (http://www.openbsd.org/) The NetBSD team (http://www.netbsd.org/) The Regents of the University of California : Most of the glob() function, getopt_long() and realpath() replacements. * The sh-utils team (ftp://alpha.gnu.org/gnu/fetish/) getloadavg.c derivative. * Jason Lunz falooley.org> : Daemonization (-B). Get rid of -D in favor of (thanks to Arkadiusz, too). Fix XML output. Official ninja warrior. First Debian package maintainer. * Mathias Gumz cs.uni-magdeburg.de> German translation. * Claudiu Costin kde.org> Romanian translation. KcmPureftpd author. * Ping root42.net> French translation. * Paul Lasarev itk.ru> Initial Debian packages. * Jean-Mathieux Schaffhauser free.fr> Web page logo. GTK configuration interface. Rendez-vous support on MacOS X. Plist output in pure-ftpwho. * Emmanuel Hocdet t-online.fr> Nice bug fixes (config file parsers, replycmd) and suggestions. * Peter Pentchev orbitel.bg> Integration to the FreeBSD port collection and FreeBSD improvements. build.sh improvements. * Luis Llorente Campo luisllorente.com> Spanish translation. * Sami Koskinen cc.hut.fi> Open a session when using PAM. * Matthias Andree stud.uni-dortmund.de> -1 option. A lot of code cleanups and robustness fixes. Documentation cleanups. Solaris < 8 portI Fixed Solaris large file support. * Trilucid (http://www.trilucid.com/) Web design of pureftpd.org . * Isak Lyberth users.sf.net> Danish translation. * Bernhard Weisshuhn weisshuhn.de> Spec file fixes. Fixes to the german translation. * Steve Reid edmweb.com> Original SHA1 implementation. * RSA Data Security, Inc. (http://www.rsa.com/) Original MD5 implementation. * Dmitry Lebkov MD5/SHA1 LDAP authentication. * Sami Farin iki.fi> A lot of code cleanups. * Johan Huisman 12move.nl> * Jan van Veen triple-p.nl> Dutch translation. * Thorsten Kukuk suse.de> LFS fixes. RPM fixes. * Stefano F.  sp.unipi.it> : * Alex Dupre  alexdupre.com> : Italian translation. * Roger Constantin Demetrescu gmail.com> Brazilian Portuguese translation. * Freeman ozac.org> : "Powered by Pure-FTPd" web button. * Robert Varga hq.alert.sk> : Slovak translation. * James Metcalf asset-ict.com> : Complete review of the english doc. * Im Eunjea kldp.org> : Korean translation. * Philip Gladstone okena.com> : PureDB speedups. * Kenneth Stailey yahoo.com> : Support for load average checks on Solaris. Directory aliases. HPUX support. sendfile() support on HPUX and Solaris. * Brad Smith openbsd.org> : Maintainer of the OpenBSD port. * Cindy Marasco getaclue.org> : PostgreSQL support. * Ulrik Sartipy raj-raj.net> : Swedish translation. * Nicolas Doye : Support for MD5 hashed passwords in MySQL. * Thomas Briggs sane.com> : Implementation of the W3C logfile format. Helped with Tru64 portability. * Stanton Gallegos MacOS X maintainer (see http://fink.sourceforge.net/) . * Florin Andrei sgi.com> Chan Wilson sgi.com> Implemented load average check on Irix systems. * Bjoern Metzdorf turtle-entertainment.de> Merged MD5/any hash functions for passwords in the PgSQL backend. * Ben Gertzfield debian.org> Implemented the extended LDAP schema to support quotas, throttling and ratios. * Akhilesch Mritunjai me.iitb.ac.in> Maintainer of the QNX port. * Dawid Szymanski arhea.net> Maintainer of the NetBSD port. * Kurt Inge Smċdal / EasyISP.org easyisp.org> * Brynjar Eide mislykket.no> Norwegian translation. * Gabriele Vinci pronto.it> Official logo artwork. * Andrey Ulanov rt.mipt.ru> Russian translation. * Fygul Hether mail.nhu.edu.tw> Traditional and simplified Chinese translations. * Jeffrey Lim fastmail.fm> A lot of excellent documentation improvements. * Ying-Chieh Liao csie.nctu.edu.tw> FreeBSD fixes for pure-mrtginfo. * Johannes Erdfelt erdfelt.com> Fix error when deleting files with an absolute directory when quotas are enabled. RPM spec file improvements. * Martin Sarfy informatics.muni.cz> Czech translation. * Clive Goodhead swnet.net> Implement MYSQLDefaultGID and MYSQLDefaultUID. * Aristoteles Pagaltzis gmx.de> pure-config.pl rewrite. * Stefan Hornburg linuxia.de> Debian maintainer. * Mehmet Cokcevik netline.com.tr> Turkish translation. * Torgny Wernersson ewp.nu> Maintainer of the PDF documentation - http://www.pureftpd.org/readme.pdf * Bánhalmi Csaba enternet.hu> Hungarian translation. * Oriol Magrané mediapro.es> Catalan translation. * Volodin D dv.net.ru> URL encoding for CLF and W3C log files. * Jui-Nan Lin RFC2640 Support. * Old Sparty --pidfile= option for pure-authd and pure-uploadscript. * Patrick Gosling Fix for file uploads * Marc Balmer msys.ch> TLS support for LDAP. * Rajat Upadhyaya / Novell * Christian Cier-Zniewski gmx.de> Support for TLS encryption on the data channel. * Wilco Baan Hofman LDAP authentication through binding. * Todd E Rinaldino / Cpanel -J option (set allowed ciphers for SSL/TLS). * Clement Chauplannaz Added support for URI schemes other than LDAP (namely LDAPS) in the LDAP backend. * Frank DENIS aka Jedi/Sector One pureftpd.org> : Pure-FTPd project initiator and maintainer. Almost everything else :) Original license : Copyright 1995-2000 Trolltech AS. Copyright 2001-2002 Arnt Gulbrandsen. Use, modification and distribution is allowed without limitation, warranty, or liability of any kind. pure-ftpd-1.0.46.orig/CONTACT0000644000000000000000000000054613077406215012365 0ustar Pure-FTPd home page is located at : http://www.pureftpd.org/ If you need help or if you want to chat with other users and developpers, go to the following URL to subscribe to the Pure-FTPd mailing lists (low traffic) : http://www.pureftpd.org/ml/ Thank you. pure-ftpd-1.0.46.orig/COPYING0000644000000000000000000000231313077406215012374 0ustar Pure-FTPd is covered by the following license : /* * Copyright (c) 2001 - 2017 * Frank Denis with help of contributors. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ ------------------------------------------ The bsd-glob.c, bsd-glob.h, bsd-realpath.c, bsd-getopt_long.c, bsd-getopt_long.h and alt_arc4random.c source files are based on the OpenBSD and NetBSD projects and they are covered by the BSD license. The original license is enclosed at the beginning of the related files. pure-ftpd-1.0.46.orig/ChangeLog0000644000000000000000000026322713077427222013131 0ustar * Version 1.0.46: - The server can now be linked against OpenSSL 1.1.x with the strict API. - Unmaintained contributions have been removed. - Globbing: the number of * in an expression has been limited to 3. * Version 1.0.45: - TLS v1.0 sessions are now refused. - Version 1.0.44 didn't properly parse the TLSCipherSuite directive. This has been fixed. * Version 1.0.44: - The Perl and Python wrappers are gone. The daemon can now use a configuration file without requiring external dependencies. - Pure-FTPd can now be linked against OpenSSL 1.1.x - The QUIT command didn't work properly when the server was compiled without support for RFC2640. This has been fixed. - 3DES was removed from the default cipher suite. * Version 1.0.43: - Passwords can now be hashed using Argon2. - The -J switch didn't work any more in 1.0.42. This has been fixed. - The default cipher suite was simplified. - Authentication against system accounts is compatible with OpenBSD 6.0. - Fixed: protocol conformance when TLS sessions are refused. - Altlog records can now be sent to `stdout`/`stderr`. * Version 1.0.42: - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not compiled with libsodium. - The connection is now dropped if HTTP commands are received. - LDAP force_default_gid and force_default_uid now work as documented. - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd 1.0.22 circa 2009, but disabled back then due to client compatibility concerns) is now on by default, except in broken clients compatibility mode. * Version 1.0.41: - libmariadb is looked for in addition to libmysqlclient - MySQL: my_make_scrambled_password() is not always an exported symbol any more, so pure-ftpd now ships a reimplementation. - openssl/ec.h is not available on some Linux distributions that disable EC in OpenSSL. This is being tested by autoconf. - New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS. * Version 1.0.40: - Support for TCP_FASTOPEN added on Linux - The LDAP configuration file didn't allow a default gid without also defining a default uid. This is no longer the case. - OpenBSD's glob() left the glob_t structure uninitialized if the pattern was larger than PATH_MAX, causing globfree() to free() an unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34. * Version 1.0.39: - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5) - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE) * Version 1.0.38: - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH - TLS forward secrecy support was added. DH parameters are loaded from TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically selected when using LibreSSL. - scrypt hashed passwords can be used in the MySQL, PostgreSQL and LDAP backends. * Version 1.0.37: - The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory. This is no longer a compile-time option. - The Clear Command Channel (CCC) command is now supported. - pure-config.py is compatible with Python 3. - SSL (v2, v3) is refused by default. - The PureDB backend supports the scrypt function in order to hash passwords. This is the preferred algorithm, but requires the presence of libsodium. - DES-hashed passwords are not supported any more. - LDAP uid and gid values can over overridden in the LDAP configuration file. - New LDAPUseTLS directive for LDAP. - RC4 was killed. * Version 1.0.36: - The safe_write()/safe_read() factorization broke extauth. Using safe_read_partial() to read from the extauth pipe wasn't enough. Bug reported by Rasmus Fauske. - Improved autoconf detection of -fstack-protector and -fPIE - If 10 digits are not enough to print the size of a file in an ls-like output, bump the max number of digits to 18. This adds support for files up to 1 exabyte. - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by default on Windows, and ASCII downloads on Windows have been fixed. - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows any characters in a file name. Disabled by default. - Don't display dot files (except . and ..) if dot_read_ok is 0 in donlist() - but not in sglob() yet. This change is purely cosmetic. There are many ways to figure out if a file exists. * Version 1.0.35: - Improve compatibility with the Intel and Ekopath compilers. - Use more paranoid compiler options whenever possible, and preliminary uncluttering of the autoconf script. - Try to cache locale-related data at startup after tzset(), rather than during a session. - Fix quota computation after rename() overwrites an existing file. Reported by Hiramoto Koujo, thanks! * Version 1.0.34: - Fix safe_write() inverted checks that broke uploads. * Version 1.0.33: - Sync built-in glob(3) code with OpenBSD-current, and remove code we don't use instead of ifdef'ing it. - Repair checkproc() on Linux when support for capabitilies is compiled in. Reported by Eric Gouyer. - Don't read /dev/*random every time we need a value. Just use arc4random() everywhere and seed it before we possibly chroot(). - Add support for MFMT, with the same code as SITE UTIME. - Support 2-arguments SITE UTIME. - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil. - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is prefixed by -S: , needed by Brad. - Remove the various safe_read() / safe_write() instances and factorize them in safe_rw.c - Call OpenSSL_add_all_algorithms(), suggested by Brad. - Mention that WinSCP works fine with Pure-FTPd. - On Linux, opening a named pipe that nobody reads with O_WRONLY yields ENXIO. The workaround is to opens it O_RDWR. So, just do that. * Version 1.0.32: - Support SHA1 password hashing in MySQL and PostgreSQL backends - Support for braces expansion in directory listings has been disabled - Cf. CVE-2011-0418 * Version 1.0.31: - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers, thanks to Todd Rinaldo. - The -F switch has been documented in the built-in help. - Shell-like escaping is now partially handled when emulating the "ls" command. - Use my_make_scrambled_password() instead of make_scrambled_password(). Suggested by Arkadiusz Miskiewicz. * Version 1.0.30: - Use malloc() instead of an ever-growing stack in pure-quotacheck. Fixes quota computation on a large number of files. Problem initially reported by jeff at cpanel dot net. - Treat OPTS UTF-8 like OPTS UTF8. Suggested by yjfan at longtop dot com. - Empty the command-line buffer after switching to TLS. Fixes a flaw similar to Postfix's CVE-2011-0411. - Provide ANSI-compliant MySQL configuration example. - Fix some issues with man pages. * Version 1.0.29: - max_dlmap_size was size_t instead off_t, causing misalignment while downloading > 4 Gb files on a 32-bits arch. Reported by Viktor Butskih. - pread() vs lseek()+read() was a useless optimization, since pread() doesn't change the file position and further reads weren't going through plain read() calls. - iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon exit. Fixes segfaults on glibc. - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10. * Version 1.0.28: - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service name. - When an upload gets renamed (--autorename), send the new name to the uploadscript instead of the original one. - The ALLO command now checks for the actual disk space in addition to the virtal quota. - Work around OSX broken poll() - After an atomic resumed upload, don't append the previous file size to the quota. - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is UTF8. - Fix AUTHD_ENCRYPTED - Reset the CWD failures counter after a successful directory has been created. It avoids spurious disconnections with ncftp. - Support for iPhone has been moved to another branch. - Fix crash with PostgreSQL. * Version 1.0.27: - Have pureftpd_shutdown() shut the server down even if a client is connected on iPhone. - Allow users with no quota to delete .pureftpd-upload-* files. - Unbreak ipv6 support, reported by Brad Smith. - Disable SSLv3 renegotiation if an old SSL library is used. If you really want to re-enable SSLv3 renegotiation, even with a recent library, you can always define ACCEPT_SSL_RENEGOTIATION. * Version 1.0.26: - Fix incompatibilities with Cyberduck when TLS is enabled. - Don't TLS_accept() immediately after accept(). Reply on the connection socket first, so that clients don't have to wait before knowing that they can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck. - Properly change the process name on Linux when the -S option is used, by Margus Kaidja. - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert for the bug report. * Version 1.0.25: - Show symlinks as symlinks in MLSD, except when the broken client compatibility mode is turned on and links are not dangling (just like the old LIST and NLIST commands). Reported by Mime Cuvalo. - More gcc 2 compatibility, thanks to Todd Rinaldo. - Properly handle custom paths in man pages. Thanks to Scott Haneda and Mathieu Parisot. - Have $localstatedir default to /var as it used to be unless --localstatedir=... is explicitly passed to ./configure - Use @VERSION@ in man pages. - --without-pam disables PAM on OSX and iPhone. - Allow cross-compilation. - Experimental iPhone target. - Change the way it links, building a library first. - Don't use mmap() any more for downloads. It's too slow. - Don't use hard-coded paths in order to find MySQL and PostgreSQL libraries and header files. Use mysql_config and pg_config instead. Suggested by John Alberts. - Log the DELE command similar to the RETR and STOR commands. Suggested by Martin Fuxa. - The primary group gets cached so that it's always displayed in directory listings. - Avoid a client process to burn CPU in an infinite loop if the command channel gets disconnected before the data channel. Reported by Thomas Min and Margus Kaidja. - Restore the traditional behavior of a download restarting at the end of a file. For some weird reasons, some clients still insist on doing that. Don't send a 55x return code, just let them download... nothing. - Documentation updates. * Version 1.0.24: - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer. - The package can now be compiled with gcc 2. * Version 1.0.23: - LDAP: accept "enabled" as a correct value for FTPStatus as it used to be. - More useful error logging for OpenSSL errors. - Don't read certificates twice. - Fix compilation on Solaris with privsep, thanks to Ritesh Patel. - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero Pelander. - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin. - Don't ignore dot files even if -D is not supplied with the MLSD command. - Deinline code - Throttling more reliable - STAT is now working over TLS - DH keys for ephemeral key exchange are now handled - Fix libiconv checking - The column was missing in the PassivePortRange comment (thanks to Igor Alexadrov) - LDAP authentication through binding is now possible in addition to passwords. This allows for the FTP server to run with an unprivileged LDAP account. It also adds a warning if auth method password is used and doesn't find a userPassword attribute. This usually indicates that the LDAP bind DN cannot read the attributes, because it doesn't have sufficient privileges. Contributed by Wilco Baan Hofman. - Perform charset conversions on directory names. Issue spotted by Xianghu Zhao. - Almost a complete rewrite of the upload, download and TLS code for more reliability - Seemlessly handle ABOR without any SIGURG - Try to immediately handle any kind of disconnection - Use poll() rather than select() as much as possible - Distinguish aborted (even the hard way) and completed download and upload operations in log files - Minor corrections to he French messages - Don't use atomic uploads unless --notruncate or --autorename have been enabled - Take care of removing .pureftpd-upload-* files in every possible case - List up to 10000 files per directory per default instead of 2000 - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL - New compile-time option: --with-implicittls in order to build a FTPS-only server - ./configure --localstatedir can now be used in order to avoid storing the scoreboard and other dynamic files in /var/run/ - Quota handling reworked (easier, and way more reliable) - RNTO support even when quota are enabled. - A bunch of return codes were fixed to be more RFC-conformant. - ALLO command is now actually checking if an upload can occur without blowing the quota. - Don't change the TCP window size. Admins should do this as part of their system configuration. - Privsep is now enabled by default. Use --without-privsep to disable. - --without-banner is gone. If you have a cookie file (-F), the default banner won't be displayed. - Compile with PAM by default on OSX. - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged call is actually necessary. Since only the effective uid chances, it's not brutally useful yet, but it paves the way for forthcoming changes. - Install man pages with local paths instead of hard-coded ones. * Version 1.0.22: - New catalan translation, by Taik0. - TLS support for LDAP, contributed by Marc Balmer. - pureftpd.schema contained two errors. Reported by Ulrich Zehl. - Fix usage of MySQL 5 stored procedures, by Bernhard Fischer. - Don't issue a warning in ./configure when the certfile does exist. Reported by Michael Bowe. - Have LDAP FTPStatus work since the schema changed. Thanks to David Majorel. - Compatibility with newer OpenLDAP versions. Thanks to Johan Ström. - Don't hang up during uploads if we get any other command than QUIT and ABORT. - SITE UTIME reads UTC time - A space is needed for inline content in response to the MLST command. - Time zone issues should be fixed for good. We have to redefine TZ, tzset() is not enough on Linux when we are in a chroot environment. - Correctly respond to FEAT without removing extra features when passive mode is disabled. Thanks to upb. - Better process name change setup for Linux. - Auto-created home directories are now created with mode 0777 (and directory umask is applied), per common request. It's very important to double check your umask. - Extend gid / uid to 10 digits in ls output. Extend file size as well. - Brazilian portuguese translation was updated. - Support new MySQL password scrambling, thanks to Jan Hudoba. - Larger mmap() chunks: downloads needs less CPU usage on platforms with slow mmap() like OpenBSD. - Fix SecureFX compatibility. - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping. - messages_check.pl had to leave the package as it was GPL-licenced. - Don't respond to server that an upload succeeded before the temporary file has been renamed. - TLS support on data channels, contributed by Rajat Upadhyaya from Novell and Christian Cier-Zniewski. - Use sendfile() on recent Solaris versions in place of sendfilev(). - Don't use a deprecated interface for Bonjour registration. - Tell authentication handlers if the connection is encrypted or not, through a new AUTHD_ENCRYPTED environment variable. Suggested by Koczka Ferenc. - README.Netfilter has been removed. - Create all directories, not only the basement when on-demand directory creation is enabled and the user's home directory looks like /basement/./user. Suggested by Frederico Gendorf. - Fixed error reporting when TLS support was compiled in, but TLS wasn't enabled on the current session. Thanks to Arkadiusz Miskiewicz. - Log full path on file deletion. Thanks to Arkadiusz Miskiewicz. - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E (no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz. - Sleep before answering a password failure, not the other way round. From PLD Linux. - Fix gcc warning in puredb. - In broken mode, show symlinks as their real target. It can have side effects, don't forget that broken mode is... broken mode. - Respect aliasing rules for sockaddr_storage usage. - Privsep is enabled by default in the installation GUI. - --with-everything now includes privsep. - update: fix compilation with gcc 2.x, reported by John Lightsey. * Version 1.0.21: When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union to a char buffer, because of alignment required by some architectures. WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It fixes throttling with extauth. Reported and fixed by Marcus Merighi through Brad our beloved OpenBSD maintainer. Rendezvous has been renamed Bonjour. A double-close in the CHMOD command has been fixed, reported by Christer Mjellem Strand. The old PAM sample has been removed. -F option added to pure-pw. MAX_USER_LENGTH has been bumped to 127 due to popular demand. pam/* can now be used if security/* doesn't exist. Fixes PAM detection on MacOS X. Call tzset() in chrooted apps in order to get correct time zones in syslog messages. simplify() simplifies paths ending by /. and /.. MySQL's hash_password() needs 3 arguments since mySQL 4.1. Experimental support for RFC2640 (UTF-8 filename encoding) has been added, derived from code by Jui-Nan Lin. The LDAP schema has been changed: FTPStatus should be a boolean. New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old Sparky. By popular request, even non-chrooted users are now denied access if their home directory is not mounted. If die() is called during a TLS-enabled session, encrypt the death message. Contributed by Cynix. Don't wrongly abort transfer during file upload. Fix by Patrick Gosling. WITH_LARGE_FILES is now defined by default. sendfile64() support on Linux. privsep and main processes were swapped out so that pure-ftpwho displays the right pid. OPTS MLST has been implemented. SITE UTIME has been implemented. TCP_CORK is on by default again. A new configure switch, --without-cork, can disable it. Correctly format %c and %% in fakesprintf(). The connection socket is now created with the Nagle algorithm disabled. It was the trick to dramatically improve performance when transferring a lot of small files. Updated getopt_long() and realpath() substitutes. Allow logging to named pipes (thanks to Steve Marple). Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server. Documentation updates. MySQL errors are now logged. * Version 1.0.20: MacOS X Panther and Tiger sometimes returns EAI_SYSTEM (errno=ENOENT) when a host is not found. The BSD getopt() update has been partly reverted. * Version 1.0.19: Until OpenBSD has UBC, we need to explicitly call msync() to synchronize data written by mmap() and read by read(). Real disk space is no more shown unless SHOW_REAL_DISK_SPACE is defined. Fygul's email address has changed. Don't try to catch SIGKILL any more, it's uncatchable. PureUserAdmin was added to the contribs. getopt_long() was resynced with the OpenBSD version. The client socket switches to non-blocking mode before forking in accept_client() - reported by Agri . * Version 1.0.18: Autoconf was bumped to 2.59, automake to 1.8. The sample source code in README.Authentication-Modules was bogus because of a missing 'echo end' statement. Thanks to Peter Ahlert for reporting this. New translation : hungarian. Contributed by Bánhalmi Csaba . New translation : catalan. Contributed by Oriol Magrané . Max CPU time was bumped to 60 min. Disable hash_password() function call on MySQL 4.1.x and later. We now use two listening sockets (listenfd / listenfd6), one for IPv4, one for IPv6. The standalone_server() function has been reworked and split. New urlencode() function to escape characters in W3C and CLF altlog files. Based upon a suggestion and a patch by Volodin D. The xferlog format was also implemented by the way. New global : no_ipv4 to only listen to IPv6 in standalone mode. Use closefrom() if available to close all descriptors. Support for Rendezvous on MacOS X by Jean-Matthieu Schaffhauser. Support for Apple / GNUSTEP plist data output in pure-ftpwho, also by Jean-Matthieu Schaffhauser. The FileInfo structure was renamed PureFileInfo to avoid a name clash on Darwin. A lot of compile-time default values like GLOB_TIMEOUT, MAX_CPU_TIME and MAX_USER_LENGTH, are now overridable without any change to src/ftpd.h ENABLE_UNICODE_CONTROL_CHARS has been replaced with DISABLE_UNICODE_CONTROL_CHARS and a new switch, --without-unicode, defines that macro. Unlink the right pid files in pure-authd and pure-uploadscript. Reported and fixed by Oscar Sundbon . * Version 1.0.17a: FD_SET(-1, ...) is invalid, but it could happen on aborted transfers, causing Pure-FTPd to exit without removing ftpwho entries nor atomic files. safe_fd_set() has been introduced to solve this, it just works like safe_fd_isset() and ignores descriptor -1 and it has been placed on the same places. * Version 1.0.17: Some fixes were made to the traditional Chinese translation by Flaw Zero . Autoconf was upgraded to 2.58. TLS_CERTIFICATE_PATH has been renamed TLS_CERTIFICATE_FILE. --with-certfile has been added to ./configure to set up a value for TLS_CERTIFICATE_FILE. The default value has been reverted to /etc/ssl/private/pure-ftpd.pem. Solaris NIS accounts can now be converted using pure-pwconvert. Don't drop capabilities too early, or even chroot will be prohibited. Thanks to Arkadiusz Patyk, Li-Ren and Philipp Kern for their report. Negative return codes are not used any more - reported by Andrew Victor System users whose password is '********' are now imported by pure-pwconvert (for newer MacOS X). New file : README.MacOS-X. Use SO_REUSEPORT in place of SO_REUSEADDR to bind the ftp-data port on FreeBSD. Suggested by Henri Virtanen . Big change in the way upload are handled. We now maintain a per-process unique file name in an "atomic_prefix" global. This is the name of a temporary file that is actually used for upload, through the get_atomic_file() function that adds the basename if needed. Once the upload is completed or aborted, the temporary file is renamed. Or hard links are created when autorename is asked for (autorename happens after the upload now, not before). It changes a lot of stuff in dostor(), but it makes the whole thing easier and atomic uploads are really nice for the end user. --no-truncate (and the global no_truncate) can keep the old file when a new version of a file is being uploaded. Redundant calls to get_usec_time() were removed. Julien Andrieux's parser has been added to contribs. Errors when SSL certificates are missing are more explicit. The SITE TIME command was implemented. Suggested by Mark. A new sample of a PAM configuration file has been written. The previous one is still available as pure-ftpd.old. * Version 1.0.16c: We should disable the raw mode and send full HTML headers in CGI mode. Reported by Bernard Lheureux Spelling errors were fixed in the .no translation by Brynjar Eide Always try to include sys/param.h before sys/mount.h in the autoconf script. Patch by Brad Smith . FAQ addition regarding the STOU command. Written by C. Jon Larsen PAM was broken in 1.0.16b due to PAM_SUCCESS not being copied to the right slot. It has been fixed. Automake has been updated to 1.7.8. configure.ac has been cleaned up a bit regarding the conditionnal inclusion of stdlib.h/unistd.h . RPMs are now built with largefile support, privsep and sysquotas by default. * Version 1.0.16b: PAM fixes. TLS should now compile on RedHat 9 that moved Kerberos headers to a specific directory. free(NULL) is ok => all code like "if ( != NULL) free();" has been simplified. Automake has been upgraded to 1.7.7, Autoconf to 2.57a. The sysconf prefix is now used for SSL certificates as well. We break'ed too early when trying to resolve host names in pure-ftpwho and the local host name couldn't even be resolved. The problem was introduced in 1.0.16 when the MacOS X Panther workarounds were implemented. Thanks to JG for his bug report. /usr/local/include, /usr/kerberos/include and /usr/local/lib are only added to CPPFLAGS/LDFLAGS if they actually exist. pure-ftpwho now outputs XHTML 1.1 conformant code in CGI mode. pure-ftpwho now properly escapes XHTML special characters. pure-ftpwho now announces the ISO-8859-15 character set in XML mode. Disable IPV6_V6ONLY by popular request by people lost with the need of the -4 switch on some operating systems. * Version 1.0.16a: Fix typo (sizeof_resolved instead of sizeof resolved) in src/bsd-realpath.c . Not a vulnerability because it happens in the good way, but it sometimes used to break uploadscript. * Version 1.0.16: An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse /etc/sysconf/pure-ftpd any more. Recognize the '##' prefix as a shadowed password - make authentication work on Solaris with shadow/NIS. Add back some random sleep() between authentication failures in addition to the exponential sleep. Zzzzz... sleeping is good in summer... Upgrade to automake 1.7.5. The list of options in the pure-ftpd(8) man page was reordered - Thanks to our beloved Claudiu Costin. SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h, configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New related commands were introduced : AUTH, PBSZ and PROT. Uploaded files are now removed when realpath() fails and bsd_realpath() was modified to fall back to getcwd()/chdir() if we can't get a descriptor on the current directory because it is not readable. It fixes pure-uploadscript on some platforms like MacOS X. HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born. A typo in the Python configuration file wrapper was fixed : -t was used in place of -y. MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill the buffer when no DNS entry is found for a host and a numerical result wasn't explicitly asked. As a result, Pure-FTPd didn't even start on Panther (saying "bad IP address") . We now check for EAI_NONAME if available and we retry with NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to Yann Bizeul for his valuable help on this issue. Implement a working strdup() replacement in puredb for systems lacking it. Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are generated by our own functions, we use MAXPATHLEN for the complete zero-terminated string. When a buffer is passed to a libc function, we reserve a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad surprises if an off-by-one ever occurs in a getcwd() like function. Don't use make_scrambled_password() in the MySQL backend because the API changed since MySQL 4.1. Removed fixed-size constant arrays in src/crypto.c because of MacOS X linker bugs (grrr...) . * Version 1.0.15: New translation : Turkish, contributed by Mehmet Cokcevik . PostgreSQL documentation templates have been fixed - At least User is a reserved keyword that needs quotes. Thanks to Henrik Edlund . The maximal length of an account has been bumped a bit (42 chars), and that size is now consistent across functions through the MAX_USER_LENGTH macro. Thanks to Darth Vader (freddyke) for suggesting this. The comment about the location of the config file in the RedHat init script was synced with the new location. Tokens in the configuration file are now case independent. Automatic creation of home directories was fixed. Thanks to Anthony DeRobertis for the fix. A typo in quota handling was fixed. Cable & Wireless NL is now WideXS and their mirror seems to be working again. Always fill descriptors 0/1 in order to make pure-uploadscript actually work when daemonizing. Thanks to Joerg Pulz for pointing this out. Don't open pipes with O_NDELAY, some systems don't like it at all. As a side effect, the server will now wait until pure-uploadscript is actually started before accepting connections and this is a _good_ thing. The server load is not displayed any more, by popular request. The version number isn't displayed any more as well. GNU's getopt_long() has been replaced by an OpenBSD derivative. --without-longoptions has been removed. We keep the old macros and #ifdef though, just in case we want to improve the minimal mode later. New unofficial macro : DISPLAY_FILES_IN_UTC_TIME to display directory listings with UTC times. The danish translation was updated - Lyberth. pure-pw now returns error codes. WIN32_ANON_DIR can override the default anonymous FTP directory on Win32. Fix "pure-pw usermod -y" by introducing has_per_user_max. New subcommand : "pure-pw list", that summarizes available accounts in a puredb. Enlarge TCP window as it was a long time ago. It brings better performances on BSD systems. Define NO_TCP_LARGE_WINDOW to disable. Try to early detect timeouts by checking whether select() returns 0. Don't try to reduce capabilities if we obviously can't because the server has not been started by root. Pure-FTPd is now 100% covered by the BSD license. * Version 1.0.14: Use random() if available, not rand() for fortune cookies. Remove broken lseek(fd, -1, 0). When writing to clients data sockets fails, the client probably hung up. IE, for instance, doesn't seem to properly abort transfers and say "QUIT" when a transfer is canceled by the user. So, log MSG_ABORTED instead of MSG_DATA_WRITE_FAILED. Check whether we are inside a Virtuozzo virtual environment and disable sendfile() if this is the case. Thanks to Kittiwat Manosuthi for his help on this issue. Automake has been upgraded to version 1.7, autoconf to version 2.57. Introduce privsep.h, privsep_p.h, privsep.c and --with-privsep. Drop capabilities after the call to nice() because we need CAP_SYS_NICE. Don't waste time with in dopasv() to get the name of the socket we just created. Add "ptracetest". Enable __EXTENSIONS__ and _XPG4_2 on Solaris in ./configure.ac Also check whether a client has gone away by testing xferfd and introduce safe_fd_isset() that just works like FD_ISSET() but doesn't choke when the descriptor is -1. It fixes bus errors on FreeBSD. Add force_passive_ip_s in order to store the argument of -P. Passive IP addresses are now resolved in doit() for every new connection, by popular request. It means that "-P ftp.example.com" now works, even for dynamic addresses. Split the function that creates an active data socket into two parts : doport2() and doport3(). doport3() actually creates it, doport2() does other gadgets like checking for FXP, etc. Carefully check whether we have OpenBSD/MicroBSD-like MD5/SHA1 functions in libc and not an incompatible variant like Cyrus SASL. The "Welcome to Pure-FTPd" decorations were replaced with something more neutral. Introduce ISCTRLCODE() instead of doing it by hand every time and properly reject Unicode control chars while we are at it. New contrib : Webmin module, by La Shampoo. * Version 1.0.13a: Fix pure-config.pl with old versions of the Perl interpreter. Fix compilation with PostgreSQL, thanks to Sakari Tanhua . * Version 1.0.13 : Swap simplified and traditional chinese settings. Reported by Ying-Chieh Liao . Ignore ESTA if a passive IP is forced or the NAT mode is enabled, because the private address is probably meaningless. README documentation improvements, contributed by Jeffrey Lim Avoid NGROUPS_MAX when possible - Idea from tuxfamily.org CVS tree. LDAP schema changed to work with newer OpenLDAP releases. New LDAP directives : LDAPFilter, LDAPHomeDir and LDAPVersion. Be a bit more heavy when creating home directories, it should solve troubles users had with path containing extra slashes. Try again when the pipe can't be opened in pure-uploadscript. New --with-boring switch (BORING_MODE macro) . Fix sendfile() support on Solaris, thanks to Emmanuel Hocdet Add uptime support for pure-mrtginfo on FreeBSD. Contributed by Ying-Chieh Liao . Fix error when deleting files with an absolute directory when quotas are enabled. Contributed by Johannes Erdfelt . dobanner() rewritten. It's now the same code to display .message and .banner files and the content is sent line by line. We can't afford to load everything and simply call addreply_noformat(), because if a banner starts with a digit, it would be complicated to insert spaces to be RFC conformant. Fix typo in the example configuration file (pureftp -> pureftpd) . Reported by Kyle Herbert (http://www.firstnetimpressions.com/) . Spanish translation updated (Lluis) . Chinese translation updated (Fygul) . There's now an unique official spelling : "Pure-FTPd". Autoconf 2.54, Automake 1.6.3. Move getloadavg() and similar functions to getloadavg.{h,c}. Get the 5-min load average, not the instant load. Raise the default maxdiskpct from 90% to 99%, as many people don't figure out why they can't upload an ISO image when there's 700Mb free on a 7Gb partition. Relax permissions enforcement in dochmod() when quotas are enabled - Thanks to Claudiu. Introduce checkprintable() function in ls.c : don't display files whose name contains characters < 32. Contributed sfv-crc-check has been removed (people reported that it simply doesn't work) . PAM sample fixed : ftplockout should really be ftpusers. Add some common system accounts by the way. More flexible RPM spec file, contributed by Johannes Erdfelt . New translation : Czech, contributed by Martin Sarfy . Merge Clive Goodhead's patch to implement MYSQLDefaultGID and MYSQLDefaultUID and port it to PostgreSQL. pure-config.pl has been completely rewritten in a clean way by Aristoteles Pagaltzis . New contrib : pure-vpopauth.pl . Remove backtitle in gui/build.sh, it breaks radio lists on some dialog versions. Enable --without-ascii by default on Win32. It means that text files must be in Windows format (CR+LF) on the server, no more in an Unix fashion, or clients will get bare LFs (and intelligent clients will switch to binary mode, so files sent in Unix format will be retrieved in Unix format - great) . redhat.init now uses pure-config.pl as different configuration files was confusing people. * Version 1.0.12 : Style : opt_l_ is now an argument of donlist() - no more need to set up the global variable before calling the function. A (fake for now) ACCT command has been added. Maybe it will solve a conflict with some versions of Fetch for Macintosh. NLST and MLSD should be able to handle only one file. Don't split file names, don't parse options. Reported by Martin Hedenfalk. Support for sendfile() on HPUX and sendfilev() on Solaris. Contributed by Kenneth Stailey. Don't display "you are user number 0". Check whether we have pread() in configure.ac . Remove dead scoreboard files in pure-ftpwho, even those whose status isn't marked as free. New translation : Russian. Contributed by Andrey Ulanov . New translations : simplified and traditional Chinese. Contributed by Fygul Hether . New IPv6_OK message to tell people when a server also accepts IPv6 connections if DISPLAY_IPV6_OK is defined. In extauth, there's no more need to fill fields except auth_ok when authentication is refused (auth_ok = {0,-1}) . uid/gid/dir are only checked with auth_ok = 1. It's then easier to chain other authentication modules. Linux binaries will now be linked against GlibC 2.2.x . Use the non-root mode for the Windows port. Don't forget to retrieve LDAP_FTPUID and LDAP_FTPGID when fetching LDAP info. Introduce closedata() to close the data socket. It avoids duplicate code. opendata() now returns void : the result is in the xferfd global. fakesnprintf() now supports %c. Implement FTP Data Connection Assurance (http://www.ietf.org/internet-drafts/draft-ietf-ftpext-data-connection-assurance-00.txt) Buglets fixed in the PostgreSQL documentation. Pure-FTPd User Manager added to the contribs. Add exponential delay after a 'cd' failure. Suggested by Jim. * Version 1.0.11 : New translation : Norwegian. Contributed by Kurt Inge Smċdal / EasyISP.org . Fix typo (RATIO->RATIOS) in log_extauth.c and ratios are now working with the extauth module :) Autoconf upgraded to 2.53 . PAGE_SIZE can be non constant. So we try to get it with getpagesize() or sysconf() . PAGE_SIZE and MAP_SIZE have become page_size and map_size. Thanks to brad at openbsd.org . Dutch translation updated - Johan Huisman Typo in log_extauth.h (bandwidth -> bandwidth) . Fixes throttling with extauth. Reported by iTooo . Italian translation updates (Alex Dupre) . Workaround against Solaris streams bugs - Kenneth Stailey. getspnam() is now probed in addition to in order to find whether shadow passwords are available - Kenneth. Check for setreuid/setresuid/setregid/setresgid is seteuid/setegid aren't available. Use them in place of seteuid/setegid if necessary - Kenneth. Fixed a typo in the previous line - Brad :) Use pstat_getdynamic() to get the load average if available. It works on HPUX - Kenneth. Use pstat() to change the process title on HPUX - Kenneth. Cosmetic cleanups (tabs instead of spaces, etc) . The good'ol poweredby.jpg logo has been replaced by pure-ftpd.png, the new official logo contributed by Gabriele Vinci . We now have plenty of FTP mirrors, see the end the README file. * Version 1.0.10 : GCC updated to 3.0.4. Automake updated to 1.6. configure.ac has zapped deprecated constructions. Autoconf updated to 2.52i. Autoconf doesn't like conditional *_LDFLAGS in Makefiles any more. Probe for *postgresql* in addition to *pgsql* to find include/lib paths for PostgreSQL (configure.ac) . *reply() functions rewritten from scratch: simpler code, no more recursivity (makes Solaris happy) and faster processing. Accept '..' in file names in fakexlate() . Use addreply_noformat() whenever possible (speedup). New switch : -Z (--customerproof) . Right now, it adds | 0600 or | 0700 to chmod commands to avoid users locking their own files. Additionnaly, we now try a traditional chmod() call if fchmod() fails. There's a race here, but no security trouble to fear. Reported by Mark Reidel Spec file fixes, contributed by Jose Pedro Oliveira PureDB binary search could fail with -1 as a slot number - fixed. * Version 1.0.9 : Korean translation updated. Spanish translation updated. Slovak translation updated. Load average is now checked on Irix - Contributed by Florin Andrei and Chan Wilson . Make the PAM example more generic. -Thorsten. External authentication modules can now be compiled in even when ratio/quotas/throttling aren't enabled. -reported by pierre at epinetworx.com . /dev/*random devices can now be probed at run-time when PROBE_RANDOM_AT_RUNTIME is defined. Suggested by Kenneth Stailey. Remove loop alignment in minimal mode - GCC doesn't like it on Solaris. Enabling the non-root mode now implies virtual chroot. - Some big improvements to the non-root mode. Almost all features of the root mode are now working. SITE ALIAS buglet fixed - Kenneth. Parse a.b.c.d IP addresses (without /netmask) and blah.blah.blah (hostnames) in log_puredb access/deny rules. Suggested by Maxnerd. Autoconf updated to 2.52h. Don't drop CAP_CHOWN before login completion, so that on-demand directories are chown()ed to the right user when capabilities are enabled. fake* files are now under a BSD license. The PgSQL backend now accepts 'any' and 'md5' keywords for the password hashing - Contributed by Bjoern. External authentication modules are now working on non-Linux systems : we were sending every line from log_extauth to pure-authd in separate packets to the local unix socket, but we were only reading a single packet then. Now, we also group everything to a single packet before sending the data. Merge Ben Gertzfield's extended LDAP schema. AtheOS is unfortuntely gone from the list of supported OS because it lacks mmap(). Invalid SQL queries are now logged in order to help debugging. * Version 1.0.8 : Set errno in fake functions. Get rid of rd_len, rename rd -> root_directory, always ensure that it has a trailing '/' to simplify further code. Recognize the /./ hack for anonymous users ('ftp' account). Contributed by Teo de Hesselle . Strip leading / in fakechroot (just to be coherent with the trailing / now in root_directory) . Have the non root mode work with virtual chroot. People are restricted to the directory pure-ftpd was started in. Fix compilation on AtheOS. Allow pure-quotacheck to run as a non-root user (suggested by Philip Mak ) . Merge realpath() replacements from OpenBSD-current, because some Solaris libC have a broken realpath() implementation. Support for MD5 hashed passwords in log_mysql. Contributed by Nicolas Doye. Force a minimum of 64k i/o buffers. Get rid of the ugly daemons.c inclusion in pure-mrtginfo.c . Merge the W3C log format - contributed by Thomas Briggs . Add initsupgroups() function and always call initgroups() *BEFORE* chroot. An important fix pointed out by Adam Kruszewski (Fantomik) and Wojtek "elluin" Kaniewski. Add CAP_SETUID if we're on a system with Linux capabilities, but no setfsuid() call. Who knows, there are maybe very strange GlibC. New switch : -G (--norename), new global : disallow_rename . sizeof(FTPWhoEntry_.filename) increased in ftpwho-update.h . Reply with 530, not 550 when user isn't logged in. Reported by Philip Mak . Follow symlinks in pure-quotacheck. We need this to support virtual chroot. Remove extra "." in "Entering passive mode" message to please some very old BSD kernel proxies. Reported by BigAndy. Open descriptors 0,1,2 (->/dev/null) in forked uploadscripts, just to please some programs that are crashing when they can't write to stderr (example : Unison) . Add a fakechroot version of realpath() so that altlog works with absolute file names. New FAKECHROOT_EXCEPTION macro to avoid I/O wrappers. -Used in bsd-realpath() . Cygwin doesn't have a working initgroups() call (always returns -1) => don't abort if the call doesn't succeed. Also, have getpwnam() and getpwuid() always return the same fake values on win32. Speedup : chroot("/") means no chroot at all, no need to wrap I/O functions in that case. mode_t is an unsigned short on MacOS X, so it's promoted to unsigned int - take care of that for fakeopen() mode. Fix throttling in ASCII mode - the nowait condition is o >= st.st_size, not left > skip. Log passwords when the server is compiled with DEBUG. Remove TVFS conformance announcement (FEAT command) when virtual chroot is enabled. Fix bashisms/zshmisms in configure.ac and links OpenSSL if needed with OpenLDAP. Contributed by Ben Gertzfield (che_fox) . Merge pure-authd and the 'extauth' external authentication handler. Relevant files are man/pure-authd.8, src/log_extauth* src/pure-authd* . Undefine fakechroot macros before their definition, it shuts the compiler up on Solaris. * Version 1.0.7 : Use /dev/arandom and random() instead of /dev/urandom and rand() when possible. Suggested by Brad Smith . Korean translation updated (Im). GCC upgraded to 3.0.3 for binary packages. Don't chroot to /etc/pure-ftpd//. , but to /etc/pure-ftpd/ for virtual users. Virtual chroot didn't like it. RPM packages can now be built with LDAP, Mysql and PostgreSQL. Contributed by Ben . Directory aliases (DIRALIASES macro, diraliases.{c,h}, minor tweaks to ftpd.c (docwd) and ftp_parser.c (site alias)) . Contributed by Kenneth Stailey . Cindy has moved. Add a fake chroot wrapper for stat[v]fs[64]() and rm/mkdir. Check directory, not file for stat[v]fs[64]() - Option -k should really work now. Don't count .ftpquota in pure-quotacheck. Reported by Jan Pavlik. * Version 1.0.6 : New fakechroot.{c,h} files. They contain wrappers for most I/O functions to emulate chroot and follow symbolic links. PostgreSQL support, based upon log_mysql. Known issue with virtual chroot (FIXME) : files with ".." in their names are denied. Danish and Korean translations updated. Typos were fixed in the Polish translation (contributed by Mariusz Pekala ). Check for libelf before libkvm in Autoconf (Kenneth) Don't enable TCP_NODELAY any more on the connection socket. FTP Explorer doesn't like it. Don't assume that crypt() always returns non-NULL pointers. Thanks to Paul for his help on that issue. New translation : Swedish (messages_sv.h). Don't clear dot_{read,write}_ok when quotas are enabled. Instead, check for enabled quotas in checknamesanity() and refuse everything with ".ftpquota" in it => ok because only 'ls' performs globbing. * Version 1.0.5 : Rename and delete operations are now syslogged. Strange characters are now stripped from .banner/.message files. Unofficial macros to give more power to anon users : ANON_CAN_CHANGE_PERMS, ANON_CAN_DELETE, ANON_CAN_RESUME and ANON_CAN_RENAME. Return 550 when an upload excess quota. New unofficial macro : LOG_ANON_EMAIL . File deletion and rename are now logged. [v]snprintf() replacements have been totally rewritten. Accept multiple ip/mask filtering rules in the puredb backend. The load average can now be read on Solaris < 2.6 (where getloadavg() isn't implemented) . Contributed by Keneth Stailey. Documentation updates (FAQ and pure-ftpd man page), translation updates. Autoconf updated to 2.52g, Automake to 1.5b. * Version 1.0.4 : Clean up pure-config.pl and use Perl's exec with an array, circumventing the system shell. (Gives less surprises with strange characters in the config file, is also more efficient.) (Matthias) Clean up pure-config.py and use os.execv, work done by Joshua Rodman. Thanks a lot. Autoconf adjustments to pure-config.py by Matthias. Fix configure.ac to use ":" in the path to AC_PATH_PROG rather than " ", add PYTHON search, declare PERL and PYTHON precious, if not found, default to /usr/bin/env , add pure-config.py to AC_CONFIG_FILES. (Matthias) Close descriptors in pure-ftpwho (paranoia. I wasn't able to change any ftpwho file even without this -j.) New ADD_EXTRA_GROUPS_TO_ANON unofficial macro to enable supplementary groups for anonymous users (disabled by default) . Accept 2000 chars long .message files even on systems where MAXPATHLEN is very low (e.g. Irix and FreeBSD) . Contributed by Michael Glad . Recognize "p@sw" as a synonym for "pasv" to bypass SMC Barricade mangling. Fixed compilation on Corel Netwinder devices (Gareth Woolridge). Allow EPSV when IPv6, regardless of the broken compatibility flag. A workaround for buggy Autoconf versions was added in configure.ac (AC_PATH_PROG didn't work when the path wasn't a variable : IFS was set but it wasn't effective without any substitution) . Have dodele() handle unlink() errors even when virtual quotas are enabled. Also, the stat() (that was changed to lstat())/rename() race was fixed by an additional lstat() on the destination file. simplify() has been moved to ftpd.c . We call it for mkd/rnto/stor file names before stripping spaces, just to be a bit more annoying with warez players. VUSERS stuff was removed. It has been obsoleted by the puredb backend. New FAQ file. The ML address has changed to pureftpd.org/ml instead of a direct link to SF, just in case we move to something more reliable. * Version 1.0.3 : New ASCII conversion function (doasciiwrite()), faster, easier and less buggy than the original one. And it fixes a funny compatibility issue with Homesite. Look for perl in /usr/bin before /usr/local/bin (better to build RPM packages) . Don't forget to remove libsafe before building binary packages :) New unofficial macros : DISABLE_MKD_RMD and DEFAULT_TO_BINARY_TYPE. * Version 1.0.2 : Upgraded to Autoconf 2.52f. Disallow rnto to existing files when quotas are enabled. Not for nonexistent files. Don't use setfsuid() when system quotas are enabled -> undef HAVE_SETFSUID_H in ftpd.h if SYSTEM_QUOTAS if defined. Always restrict the size of chunks for downloads when ftpwho is enabled. Parse every component of the path in create_home_and_chdir(). Include some more (v)snprintf() implementations, using vfprintf() and _doprnt() . Needed for Tru64. The upload pipe now receives upload info as follows : \002username\001filename\000 . That way, virtual user names can be read. PureDB is now covered by a BSD license and it was upgraded to version 2.0 . Don't forget the -k option in Perl/Python parsers. * Version 1.0.1 : Enable keepalive on data sockets, disable ndelay. Downgrade to autoconf 2.52. Fix 'left' value when throttling is enabled in doretr() with sendfile() . Add --without-nonalnum / PARANOID_FILE_NAMES. New funny french messages. Quota fixes when uploads are aborted. New dostor_quota_update_close_f() function. Yeah, what a nice and long name :) * Version 1.0.0 : Remove the last dynamic array in dostor(), use ALLOCA instead. Solaris considers mmap()ed region as char * instead of void *. Add explicit casts to shut up the compiler. Add CallUploadScript in pureftpd.conf sample. Support Base64-encoded MD5/SHA and salted MD5 (SMD5) and SHA (SSHA) LDAP passwords. Updated danish translation - Lyberth. Updated polish translation - Arkadiusz. New messages_sk.h and messages_kr.h translation files. Renamed messages_sp.h -> messages_es.h . Separate {bandwidth,quota,ratio} changed pairs in AuthResult. Accept @ for LDAP logins. Have pure-uploadscript write a /var/run/pure-uploadscript.pid file. Irix portability fixes, thanks to Florin Andrei . MLST/FEAT conformance fixes. PAM fixes (Thorsten). Get rid of the dot_ok global. Have the main server delete ftpwho files. Check for statvfs64(). Spec file improvements (Bernie). keepallfiles = 0 when users belong to the trusted group. Disable quota for anonymous users. Fix various compiler warnings (Matthias). Have pure-pw support puredb files even when the server hasn't been compiled --with-puredb. Suggested by Arkadiusz. New --with-sysconfdir configure switch. Suggested by Arkadiusz and Matthias. Don't strip spaces in commands, unless SKIP_TRAILING_SPACES is defined. It was an historical behavior but it breaks spaces before and after file names, passwords beginning with spaces, etc. Thanks to Andreas Piening for helping to solve that issue. Replace extra spaces around uploaded file names (and rnto) with '_' to avoid stupid practices of warez folks. New message files format checker (messages_check.pl) provided by Matthias Andree. Add mysnprintf.{c,h} wrapper for brain damaged snprintf() implementations. Refuse rename() with --keepallfiles. Upgraded autoconf to 2.52d. Get rid of acconfig.h . Changed configure.ac trailer - Contributed by CmdrTaco of Slashdot (only two people know why... this is the mystery of pureftpd :) Misc. nice cleanups everywhere (Matthias, Bernhard, Jason, Arkadiusz). Upgraded to gcc 3.0.2 for binaries. Don't increase size quota when overwriting existing files - Reported by Eric . * Version 0.99.9 : Complete rewrite of src/*ftpwho*. We now use a scoreboard directory (/var/run/pure-ftpd) with mmap()ed structures instead of SysV IPC. It might be a bit slower than IPC, but it's definitely more reliable, it doesn't need any OS tweaking, it's simpler code, etc. Support the service part in getnameinfo() emulation code for pure-ftpwho. Ansified bsd-glob* and gnu-getopt* . Avoid a clash for struct statfs between sys/vfs.h and sys/capability.h . Consider negative filedescriptors as valid (prepare for O_DIRECT). -H is now a synonym for -n in pure-ftpwho. Use safe_write() when possible instead of plain write(). Much efficient buffering code in ls.c . New -m switch in pure-pw. New environment variables for the default path. Refuse atomic replacement of files when quotas are enabled. Accept pure-pw mkdb without any further argument. New pid_file glob. Documentation fixups. Contributed by James Metcalf and http://www.php4hosting.com/ . * Version 0.99.4 : Change uploaded and downloaded to unsigned long long. Display file sizes as unsigned long long in src/ls.c. (Thorsten/Matthias) RPM improvements. (Thorsten) Chroot everyone by default in pure-pwconvert. Refuse 0Kb bandwidth for throttling in pure-pw. Reported by Ben Weir. * Version 0.99.3 : Don't include users that don't have a valid directory in pure-pwconvert. Old versions of MySQL (<= 3.22.x) are now supported. mysql_real_escape_string() wasn't implemented. We now just check this in configure and fallback to mysql_escape_string() if necessary. Fixed RPM building with PAM, thanks to Sergey Mihailov. Add PureDB to configuration file wrappers, thanks to Sergey Mihailov. Include sysconfig sample in RPMs. Support MySQL's password() hashing function. Contributed by Robin Ericsson. Dutch translation updated (Johan Huisman ) . New keyword in mysql config : MySQLTransactions. Reject new uploads if user_quota_files/size > quota->files/size . dynamic.c rewritten in a simpler way. Allow @ and : in MySQL login names (Contributed by Arkadiusz). Add ratios and bandwidth to the MySQL backend. Accept the "any" keyword for MySQL auth. Don't if...else if crypto schemes. Try them all in order instead. (src/log_mysql.c) Duplicate the content of environ instead of nullizing it. Longer, but it helps pure-ftpd work on older C libraries (libc5). Individually check IPv6-specific functions and macros. Some systems e.g. MacOS X have a partial implementation (getaddrinfo() without getnameinfo()) . Check for SysV semaphores and don't enable ftpwho on operating systems they are missing on. Really support extended DES hashing. Cleanups to german messages, more informative message for PASV usage with IPv6. (Matthias Andree) . Strip extra info in gecos (src/pure-pwconvert.c) . Add IP filtering and time restrictions to log_puredb/pure-pw. New SQL digraph : \D. * Version 0.99.2a : When quotas were enabled, but no quota was specified, uploads were always truncated to 0 bytes. It has been fixed. * Version 0.99.2 : Upgraded Automake to 1.5. New translation : dutch. Fix --createhome option, reported by Lan Yufeng. New quotas.{c,h} files. Fix compilation when MySQL stuff is installed in /usr . Remove host name in the minimal banner. Add [NOTICE] and [DEBUG] qualifiers to logfile(). New DONT_LOG_IP macro, force '?' into host global. Some operating systems (at least Solaris > 2.7 and FreeBSD < 4.3) have strange troubles with reusing TCP ports, even when SO_REUSEADDR is enabled. Although it is an OS issue, we try several unassigned privileged ports as a workaround for active connections. The last ressort is to let the OS assign a port. But you can filter everything >1023 on your firewall if you feel paranoid (and fix the server OS) . New unofficial macro : ANON_CAN_RESUME, to authorize anonymous users to resume transfers. New -n / --quota option. New program : pure-quotacheck. Merged the PureDB package. RPM can now be build with PAM support, thanks to a new variable called con_pam. Contributed by Juan Pablo Gimenez Add a "password" attributes to the PAM sample. Stat the / directory and compare it with what we are chmod()ing. If it's the same inode/device pair, enforce read+exec+write rights for the user. Use AF_UNSPEC as a family instead of AF_INET/AF_INET6 when getaddrinfo() is called with AI_PASSIVE. All authentication stuff has been moved in src/log_*.c files, including what's needed to parse/allocate/free related structures. All modules have the same hooks, grouped in a new structure : Authentication . Semantic change for AuthResult.auth_ok : 0 means a soft error (user not found, or server temporarely down), -1 means hard error (bad password), 1 means ok. To be secure, we fall back to the next authentication method only on soft errors. Also, AuthResult objects are now passed by address to authentication handlers. New --with-puredb switch in the autoconf script. New files : src/pure-pw.{c,h} man/pure-pw.8 Disable TCP_CORK, some Linux users reported strange behavior because of this. Disallow crazy chunk sizes for uploads, to save our beloved stack, especially when throttling is enabled. Thanks to Daniel Tschan. Made zrand() returns an unsigned int, so that zrand() % xxx is always positive. New files : src/log_puredb.{c,h} Scan several common paths for pure-ftpd in pure-config.pl. New pure-pwconvert tool, suggested by . * Version 0.99.1b : Fix access problems to remote MySQL servers. - Thanks to John Hart. New program : "pure-statsdecode" to convert timestamps into human- readable dates in "stats" logfiles. Add peer info to authentication (pw_*_check()) functions. When MySQL or LDAP are enabled, add additional groups of the system uid. Made LDAP attributes more configurable (macroized strings in log_ldap.h) . New digraph for SQL substitions : \R (remote IP) . New fields for the LDAP configuration file parser : LDAPDefaultUID and LDAPDefaultGID. Updated the LDAP documentation. Check that programs linked against mysqlclient can run in configure.ac . Because some people forgot to add libmysqlclient.so in the configuration of the dynamic linker. New create_home global, new --createhomedir/-j switch, new create_home_and_chdir() function. * Version 0.99.1a : New alternative logging format : "stats", designed for the ftpStats application. Cosmetic fix with ratios. New -K / --keepallfiles directive. Workaround for broken clients that don't properly end up their command lines. * Version 0.99.1 : Don't call uploadscript on downloaded files when CLF logs are enabled. New SNCHECK macro to check snprintf() return values. Older implementations return -1 for overflows, while C99 dictates that the number of chars that would have normally be written should be returned. So, we check the implementation in configure.ac and define this macro to do the right thing. Don't try to read /dev/urandom when chrooted. CORK and NODELAY can't be used together. Support pipelining (fixes lftp async mode). Changes of process names are now properly handled on Linux - Thanks to Juergen Henge-Ernst. Split Unix auth stuff into log_unix.{c,h}, new AuthResult structure. Properly report download progression and speed in pure-ftpwho. The problem was in sendfile() downloads, when both FTPWHO and THROTTLING were defined (&& instead of || in the test... stupid failed optimization) . Fix getnameinfo() emulation by passing a valid IP address to gethostbyaddr() . Allow LDAP path override. Disallow root uid/gid in LDAP. Document that adding "shadow" to PAM sample rules can fix some hardened distributions, suggested by Joe Silva. Use statvfs, not statvfs64 for large files on Linux when __REDIRECT is defined. Externalize zrand(). Merge MySQL authentication. Fix throttling + large files. * Version 0.99b : Check socket/resolver libs in configure.ac before socket-related tests. It fixes LDAP compilation on Solaris. Pad the day to two characters in CLF. Downloaded/uploaded files are now logged with LOG_NOTICE priority. Add --without-sendfile configure switch - sets DISABLE_SENDFILE macro. Disabling sendfile is useful on some OS with some filesystems that don't support zero-copy transfers like SMBFS on FreeBSD 4.3 . Merge hash functions : crypto.{c,h}, crypto-sha1.{c,h} and crypto-md5.{c,h} Renamed pam_ftp_check() to pw_pam_check() . Don't display group list in minimal mode. Fill in the uid/name cache after an authenticated login. Minor RPMs improvements. -Still not a relocatable package, though- Fix non-root mode : don't dereference pw in dopass() if NULL. Include the BSD license in COPYING. * Version 0.99a : Always display the local IP and port with pure-ftpwho -v. Don't log an extra \001 is CLF output, properly report negative time zones, zerofill hour/min/sec to 2 digits. * Version 0.99 : New README.Debian file. Fix ls -C arithmetic error with long file names. Reported by Old Mole. Corrected the german translation for grammatical/spelling errors, translated missing messages. -Contributed by Bernhard Weisshuhn. Danish translation. -Contributed by Isak Lyberth. Log login attempts with disabled accounts. Admin can still check what's wrong even --with-paranoidmsg . The new message is MSG_DISABLED_ACCOUNT. Improved pure-config.pl.in : extra parameters can be added in command line. Fix throttling on FreeBSD : BSD sendfile() returns -1/0 , not the number of transmitted bytes. Show s/S/t/T flags in ls -l - Suggested by Bernie. Removed --without-chmod, added -R options. * Version 0.99pre2 : Fixes to make pureftpd compile on Solaris 7 and 8. Warning: untested. Large file support may be broken. Minor robustness/warning fixes. "ftp" can be used as a fake shell, no need to add it to /etc/shells. Documented that anonymous FTP needs an "ftp" account in an LDAP directory - Thanks to Adrian Zurek. Fixed a typo in pure-config.pl : UserBandwidth handled $2 not $1 - Thanks to Vincent the Herisson Upgraded Automake to 1.4p5 and Autoconf 2.52. Renamed deprecated configure.in to configure.ac . RPM fixes - Contributed by Oliver Soell More accurate throttling, don't only check seconds, but also usec - Contributed by Frank de Bot. Don't log client crashes as timeouts - Reported by Matthias Andree. Stop if --with-pam was specified, but PAM headers are missing. Add %s in die() - Thanks to Matthias Andree. New logpid global - Matthias. Added PARANOID_MESSAGES macro (see src/messages.h) Have RNTO work when the target file name already exists - Reported by Bernhard Weisshuhn. Allow transfers through sendfile() longer than , needed for very large files transferred over slow links (odd idea, but why not) . Changed the trustedgid behavior when the /./ trick is used : members of the trusted group *are* chrooted, but they have no ratio and dot-files are allowed. Added --with-paranoidmsg compile-time option to enable PARANOID_MESSAGES. Implemented alternative IPv6 functions for backward compatibility with old IPv4 only stacks. Check out src/ipv4stack.* and the new OLD_IP_STACK macro. We assume the stack is IPv4-only if getaddrinfo() doesn't exist. Display version number in '-h'. New files : altlog.{c,h} New option : -O / --altlog , new macro WITH_ALTLOG, new globals altlog_*, new autoconf switch --with-altlog . Try to use ALLOCA in internal statement blocks instead of local fixed-size arrays. The result is the same and the source code is a bit more complex, but it saves stack space especially on path names. Minor code cosmetic cleanups (I really hate if/loops without braces) . Improvements to the FreeBSD port : LDAP can be compiled in. List KcmPureftpd in README.Contrib . New --with-bloat^H^H^H^H^Heverything autoconf switch. Added NO_PROCNAME_CHANGE macro just in case people don't want processes to change name (workaround for a bug on older glibc) . Return 550 instead of 530 when CWD fails. Silly broken clients like AbsoluteFTP choked on this. Don't assume that no sendfile() implies support for large files. * Version 0.99pre1 : Have MSIE open an authentication dialog when anonymous users are forbidden (-E) in compatibility mode (-b) . Don't CORK_OFF a bad file descriptor in error() - Reported by Sami Farin. Don't reply with PASV/SPSV/EPSV when -N is enabled. Don't forget to initialize gl_pathc and gl_pathv in glob_() - OpenBSD didn't like it. Fixed typos in documentation. * Version 0.98.7 : gui/build.sh improvements by Peter Pentchev. Correct typo in the pure-uploadscript man page. Always parse the last element in upload ASCII conversion. Reduce the random tapping delay, some users find it annoying. More parser cleanups and optimizations. Don't glob any more for chmod and dele. Follow symbolic links for downloads. Made autorename an argument for dostor() for dostou() atomicity. Minor optimizations for passive port computation (to be paranoid, we never rely on OS port assignment, so give up the old TrollFTP code) Replace since -> xfer_since in pure-ftpwho to avoid FPE. Add even a signal handler, just in case. Never forget to check that shm_data_cur is != NULL before dereferencing it. Wait a bit when MAX_THROTTLING_DELAY is reached. Don't make PAM sessions failures fatals. And don't even try to open a session when WITHOUT_PAM_SESSION is defined. * Version 0.98.6 : Properly truncate uploaded files, even if restartat == 0. Added MSG_NO_ASCII_RESUME. * Version 0.98.5 : Recognize ADAT command for Kerberized Fetch 5 (Macintosh). Added a contrib/ directory and README.Contrib. Minor Autoconf and code cleanups. Debian package updates - no more hang at end of the install procedure. Open PAM session (patch by Sami Koskinen ). It looks like some OS/C libraries don't like to share syslog descriptors. To be safe, we have to reopen the syslog for each client, grr! Disable auto login (handy, but buggy clients sending fancy commands before authentication choked on this) . Disable the 'man page segfault' humor :( Fix largefile compilation on Linux (reported hy Andreas Westin). Don't wait for throttling when download is completed. Use statfs() and getloadavg() on *BSD. Don't keepalive, don't linger. Don't forget to parse the last element in pure-ftpwho (reported by Brandon Covert). Merge the virtual host login code with the regular login code (suggested by Chris Mentjox . ftp_parser.c/sfgets() rewritten to optimize read() calls. Use the same policy to forbit dot-files for cd and for other commands, for consistency and to ease migration from other servers. Don't unlink() partially uploaded files unless user is anonymous. Add fillenv() and newenv_*() in pure-uploadscript.c Skip initial \n in banners. Rewritten upload acceptation to avoid duplicate code and possible races. Externalized some functions to save stack space. Add non_noupload global and the -i flag. Don't chmod 600 incomplete uploads. I will miss that feature, but some people don't like it and pure-uploadscript may be a better alternative for integrity checking. New trustedip global, that contains the trusted IP address allowed to accept non-anonymous connections. WITH_VIRTUAL_HOST macro to #ifdef the virtual hosting code. Check for statvfs_t, security/pam_misc.h and sys/loadavg.h for Solaris. * Version 0.98.4 : Slightly reduce the password delay if PAM and LDAP aren't enabled. Open the syslog as soon as possible (before accepting client connections) . It solves the nasty long-standing syslog-output-in-client-fd bug. Don't localtime(NULL), it crashes under FreeBSD. * Version 0.98.3 : Close listenfd, but close(2) only if it's a tty (maybe it's an uploadscript descriptor) . Save errno in signal handlers. Paranoia : introduce a random delay after password entering. Disable signals in die() and sigurg(). This is just paranoia, the signal handlers are *not* vulnerable to the problems described in the Razor paper. Fix ls behavior, to list the content of the directory, not the directory name. * Version 0.98.2a : Upgrade to Automake 1.4-p2 and Autoconf 2.50. Accept "." in LDAP user names. Fix --sysloghack for Debian users (DEBUG was defined) * Version 0.98.2 : Portability : check for __ss_len, not only ss_len. New function for platforms without setfsuid() : usleep2(), blocking signals when we are sleeping. long double usage in pure-ftpwho, to avoid floating point exceptions. Upgraded to Automake 1.4-p1. Define syslog names if libc hasn't them. Check for nsl/socket/resolv requirements. Use statvfs is statfs is not available. Fix compilation against old OpenLDAP versions (1.x) . Added --without-globbing (also defined in minimal mode) . Check for sendfile() variants (Linux, FreeBSD or none) . FreeBSD (and possibly other OS with a similar implementation) can now use sendfile(). ABOR is now handled. We do this by intercepting SIGURG and by keeping the transfer file descriptor in xfer_fd (may be datafd or what accept() returned) . Added a restartat field in the ftpwho structure. Complete rewrite of sreaddir(). We're now using two distinct memory segments : one for metadata (struct FileInfo) and another one for file names. Also, stat()ing data is done when reading the directory content and kept in memory to avoid stat()ing again for displaying. And we have buffers grow instead of restarting. And we don't rely on the what st_size returns for the directory, that's useless and it eats memory for nothing. And ls -S works. To summarize, the new built-in ls rocks, it's way more efficient than the previous BSD horror. And it's portable. We stat() again for modern listing, though (MLST), because we need inode and device numbers and we have to deref links and MLST should be ready for extended attributes (like ACL), while sreaddir() shouldn't fill memory with extra info. Log virtual domains logins. Handle virtual domains in pure-uploadscript. Fix XML output (Jason Lunz) Solaris port and documentation. * Version 0.98.1 : Fix display of group listing for group names with white spaces and very long group names. Umask for dirs and umask for files are now different (umask & umask_d) . New --with-sysloghack flag. * Version 0.98-final : Added Spanish translation by Luis Llorente Campo . Added download_total_size, download_current_size, local_addr and xfer_date to the FTPWhoEntry structure. New output targets : shell (-s) and verbose ASCII (-v) . Paranoia : add more entropy to the zrand() function. Changed u_mask default to 133, uploaded files are now 777. bandwidth_throttling was split into bandwidth_throttling_ul and bandwidth_throttling_dl. Syslog is now opened after forking. It fixes the nasty syslog-to- clientconn bug due to dup2() and/or syslog mutex internals. Logging can be disabled with '-f none' . * Version 0.98pre2 : Don't use a fancy directory separator for recursive 'ls' because NcFTP chokes on this when mirroring. It's a pity. The previous one looked great. But we have to keep clients happy. Listen on IPv4+IPv6 by default even on OpenBSD. Minor optimizations (don't test for optarg != NULL, trust getopt() and use switch instead of else if to parse command-line options) . Renamed mrtginfo to pure-mrtginfo, because mrtginfo was too confusing and it could clash with other packages. Added pure-uploadscript and its man page. Added the '-o' option and the --with-uploadscript configuration flag. Documentation : added forgotten NATmode example in the pure-ftpd.conf file. * Version 0.98pre1 : Don't hardcode the pure-ftpd path in pure-config.pl (Peter Pentchev). Actually include the polish translation. Updated the Netfilter documentation. The EPSV/EPRT patch is no longer pertinent, because EPSV/EPRT support was merged in kernel 2.4.3ac14. Fixed welcome.msg typo (Thanks to Togusa). Increased the banner size to 2000. Support long options even if getopt_long is unavailable (especially for BSD) . * Version 0.97.7 : Upgraded to Autoconf 2.49e. Semaphores/shared memory perms should be & 0777 for FreeBSD. Merged polish translation (Arkadiusz) . Cleaned up headers includes. Added HTML and XML outputs to pure-ftpwho. Added pure-ftpwho man page. * Version 0.97.7pre3 : Changed 'killall -HUP xinetd' to 'killall -USR2 xinetd' in the README file (pointed out by Olivier Tharan ) . configure.in : fixed --without-ascii, add --with-welcomemsg. * Version 0.97.7pre2 : pure-ftpwho marks a slot as free is there is no associated process. Possible fix for a realloc() problem reported by Emmanuel Hocdet. Added dmalloc support. * Version 0.97.7pre1 : Block SIGCHLD before calling iptrack_add() . HAS_WAITPID is HAVE_WAITPID. Check for setproctitle (*BSD) . Reset restartat to 0 after a successful stor/retr (Jobush) . Don't open with LOG_CONS. Completed the romanian translation (Claudiu) . Added WELCOME_MSG_COMPATIBILITY hack. Optimization : only call setprogname if state_needs_update != 0. maxusers defaults to 50 and maxip to (1 + maxusers / 10) . ftpwho. Added --with-ftpwho. * Version 0.97.6 : Merged docwd/ls bounds checking for ~ expansion. Enable the '.banner' file for authenticated users. Cleaned up the man page. Added disallow_passive global. Optimized bsd-glob.c. * Version 0.97.5 : Cleaned up bsd-glob, no need for alternate directory functions. Replaced __ macro by _COMA_ to avoid conflicts on Tru64. Replaced \s by \s+ in pure-config.pl.in and pure-config.py (Emmanuel Hocdet) . Properly probe next ports if a random port can't be bound. In dostor(), get the file size is in 'filesize', not in the initial stat() call. Added the '-4' option. Updated the 'Contributors' part in the man page. Removed leading space in dosize() result. Added u_mask global. * Version 0.97.4 : getgroups() should always be called *after* seteuid()! The BSD port broke this. * Version 0.97.3 : Always log the speed, whatever it is (suggested by William Kern(el panic)) . Always display the current number of clients in the initial banner. Always chdir() before chroot(). Use of instead of -D for cleaner compilation (contributed by Jason Lunz). Clear arguments, to avoid bloat in the 'ps auxw' table. Recognize HELP SITE and SITE HELP. Added addreply_noformat for multi-lines responses. STAT command. Support "modern" directory listings (modern_format() func) . Used to implement MLST and MLSD. Listings are "modern" or "traditional" according to the modern_listings global. Added --with-minimal. Added --with-nonroot to disable chroot()/setfsuid(), so that the server can work without root privileges. Added --with-language. Fixed largefile+throttling compilation. Changed 'quota' to 'ratio' everywhere. Quotas will be something else. Create /var/run/pure-ftpd.pid . Remove it when a signal is caught. Added romanian translation from Claudiu Costin . Added german translation from Mathias Gumz . Added french translation from Ping . Allow download of 0-byte files (reported by Louis Rouxel). Include and if presents. Define STORAGE_LEN and STORAGE_FAMILY for BSD and Glibc compatibility. Use seteuid() instead of setfsuid() on non-linux systems. Non-pam, non-shadow passwords are working again. Upgraded to automake 1.4d. Latest unstable glibc for Debian define ss_family instead of __ss_family. A test in configure.in was added for this. A test for ss_len was added by the way. * Version 0.97.2 : Added epsv_all. Tell the client when per-IP limit is reached. Daemonize if '-B' is given (daemonize global). Don't assume that 0 isn't a valid file descriptor. Yes we use 0/1 for the command socket so 0 should never be reused again. But it's to be quiet in our mind and to prevent bad surprises if we ever change this in the future. Add file size to speedstring (speedrate() function) . Compare dataconn IP with *peer* IP, not cltrconn!!! It broke passive transfers in 0.97.1, grrr... Corrected a bashiszm in configure.in (Arkadiusz Miskiewicz) * Version 0.97.1 : Added more entropy for the port number of passive connections and refuse connections from hosts who doesn't own the control socket. .message and .banner files couldn't contain only white spaces - fixed. Disable HELP in broken mode because very old WSFTP clients send this. Donnu why. But they do. Add a message to the syslog when the per-IP limit is reached. * Version 0.97-final : Strip debugging mode (XDBG) unless compiled with -DDEBUG. Who needs this on production servers, anyway? In standalone mode, close the listening socket when SIGTERM is received. Catch maxusers in the standalone server code. If the server is busy, don't even try to fork (optimisation) . The default syslog facility is now 'ftp' instead of 'local2'. Paranoia : set the close-on-exec flag on the listening socket and close stdin/stdout/stderr. Dynamically change process titles to reflect their activity (pure-ftpd [SERVER|IDLE|UPLOAD|DOWNLOAD]) . Accept non-ascii (accents) file names (check if <32U in checknamesanity). Added dynamic.c for IP tracking. Yes, the code could be optimized for speed with two hashed tables (ip->number pid->link to the previous table). But it's simple and fast enough if you don't have 500000000 simultaneous users (and if you do, you have a high end machine, don't you?) . Added '-E' flag. anon_only = 0 (normal mode) -1 (no anon) or +1 (anon only) . * Version 0.97pre5 : Added '-U' option to change the umask (Thanks to Guenter Bittner for the suggestion). Standalone mode : updated configure.in (NO_STANDALONE, NO_INETD), standalone_server(), standalone global, daemons() is skipped if we are only standalone, ... Added '-x' and '-X' options to prevent users from writing/reading dot-files, even though they are authenticated (add globals dot_write_forbidden and dot_read_forbidden) . Restricting access to directories starting with '.' added many lines of code for such a simple operation. However, it's done in a secure way : we don't get fooled by relative paths and links. Bandwidth throttling in now in KB/s (throttling_bandwidth global) . We do it the long, but right way, with compensation_delay = (transmitted bytes / throttling_bandwidth) - (tn - t0), recalculated between each received/transmitted chunk. A bit slow and bloated, however, but more efficient than a fixed approximation. To minimize bandwidth starvation with non-transfer commands, we impose a delay (throttling_delay) of 1sec/bandwidth. * Version 0.97pre4 : Added '-D' option to force 'ls' display dot-files even when a client doesn't send the '-a' option (ls -la) . Keep the previous permissions when overwriting a file. Thanks to Darren Casey for reporting this. New '-I' option to change the maximum idle time (idletime global) . Also, a new function (antiidle()) is called for each dummy command (no login, no transfer) . Because many modern FTP client send "noop", "cwd" or "pwd" all the time to avoid timeouts. When we encounter something like this, we give it grace time (twice the normal timeout, because the client is active), but we disconnect him if this grace time expires anyway. * Version 0.97pre3 / 0.96.2 : HELP is ignored if followed by an argument. Made SITE commands work anew with subcommands in upper case. Finally replaced the GNU globbing stuff by ported BSD code (NetBSD libc variant) . It's faster, it's cleaner, it's less buggy. The code was modified to accept recursion limits (rather than a maximum buffer size), match limits, and tilde expansion was disabled. Limited the default maximum listed files to 2000 instead of 4242 and 5 subdirectories for recursion. Support for shadow passwords expiration dates. New eye-candy delimiters for subdirectories in a directory listing. Moved capabilities-related functions to caps{.c,.h,_p.h} . Support for large (> 2 Gb) files. Reduced the IPv6 EPRT code, we now call doport2() like IPv4 PORT/EPRT commands. That way, we now support IPv6 FXP as well. Added the new logfile() function to customize the syslog output. * Version 0.97pre2 : Fixed a memory leak/duplicate free problem in glib-glob(). Added memory usage limits. Added missing messages from ls.c to the "messages.h" file for translation. Reverted the cap_free() calls semantic. * Version 0.97pre1 : Check for and convert 4-in-6 addresses (fourinsix() function). Also check for valid addresses (checkvalidaddr()) . Also check /proc/net/tcp6 when IPv6 is enabled. Code cleanups. Added DIE and DIE_MEM macro to shrink the source code. Commands are already in lower case, so don't call strcasecmp() anymore, strcmp() is faster. Paranoia : refuse invalid IP addresses (multicast, null, broadcast). Converted all strings to macros for localisation. Ignore ~ if we use LDAP to avoid useless queries. But tilde expansion with LDAP is still implemented, just #undef IGNORE_TILDE if you want to use it. Added overlapcpy() function in place of safe strcpy. This looks pointless under Linux, but we must follow the specs, anyway. Upgraded to Autoconf 2.49d. * Version 0.96.1 : Changed the ASCII restart message ("Okay, but your client violates RFC") to something more friendly. New possibly more secure glob() implementation. It's a hack of GlibC 2.2.2's glob() providing sglob(), able to limit recursion depth and the number or results. It's not perfect (is should return GLOB_NOSPACE in some situations instead of an empty list), but it should be a definitive solution against all possible globbing attacks. Added a limit of 17 minutes of CPU time consumming. Yes, 17 minutes is a huge limit. * Version 0.96 : When FXP is refused, send 500 as a reply. It helps broken NAT boxes deal with Pure-FTPd servers since the client thinks EPSV isn't supported and it tries PORT instead. Added chdir() after listing a directory just in case we didn't get back where we started if we reached a limit. Avoid loops in directory listings. * Version 0.96pre1 : Added '-P' flag to explicitly set an IP address in reply to a PASV command. Added '-A' flag to chroot() everyone. If '-A' is combined with '-a', the last option takes precedence. Added '-H' flag to avoid DNS resolution. Reverted the 0.95.1 change : 7 bits is always supported, even without '-b'. Added FEAT command (rfc2389) . Allow anonymous users to create directories if they have write access to the parent directory. Fixed virtual hosts and updated man page/README. Changed every sockaddr_in structure to sockaddr_storage. Added STORAGE_PORT, STORAGE_PORT6, STORAGE_SIN_ADDR, STORAGE_SIN_ADDR6 and STORAGE_FAMILY macros (ftpd_p.h) . Added addrcmp() to compare two sockaddr_storage addresses (is there a faster way to do this?) and generic_aton() to have an ipv4/ipv6 inet_aton() function. IPv6 support should be completed, yeah! Added max_ls_depth and max_ls_files globals and changed listdir() prototype to abort if we went to deep into the directory tree. Added -L option. Added allow_anon_mkdir global. New function fortune() to display a random line of a text file. It uses mmap() and should be very fast. A new global fortunes_file stores NULL (no cookie) or the cookies file name. Added '-F' to set the file name. * Version 0.95.2 : Changed 'ls' format to add one space to the size format and the size is now casted to unsigned long long. Implemented STOU and ALLO. Implemented APPE. The dostor() prototype was changed to accept an 'append' parameter to 'restart' according to the current file size. Added '-e' flag to only accept anonymous users (anon_only global, checked in douser()). Reverted the previous capabilities change. CAP_SYS_CHROOT can be safely dropped, but we have to call drop_login_caps() later in dopass(). Updated man page (list of supported commands and minor typo fixes). * Version 0.95.1 : Daemons.c : only counts sockets in CONNECTED state (1). So that listening sockets are implicetely ignored and closing sockets aren't creating false counts. Capabilities : we need CAP_SYS_CHROOT even after login to properly handle the -a flag. Removed 'md5' in the PAM example. Ignore type (ASCII/8 bits) if broken == 0, always do 8 bits by default. * Version 0.95 (final) : Changed the PAM sample file (pam_pwdb->pam_unix) to please more Linux distributions. Fixed getpwnam() NULL pointer dereferencement when user didn't exist. Changed passive mode acknowledgement to "227 Entering Passive Mode" to please Netfilter's ip_conntrack_ftp module. Added SPSV command. Added XCWD and XCUP aliases. Disallow PORT commands to ports < 1024. Various source code cleanups. Really reset restart offset to 0 when offset is too large for a file size. Paranoia : disallow '\' characters when dot-files aren't allowed. Added quotas (quota_upload, quota_download, quota_for_non_anon, -Q/-q flags, autoconf QUOTAS macro) . Paranoia : check every (v)snprintf() return value. PAM is now disabled by default in autoconf. Spec file was updated to reflect the change. LDAP support. Added the log_ldap* files and a wrapper for getpwnam. Cleaned the doc format (tabs). Disallow EPSV in broken compatibility mode (-b). Added a generic basic parser (parser.*), currently only used for LDAP. Disallow command-line options whose support isn't compiled-in. Documented Xinetd configuration and the Netfilter troubles. Added a check for the 'gauge' typo instead of 'gauge' on some old Dialog versions. * Version 0.95-pre4 : Added a Dialog GUI for easy compilation. Version number is now displayed in the main banner. Added alarm signals to timeout everywhere. Check if peer structure is filled after accept() system call. Implemented SITE HELP. Updated spec file. Added dot_ok and checknamesanity() to forbid ".xxx" uploads to non-chrooted users and anonymous users. * Version 0.95-pre3 : Changed error handling for restart (REST) command to please CuteFTP and LeechFTP. Fixed a typo in the autoconf script (--with-throttling) . Simplified dopass(). Added tapping delay in dopass() and MAX_PASSWD_TRIES macro. Disabled IPv6. It will be enabled anew when full support will be implemented (not only 4-in-6). * Version 0.95-pre2 : Upgraded to autoconf 2.49c and automake 1.4b . Built binary packages : Debian, RPM and Slackware. * Version 0.95-pre1 : Added some paranoid bounds checking. Support for bandwidth throttling. See throttling_delay (time we should usleep() for between each packet or command) and global 'throttling'. Upload should not be limited to a 16k window : adjust receive to the size of 'window' (defaults to 51200. Should we have it default to CONF_TCP_SO_RCVBUF?) . * Version 0.94 : Fixed cap_free() calls (needs a pointer). Added CAP_DAC_READ_SEARCH (for initial user home directory chdir) to the startup capabilities. Also added CAP_NET_ADMIN (to allow setting TOS) to the login capabilities. Added SITE CHMOD support. * Version 0.93 : Support for the FXP protocol. * Version 0.92 : LeechFTP (a popular Zindoz client) does a "REST 1" in ASCII mode after logging in. Well, maybe this violates RFC, but let's add a workaround (see dorest() / STRICT_REST) . Thanks to _PinG_ for reporting that kludge. Syslog identity changed to "pure-ftpd". Added noopidle (time_t of the first NOOP) and idletime_noop (maximum idle time with nothing but NOOP from the client) . idletime_noop defaults to 1.5 * idletime. Shortened the default idle time to 900 seconds. Idle time is now in minutes if >= 120 sec. * Version 0.91 : Updated credits. Use TCP_CORK. Explicit super-server requirement notification. Changed daemons() prototype to accept a port number to look for. ftpd.c and mrtginfo.c were updated to reflect the change. Global server_port now stores the real port the connection socket was bound to. Updated man pages. * Version 0.90 : Initial release. pure-ftpd-1.0.46.orig/FAQ0000644000000000000000000007744713077406215011717 0ustar FREQUENTLY ASKED QUESTIONS -------------------------------------------------- * Users can delete root-owned files? -> I have a directory owned by 'john', but I've put some files owned by 'root' (or another user) in it. However, I noticed that John can delete these files! Yes, this is the standard Unix behavior: the owner of a directory can do whatever he likes to do in his directory, regardless of who owns the file in it. If you want to have immutable files, check for such a feature in your operating system. For instance, on Linux filesystems, "chattr +i " does the trick. On BSD systems, try "chflags schg " . * Directories shared by multiple users. -> I have a "public" directory. All users can download and upload files from/to this directory. Permissions are 777 on it. But user 'john' can delete files owned by user 'joe'. How to prevent this? Put the sticky bit on that directory: chmod 1777 public. That way, the directory remains public (read/write), but people can only delete files they own. * Restricting directory visibility. -> I want that people only see their home directory and their own files. I don't want them to look at my systems files. This feature is called "chroot". You can enable this by running pure-ftpd with the "-A" switch to do this with ALL your users (but root) . You can alternatively use "-a " to have a "trusted group". Everyone will be caged, EXCEPT members of that group. Don't use -a and -A together. Another way is to selectively choose what users you want to chroot. This can be done with the /./ trick (see the README file about this) or with virtual users. * Shared directories and chroot. -> I have a directory, say /var/incoming, that I want to be shared by every user. But I want my users to be chrooted. So /var/incoming should be visible in 'joe' and 'john' accounts, but those are chrooted. So, how to have the content of /var/incoming visible in these accounts? Making a symbolic link won't work, because when you are chrooted, it means that everything outside a base directory (your user's home directory) won't be reachable, even though a symbolic link. But all modern operating systems can mount local directories to several locations. To have an exact duplicate of your /var/incoming directory available in /home/john/incoming and /home/joe/incoming, use one of these commands: * Linux : mount --bind /var/incoming /home/john/incoming mount --bind /var/incoming /home/joe/incoming * Solaris : mount -F lofs /var/incoming /home/john/incoming mount -F lofs /var/incoming /home/joe/incoming * FreeBSD : mount_null /var/incoming /home/john/incoming mount_null /var/incoming /home/joe/incoming Another alternative is to compile Pure-FTPd with --with-virtualchroot as a ./configure option. With virtual chroot, symbolic links pointing outside a chroot jail *are* followed. Binary packages are compiled with this feature turned on. * Tar and/or gzip on the fly -> Is it possible to use a command like "get directory.tar" as with Wu-FTPd ? (Sven Goldt) Unfortunately, no. Server-side gzip/tar creation is not a present nor a planned feature. It has been responsible of severe security flaws in Wu-ftpd and BSD ftpd, it can take a lot of server resource (denial-of-service) and it's a pain to set up (chrooted environment => need to add /etc /lib /bin directories, /dev on some platforms, etc) . * How to restrict access to dot files ? -> Is there an option to prevent people from accessing "." files/dirs (such as .bash_history, .profile, .ssh ...) EVEN if they are owned by the user ? (William Kern) Yes. '-x' (--prohibitdotfileswrite) denies write/delete/chmod/rename of dot-files, even if they are owned by the user. They can be listed, though, because security through obscurity is dumb and software shouldn't lie to you. But users can't change the content of these files. Alternatively, you can use '-X' (--prohibitdotfilesread) to also prevent users from READING these files and going into directories that begin with "." . * Log files -> Where does logging info go ? How to redirect it to a specific file ? How to suppress logging ? Log messages are sent to the syslog daemon. The syslog daemon is often called syslogd or syslog-ng. He's in charge of dispatching logging events from various programs to log files, according to a "facility" (category) and a "priority" (urgency: debug, info, warning, error, critical...) . Pure-FTPd logging messages are send with the "ftp" facility by default (or "local2" on some older systems without the "ftp" facility) . Unless you told the syslogd to redirect messages with the "ftp" facility to a specific file, the messages will be merged into /var/adm/messages, /var/log/messages, /var/adm/syslog or /var/log/syslog. Check /etc/syslogd.conf. You should have a line like: *.*;mail.none;news.none -/var/log/messages just add ftp.none: *.*;ftp.none;mail.none.news.none -/var/log/messages And if you want FTP info go in a specific file, just add: ftp.* /var/log/ftp and all FTP messages will go in /var/log/ftp . And only there. The facility can be changed if you add the -f option to pure-ftpd (or --facility=) . To completely disable logging, use -f none (or --facility=none) . If you don't read your log files, it's recommended: it will improve performance and reduce disk I/O. * How to prevent your partitions to be filled -> Is it possible to forbid new uploads when the disk is almost full ? (Cyberic) Use the "-k" (--maxdiskusagepct) flag. If you add -k 95 , no new upload can occur if your partition if more than 95% full. * Firewalling -> My FTP server is behind a firewall. What ports should I open? First, you have to open port 21 TO the FTP server. You also have to allow connections FROM (not to) ports <= 20 (of the FTP server) to everywhere. That's enough to handle the "active" mode. But that's not enough to handle all types of clients. Most clients will use another mode to transmit data called 'passive' mode. It's a bit more secure than 'active' mode, but you need to open more ports on your firewall to have it work. So, open some ports TO the FTP server. These ports should be > 1023. It's recommended to use at least twice the max number of clients you are expecting. So, if you accept 200 concurrent sessions, opening ports 50000 to 50400 is ok. Then, run pure-ftpd with the '-p' switch followed by the range configured in your firewall. Example: /usr/local/sbin/pure-ftpd -p 50000:50400 & Unlike some popular belief, the MORE opened ports you have for passive FTP, the MORE your FTP server will be secure, because the LESS you are vulnerable to data hijacking. If your firewall also does network translation (NAT), you have to enable port forwarding for all passive ports. On the client side, if a client if behind a firewall, that firewall must understand the FTP protocol. On Linux firewalls (iptables), just load the ip_conntrack_ftp and ip_nat_ftp modules. On OpenBSD, ISOS and FreeBSD 5 firewalls (PF), redirect all traffic to port 21, to ftp-proxy. * Unable to log in (unix authentication) -> I'm using simple Unix authentication. No PAM, no puredb, no MySQL, no LDAP. Anonymous FTP works, but I can't log in as any other user. It keeps saying "authentication failed". To log in, the shell assigned to your users must be listed in the /etc/shells file. The exact path should be there, even for fake shells like /etc or /bin/true. Also double check that you have a carriage return after the last line in /etc/shells. * Network filesystems. -> I have a strange problem on Linux or FreeBSD. Uploading a file works fine, but downloading a file only create 0-byte files. On the server, these files are on NFS/Novell shares/Appletalk shares/Coda/Intermezzo/SMB volumes. By default, pure-ftpd uses zero-copy networking in order to increase throughput and reduce the CPU load. But zero-copy doesn't work with all filesystems, especially network filesystems. You have to disable zero-copy if you want to serve files from a network FS or from a TMPFS virtual disk. To disable zero-copy, recompile pure-ftpd with ./configure --without-sendfile * Solaris and chroot. -> When I ftp to my Solaris server, I get this as an answer to 'ls': "425 Can't create the data socket: Bad file number." On Solaris, to get chroot to work with pure-ftpd you need a dev directory in your new rootdir with these: crw-rw-rw- 1 root other 11, 42 Dec 10 15:02 tcp crw-rw-rw- 1 root other 105, 1 Dec 10 15:02 ticotsord crw-rw-rw- 1 root other 11, 41 Dec 10 15:03 udp crw-rw-rw- 1 root other 13, 12 Dec 10 15:03 zero (Reported by Kenneth Stailey) * Upgrading. -> Can anyone explain how to update Pureftpd (from source), without having to change all my settings etc. (Simon H) 1) get the source code and unpack it. 2) ./configure it with your favorite options 3) make 4) rm -f /usr/local/sbin/pure-ftpd 5) make install-strip 6) if you run pure-ftpd from inetd,tcpserver,xinetd, etc: nothing left to do. You have it upgraded. 7) if you run it standalone, stop the server: kill $(cat /var/run/pure-ftpd.pid) then launch it again: /usr/local/sbin/pure-ftpd & * FTP over SSH. -> How to run Pure-FTPd over SSH? I want to encrypt all connection data (including passwords) . FTP-over-SSH is a nice alternative over FTP-over-TLS (impossible to securely firewall) and SFTP (which is slower, but only uses one port) . Customers using Windows can use FTP-over-SSH with the excellent Van Dyke's SecureFX client (http://www.vandyke.com) . It doesn't require any special knowledge: just tell your customer to check "FTP-over-SSH2" in the "Protocol" listbox when creating an account for your FTP server. On the server side, here's how to manage FTP-over-SSH accounts: 1) Add /usr/bin/false to your /etc/shells file (on some systems, it's /bin/false) . 2) To create a FTP-over-SSH account, create a system account with /dev/null as a home directory and /usr/bin/false as a shell. You don't need a dedicated uid: the same uid can be reused for every FTP-over-SSH account. 3) Create a virtual user account for that user (either with PureDB, SQL or LDAP) . Give that virtual user a real home directory and only allow connections coming from 127.0.0.1 (all FTP-over-SSH sessions will come from localhost, due to SSH tunneling) . People with no home directory (/dev/null) and no valid shell (/usr/bin/false) won't be able to get a shell nor to run any command on your server. But they will be granted FTP-over-SSH sessions. Here are examples (Linux/OpenBSD/ISOS commands, translate them if necessary) . 1) Creating a regular FTP account: pure-pw useradd customer1 -m -d /home/customer1 -u ftpuser 2) Creating a FTP-over-SSH account (non-encrypted sessions are denied): useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer2 pure-pw useradd customer2 -m -d /home/customer2 -u ftpuser -r 127.0.0.1/32 3) Creating an account who can use regular (unencrypted) FTP from the internal network (192.168.1.x), but who must use FTP-over-SSH when coming from an external network (internet): useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer3 pure-pw useradd customer3 -m -d /home/customer3 -u ftpuser \ -r 127.0.0.1/32,192.168.1.0/24 * Virtual users: /etc/pureftpd.pdb . -> I made changes to /etc/pureftpd.passwd but the server doesn't understand them: I can't access any account I just created. The server never reads /etc/pureftpd.passwd directly. Instead, it reads /etc/pureftpd.pdb (or whatever file name you gave after -lpuredb:...) . This file is a copy of /etc/pureftpd.passwd, but in a binary format, optimized for fast lookups. After having made a manual change to /etc/pureftpd.passwd, you must rebuild /etc/pureftpd.pdb with the following commands: pure-pw mkdb If you add/delete/modify user accounts with pure-pw useradd/usermod/userdel/ passwd, don't forget the '-m' option to automatically rebuild /etc/pureftpd.pdb and not only update /etc/pureftpd.passwd . * Giving access to dot-files. -> I don't want my users to read files beginning with a dot. Except one file I'd like to give 'John' read (and maybe write) access to. Create a symbolic link in John's account, pointing to the dot-file. Example: ln -s .bashrc bashrc John will be able to access ".bashrc" through the symbolic link, "bashrc". * Initial banner. -> How do I display a customized message before the login prompt? Compile with --with-cookie and run the server with -F . In that file, put a nice customized banner message. * Internet Explorer. -> Internet Explorer doesn't show any login box. IE does a very strange trick to detect whether an FTP server does accept anonymous connections or not. Basically, it connects to the server and logs in as 'anonymous'. But if you say 'no' at this point, it drops the connections with an error. You have to say 'ok, anonymous users are allowed' and then, when a dummy password ('IE@') is sent, you say 'ah ehm... finally... no... anonymous users aren't allowed' . Silly. To play that game, you must run pure-ftpd with the -E (non-anonymous server) and -b (compatibility with broken clients) flags. Then, the magic popup will show up. But please note that IE (and browsers at large) are usually bad FTP clients. -> Internet Explorer doesn't want to log in. (Matthew Enger) Check that the max number of connections (either per user or per IP) is at least 2. IE needs two connections to connect to an FTP server. * Passwords and pure-pw scripting. -> I would like to create virtual users with a shell-script. if i us pure-pw useradd ..... it always asks for the new password. is there any command-line option which tells pure-pw the password (like useradd ftp-user ftp-password -m) ? (at1ce) . Giving cleartext (and badly one-way hashed) passwords through command-line switches is a bad idea. Because users could issue a simple 'ps' command and discover these passwords. One way to enter a password (not from the keyboard) is to put the password twice in a temporary file, then redirect that file to stdin. Example: pure-pw useradd john -d /tmp/john -u ftpuser -m < ~/tmp/passfile And in ~/tmp/passfile, have something like: john's password john's password If you really need to avoid a temporary file and if nobody but you can log on the machine, you can always do this: (echo blahblah; echo blahblah) | pure-pw useradd john -d /tmp/john -u ftpuser * Altlog and pure-uploadscript don't work. -> pure-uploadscript doesn't run anything. Alternative logging methods (CLF, stats, W3C...) create a logfile, but it always stays empty. Maybe your operating system has a buggy realpath() implementation. Some old Solaris and Linux versions are known to have such a bug. Try to recompile pure-ftpd, but run ./configure with the --with-brokenrealpath switch first. * The server starts, but doesn't listen to any port? -> The server is properly running, I see it in the process list, but any try to connect to the configured port (or port 21 by default) fails. The socket isn't even open. Check two things : - If you are running a BSD system and you want to listen to IPv4 addresses, check that the "-4" switch ("IPV4Only" in config file) is enabled. - If you upload script are enabled ("-o", or "CallUploadScript"), make sure that the pure-uploadscript is started. Or the FTP server will actually wait until pure-uploadscript is actually ready to process new uploads. If you don't need the uploadscript facility, remove "-o". * Double slash. -> Why do I see double slashes in log files? For instance, the path of a downloaded file looks like /home/john//pictures/zok.jpg . '//' is a symbol for the limit of the chroot jail. In that example, it means that John is caged in /home/john/ . * ftpwho as a non-root user. -> How do I give access to the 'pure-ftpwho' command to non-root users? The 'pure-ftpwho' command is restricted to root by default, because users probably shouldn't be given the ability to spy what other users are doing on the same host. However, it's safe to put the setuid bit on that command, in order to have it work as any user: chmod 4711 /usr/local/sbin/pure-ftpwho * Changing bandwidth throttling on-the-fly. -> Is it possible to change the bandwidth allocated to a user during a transfer, so that the change takes place immediately? Unfortunately, no. Or at least not at pure-ftpd level. Doing so would need to re-read user's parameters all the time and it would be horribly slow. Other mechanisms would work, like signals to interrupt transfers, re-read parameters, then resume. But it would introduce a lot of complexity to the code. If you're using a modern operating system like OpenBSD, ISOS or Linux, your kernel already includes a fair TCP/IP traffic shaper. And because it works at kernel-level, you can easily change the bandwidth allowed to IPs or services on-the-fly. Have a look at pf.conf(5) OpenBSD, ISOS and FreeBSD 5, and at tc (or read the Linux networking HOWTO) on Linux. Also see the 'Global bandwidth limitation' section later in this document. * KERBEROS_V4 rejected as an authentication type. -> It works and I can log in, but I receive these strange error messages at log in, even in a non-chrooted environment: 220 FTP server ready. 502 Security extensions not implemented 502 Security extensions not implemented KERBEROS_V4 rejected as an authentication type Why and what do they mean? This is a Linux-specific instllation issue. It means that your command-line FTP client isn't a normal one, but a Kerberos FTP client. You probably installed RPMs for Kerberos, although you don't use it. These messages are harmless as Kerberos clients will fallback to normal FTP (after these errors), but you just have to deinstall Kerberos on your client host to have 'ftp' work without these messages. * Wrong group ownership. -> I have a user called 'john' whose group is 'johngroup'. When John uploads a file, that one belongs to 'john', but to another group like 'wheel' (whose John isn't a member of). What's wrong? This is a BSD standard behavior (verified on OpenBSD, ISOS, DragonflyBSD and FreeBSD): when a new file is created, the group is inherited from the parent directory. On other systems (like GNU/Linux), files are owned by the primary group of the user, unless the directory has the setgid bit set. If you want new files uploaded in John's directory to belong to group 'johngroup', have that directory (and probably also subdirectories) belong to 'johngroup': chgrp -R johngroup /home/john * Compilation with MySQL. -> I can't compile with MySQL. ./configure says that MySQL libraries aren't properly installed. The libmysqlclient.so file should be in a path known by your dynamic linker. For instance, on a GNU/Linux system, add the path to libmysqlclient.so file (only the path, not the file itself) to /etc/ld.so.conf . Then, run 'ldconfig' . * "Sorry, I can't trust you". -> When a user tries to log in, he gets "Sorry, I can't trust you". But his login/password pair is right. What wrong? That message can means two things: - The user has a shell that isn't listed in /etc/shells. You must add it, even if it's a fake shell like /bin/false . Also make sure that you have a carriage return after the last entry in /etc/shells. - You are using the -u option to deny access to users whose uid is below . But the user you are trying to log in as, has an uid in the forbidden range. * Customer-friendly configuration. -> What switches do you recommend to start the server, for an hosting service? Here's a good start: --chrooteveryone \ --maxclientsperip=5 \ --displaydotfiles \ --noanonymous \ --minuid=100 \ --umask=022:022 \ --limitrecursion=10000:3 \ --customerproof * Anonymous FTP with virtual users. -> I successfully created a virtual user called 'ftp' or 'anonymous', but anonymous FTP doesn't work. Pure-FTPd never fetch any info from the virtual users backends (puredb, MySQL, LDAP, etc) for anonymous sessions. There are three reasons not to do so: - Speed: do we need to query a database just to get the anonymous user's home directory? We don't need to retrieve any password for anonymous sessions. - Consistency: with the virtual hosting mechanism. To run an anonymous FTP server you must have a *system* account called 'ftp'. Don't give it any valid shell, just a home directory. That home directory is the anonymous area. * A basic setup. -> I'm trying to set up a ftp server just for me and my family so we can get and upload files when on the road. How can I make two users, say Jane and Joe, who share the directory /home/ftp and /home/ftp/incoming. In /home/ftp they only have read privs. and in /home/ftp/incoming they have read and write privs. Add a group for all FTP users (not mandatory, but more secure): groupadd ftpgroup Add an uid for all FTP users (idem, not mandatory, but better): useradd -g ftpgroup -d /dev/null -s /etc ftpuser Now, let's create /home/ftp and /home/ftp/incoming: mkdir -p /home/ftp/incoming chown -R root:ftpgroup /home/ftp/incoming chmod -R 755 /home/ftp chmod -R 1775 /home/ftp/incoming Let's add Jane: pure-pw useradd jane -m -u ftpuser -d /home/ftp Let's add Joe: pure-pw useradd joe -m -u ftpuser -d /home/ftp Let's start the FTP server: /usr/local/sbin/pure-ftpd -lpuredb:/etc/pureftpd.pdb -H -B Everything should be ok now. For more info about how to create new users, change passwords, etc.: http://www.pureftpd.org/README.Virtual-Users * Slow pure-ftpwho or slow login. -> Sometimes, pure-ftpwho is slow to show the result. And sometimes, when an user logs in, the session stucks a bit before he can get a directory listing. This is probably caused by a slow DNS resolver. In order to display full host names, pure-ftpd has indeed to make DNS queries that can be slow if you link is slow, or if the client link is slow. You can speed up pure-ftpwho and pure-ftpd with the -H switch. Names won't be resolved, you will see IP addresses instead. * Chrooted users can follow symlinks outside the chroot jail? -> People can create symbolic links to '/' and escape their home directory! There are two chroot implementations in pure-ftpd: - The traditional one, based upon your kernel chroot() system call. This is the default. With that one, symbolic links can only point inside the chroot jail, or they won't be followed. - The 'virtual chroot' implementation. With that feature, users *can* follow all symbolic links, even when they don't point inside the jail. This is very handy to set up directories shared by multiple users. Binary packages are compiled with virtual chroot by default. To enable the virtual chroot feature when you are compiling the server, use the --with-virtualchroot with ./configure . If you want a restricted chroot, don't include --with-virtualchroot. Please note that the FTP server will never let people create new symbolic links. Symbolic links have to be already there to be followed. Or if your users can create symbolic links through Perl or PHP scripts, your hosting platform is really badly configured. People can install any web file browser, they don't need FTP to look at your system files. Recompile PHP without POSIX functions and run all Perl scripts chrooted. * How to start Pure-FTPd in background. -> I start 'pure-ftpd' from an X terminal and the server properly answers. However, as soon as I close the terminal, the server stops. This is a shell dependent issue. Your shell is configured to close all background jobs when leaving. You can change your shell options (probably with a 'set' directive) or detach background jobs with the 'disown' keyword. Alternatively, you can just start pure-ftpd with the -B switch in order to have it detach at startup time: /usr/local/sbin/pure-ftpd -B * Windows command-line FTP client and 'ls'. -> With the command-line Windows FTP client, 'ls -la' doesn't return any file. The 'ls' command of an FTP client has nothing to do with the 'ls' command started from an Unix shell. With the command-line Windows client, typing 'ls' really sends the FTP command 'NLST'. So when you type 'ls -la', it doesn't mean 'verbosely list all files'. According to RFCs, it means 'list the file called -la' . So you get what you asked for. If no file is called '-la', you get nothing. If you want to play with regular expressions and switches, you should type 'dir' (which is translated to 'LIST') instead. 'dir -la' is ok. This is a bit illogical and that brain damage is specific to Microsoft's command-line FTP client. If you really want 'ls' to parse options, you can start pure-ftpd with the -b (broken) switch. * Global bandwidth limitation. -> How do I limit the *total* bandwidth for FTP? Pure-FTPd can limit bandwidth usage of every session. But limiting the total bandwidth is intentionally not implemented, because most operating systems already have very efficient algorithms to handle bandwidth throttling. Here's an example with Linux. 1) Have a look at /proc/sys/net/ipv4/ip_local_port_range. You will see two numbers: this is the interval of local ports your Linux kernel will use for regular outgoing connections. The FTP ports you have to reserve for passive FTP must *not* be in this range. So if: "cat /proc/sys/net/ipv4/ip_local_port_range" returns "32768-61000", you can reserve ports 10000 to 20000 for your FTP server, but not 30000 to 40000. (alternatively, you can change the local port range) . 2) Change the first lines and save the following script: ---------------------------- Cut here ---------------------------- #! /bin/sh # Simple bandwidth limiter - # Change this to your link bandwidth # (for cable modem, DSL links, etc. put the maximal bandwidth you can # get, not the speed of a local Ethernet link) REAL_BW='10Mbit' # Change this to the bandwidth you want to allocate to FTP. # We're talking about megabits, not megabytes, so 80Kbit is # 10 Kilobytes/s FTP_BW='80Kbit' # Change this to your physical network device (or 'ppp0') NIC='eth0' # Change this to the ports you assigned for passive FTP FTP_PORT_LOW="10000" FTP_PORT_HIGH="20000" tc qdisc add dev "$NIC" root handle 1: cbq \ bandwidth "$REAL_BW" avpkt 1000 tc class add dev "$NIC" parent 1: classid 1:1 cbq bandwidth "$REAL_BW" \ rate "$REAL_BW" maxburst 5 avpkt 1000 tc class add dev "$NIC" parent 1:1 classid 1:10 cbq \ bandwidth "$REAL_BW" rate "$FTP_BW" maxburst 5 avpkt 1000 bounded tc qdisc add dev "$NIC" parent 1:10 sfq quantum 1514b tc filter add dev "$NIC" parent 1: protocol ip handle 1 fw flowid 1:10 iptables -t mangle -A OUTPUT -p tcp --sport 20:21 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -p tcp \ --sport "$FTP_PORT_LOW":"$FTP_PORT_HIGH" -j MARK --set-mark 1 ---------------------------- Cut here ---------------------------- 3) Make sure that you have the 'tc' command installed. If your Linux distro doesn't ship 'ip' and 'tc' commands, it really sucks and you must install a package called 'iproute2' to get them. 4) Start Pure-FTPd with the passive port range you assigned: /usr/local/sbin/pure-ftpd -p 10000:20000 -HBA 5) Run the script you created in step 2. It it doesn't work, check that QOS support was compiled in your Linux kernel. 6) Enjoy :) Also have a look at : http://www.docum.org http://www.shorewall.net/traffic_shaping.htm and http://talk.trekweb.com/~jasonb/articles/linux_tc_minihowto.shtml * Linux, NTFS and Pure-FTPd. -> On Linux, I can't transfer files from an NTFS partition. Keep in mind that the NTFS filesystem is still an experimental beast in Linux. Some basic operations are not implemented yet. Fortunately, a big effort is being made and Linux 2.5 has a new NTFS implementation that fully works with Pure-FTPd (try ./configure --without-sendfile, though) . And it is more reliable and really faster than the old one. And even more fortunately, the new NTFS implementation has been backported to recent 2.4.x kernels. Have a look at http://linux-ntfs.sf.net/ . * Slowdowns and lags. -> Some users complains that transferring large files doesn't work. Transfers are starting as expected, with a decent rate. But then, the speed dramatically decreases, there are some serious lags and they often must disconnect (or the client force them to do it, after a timeout) . The server is behind a firewall that filters incoming ICMP, but let FTP ports in. Don't, don't, don't filter ICMP. At least not blindly without understanding what you are filtering. ICMP is part of the TCP/IP specifications. Filtering it can have nasty side effects with no real win. If you even filter ICMP types 3 and 4, your firewall is definitely broken and this is probably why you have such troubles with transfers of large files. Please read these documents about ICMP filtering : http://www.phildev.net/mss/index.html http://alive.znep.com/~marcs/mtu/ http://www.freelabs.com/~whitis/isp_mistakes.html Also some hardware routers don't properly handle window scaling. Try to turn it off, for instance on Linux: sysctl -w net.ipv4.tcp_window_scaling=0 sysctl -w net.ipv4.tcp_bic=0 * Firewalls and TLS. -> My client is behind a stateful firewall doing applicative filtering (like IPTables with ip_conntrack_ftp or ip_nat_ftp) . Connections to an TLS enabled server doesn't work. Authentication works, but I'm unable to download files nor list directories. First, try to force your client to use the passive mode. In active mode, the server has to connect to the client (or the NAT gateway) on a dynamic port that is negociated on the connection socket. But when TLS is used, that connection socket is encrypted, therefore no man-in-the middle can see what ports will be used to transfer data, including the firewall. There are some proposals to work around this problem, but neither popular clients nor common firewalls are aware of these tricks. Therefore, use the passive mode or switch to SSH. * TLS and error 00000000. -> My TLS-enabled client doesn't work. It outputs something like : "SSL connect: error:00000000:lib(0):func(0):reason(0)". What does it mean? This error is not very explicit. You get it from some Unix clients like LFTP. It actually means that there is a firewall or a NAT box between a TLS-enabled server and a TLS-enabled client, but that firewall is unable to handle encrypted FTP sessions. Unfortunately, there's no simple workaround against this. Try to switch your client to active mode and use 1:1 NAT, but TLS, firewalls and FTP don't mix very well. * Slow TLS operations. -> When clients connect with TLS encryption, listing directories and downloading files are slow operations. Nothing happens after a command is sent, things only start moving after a 5 secondes delay. Check the host name of your certificate. It should be a fully-qualified host name and if possible, it shouldn't be a CNAME entry. Also check your DNS cache servers. * Files getting renamed automatically (submitted by C. Jon Larsen) -> Sometimes when files get uploaded they are getting renamed to something like "pureftpd.3f3300d2.33.0001". What is causing this ? The ftp client that is being used to upload the files is using the STOU (Store Unique) FTP command instead of the STOR FTP command. If you check the ftp logfile you should see something like this in the logs: (user@a.b.c.d) [DEBUG] Command [stou] [file_name_from_the_client.ext] /var/ftp/ftpcustomer/pureftpd.3f3300d2.33.0001 uploaded (218168 bytes, 127.79KB/sec) The STOU command tells the ftp client to begin the transmission of the file to the remote site; the remote filename picked by the ftp server will be unique within in the current directory that the ftp client is using. The response from the server will include the filename. The ftp client has an option like "create unique files" or "upload file with a temporary name" enabled. You should have the ftp user uncheck this option. Trying to disable the STOU command on the server side is not a good idea or solution as some ftp clients will use STOU to upload a file with the temporary, unique name, and then rename the file once the upload is complete. This helps prevent failed uploads from leaving partial files around. pure-ftpd-1.0.46.orig/HISTORY0000644000000000000000000000430513077406215012430 0ustar Troll-FTPd is a nice FTP server coded by Arnt Gulbrandsen from Troll Tech. Despite his lack of popularity, it has always been a very good project, coded with the following requirements in mind : - No useless bloat, - No external command calls (source of most security flaws) - RFC standards conformance, - Easy to set up, - User friendly, - Secure. The official repository for this piece of software is ftp://ftp.troll.no/freebies/ftpd/ . People who tried Troll-FTPd usually kept it and used it in production servers for years without any problem. Alternatively, WU-FTPd, ProFTPd, BeroFTPd and many others have had serious security and reliability issues, and system administrators had to always watch for patches and new releases to ensure a good nights sleep. Troll-FTPd was often considered for inclusion in secure distributions, but the project was't actively maintained. Release 1.25 is dated 03/1999 and has been made with help from Janos Farkas, cmj at localnet.com, August Fullford and Ximenes Zalteca. Troll-FTPd 1.26 was released two years after, just to fix minor bugs. Arnt said that there won't be any other release unless he ever moves to IPv6. This is why I started to collect various unofficial patches over the internet, merged them (and it wasn't painless), added my own ones, cleaned up the code, audited it, repackaged it, rewrote the documentation... and the Pure-FTPd project was born. The first released version of Pure-FTPd was labeled 0.90 because I wanted some margin before 1.00, just to add missing features that prevent people from moving from other FTP servers. Also the documentation was in need for a full update before version 1.00 . It was based on Troll-FTPd 1.25, and changes from 1.26 were backported. Troll-FTPd 1.26 and earlier are vulnerable to a local root exploit (Troll-FTPd 1.27 was released later to fix it) . Pure-FTPd is not vulnerable to this, and it has never been. The fix was already applied to the first version of Pure-FTPd before the flaw was discovered and fixed in Troll-FTPd. Thanks to Arnt for his excellent job. The Pure-FTPd project would never have been started without it. -Frank DENIS "Jedi/Sector One" pure-ftpd-1.0.46.orig/INSTALL0000644000000000000000000003661013070553754012405 0ustar Installation Instructions ************************* Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without warranty of any kind. Basic Installation ================== Briefly, the shell command `./configure && make && make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. Some packages provide this `INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. Running `configure' might take a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular user, and only the `make install' phase executed with root privileges. 5. Optionally, type `make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a regular user, particularly if the prior `make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. 7. Often, you can also type `make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. 8. Some packages, particularly those that use Automake, provide `make distcheck', which can by used by developers to test that all other targets like `make install' and `make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. This is known as a "VPATH" build. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or "universal" binaries--by specifying multiple `-arch' options to the compiler but only a single `-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CPP="gcc -E" CXXCPP="g++ -E" This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results using the `lipo' tool if you have problems. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. In general, the default for these options is expressed in terms of `${prefix}', so that specifying just `--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the correct locations to `configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the `make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each affected directory. For example, `make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of `${prefix}'. Any directories that were specified during `configure', but not in terms of `${prefix}', must each be overridden at install time for the entire installation to be relocated. The approach of makefile variable overrides for each directory variable is required by the GNU Coding Standards, and ideally causes no recompilation. However, some platforms have known limitations with the semantics of shared libraries that end up requiring recompilation when using this method, particularly noticeable in packages that use GNU Libtool. The second method involves providing the `DESTDIR' variable. For example, `make install DESTDIR=/alternate/directory' will prepend `/alternate/directory' before all installation names. The approach of `DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even when some directory options were not specified in terms of `${prefix}' at `configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the execution of `make' will be. For these packages, running `./configure --enable-silent-rules' sets the default to minimal output, which can be overridden with `make V=1'; while running `./configure --disable-silent-rules' sets the default to verbose, which can be overridden with `make V=0'. Particular systems ================== On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. HP-UX `make' updates targets which have the same time stamps as their prerequisites, which makes it generally unusable when shipped generated files such as `configure' are involved. Use GNU `make' instead. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended to try ./configure CC="cc" and if that doesn't work, try ./configure CC="cc -nodtk" On Solaris, don't put `/usr/ucb' early in your `PATH'. This directory contains several dysfunctional programs; working variants of these programs are available in `/usr/bin'. So, if you need `/usr/ucb' in your `PATH', put it _after_ `/usr/bin'. On Haiku, software installed for all users goes in `/boot/common', not `/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Unfortunately, this technique does not work for `CONFIG_SHELL' due to an Autoconf limitation. Until the limitation is lifted, you can use this workaround: CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of all of the options to `configure', and exit. `--help=short' `--help=recursive' Print a summary of the options unique to this package's `configure', and exit. The `short' variant lists options used only in the top level, while the `recursive' variant lists options also present in any nested packages. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--prefix=DIR' Use DIR as the installation prefix. *note Installation Names:: for more details, including other options available for fine-tuning the installation locations. `--no-create' `-n' Run the configure checks, but stop before creating any output files. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. pure-ftpd-1.0.46.orig/Makefile.am0000644000000000000000000000072613077406215013403 0ustar EXTRA_DIST = \ THANKS \ HISTORY \ CONTACT \ FAQ \ Makefile.gui \ README.LDAP \ README.MySQL \ README.PGSQL \ README.Configuration-File \ README.Virtual-Users \ README.Authentication-Modules \ README.Windows \ README.TLS \ README.MacOS-X \ README.Donations \ pureftpd.schema \ pureftpd-ldap.conf \ pureftpd-mysql.conf \ pureftpd-pgsql.conf \ pure-ftpd.png SUBDIRS = \ puredb \ src \ man \ pam \ gui \ m4 sysconf_DATA = \ pure-ftpd.conf pure-ftpd-1.0.46.orig/Makefile.gui0000644000000000000000000000002313077406215013560 0ustar all: gui/build.sh pure-ftpd-1.0.46.orig/Makefile.in0000644000000000000000000006564413077430057013427 0ustar # Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ $(top_srcdir)/m4/getloadavg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = pure-ftpd.conf CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(sysconfdir)" DATA = $(sysconf_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope distdir dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ $(LISP)config.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(srcdir)/pure-ftpd.conf.in AUTHORS COPYING ChangeLog INSTALL \ NEWS README THANKS compile depcomp install-sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2 GZIP_ENV = --best DIST_TARGETS = dist-bzip2 dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BONJOUR_LDADD = @BONJOUR_LDADD@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CONFDIR = @CONFDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CWFLAGS = @CWFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETLOADAVG_LIBS = @GETLOADAVG_LIBS@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ ISODATE = @ISODATE@ KMEM_GROUP = @KMEM_GROUP@ LDAP_SSL_LIBS = @LDAP_SSL_LIBS@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LOCALSTATEDIR = @LOCALSTATEDIR@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NEED_SETGID = @NEED_SETGID@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ POW_LIB = @POW_LIB@ RANLIB = @RANLIB@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ certfile = @certfile@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = \ THANKS \ HISTORY \ CONTACT \ FAQ \ Makefile.gui \ README.LDAP \ README.MySQL \ README.PGSQL \ README.Configuration-File \ README.Virtual-Users \ README.Authentication-Modules \ README.Windows \ README.TLS \ README.MacOS-X \ README.Donations \ pureftpd.schema \ pureftpd-ldap.conf \ pureftpd-mysql.conf \ pureftpd-pgsql.conf \ pure-ftpd.png SUBDIRS = \ puredb \ src \ man \ pam \ gui \ m4 sysconf_DATA = \ pure-ftpd.conf all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config.h: stamp-h1 @test -f $@ || rm -f stamp-h1 @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 pure-ftpd.conf: $(top_builddir)/config.status $(srcdir)/pure-ftpd.conf.in cd $(top_builddir) && $(SHELL) ./config.status $@ install-sysconfDATA: $(sysconf_DATA) @$(NORMAL_INSTALL) @list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sysconfdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sysconfdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \ done uninstall-sysconfDATA: @$(NORMAL_UNINSTALL) @list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(sysconfdir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build/sub \ && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile $(DATA) config.h installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(sysconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-sysconfDATA install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-sysconfDATA .MAKE: $(am__recursive_targets) all install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ distcheck distclean distclean-generic distclean-hdr \ distclean-tags distcleancheck distdir distuninstallcheck dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ install-sysconfDATA installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \ tags-am uninstall uninstall-am uninstall-sysconfDATA .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pure-ftpd-1.0.46.orig/NEWS0000644000000000000000000012623713077407615012061 0ustar * Version 1.0.46: - The server can now be linked against OpenSSL 1.1.x with the strict API. - Unmaintained contributions have been removed. - File globbing could take up to `GLOB_TIMEOUT` seconds (17 seconds by default) when matching some patterns, no matter what the configured recursion level was. This has been fixed, and upgrading is highly recommended. This was reported by Russ Cox, thanks! * Version 1.0.45: - TLS v1.0 sessions are now refused by default. - Version 1.0.44 didn't properly parse the TLSCipherSuite directive. This has been fixed. * Version 1.0.44: - The Perl and Python wrappers are gone. The daemon can now use a configuration file without requiring external dependencies. - Pure-FTPd can now be linked against OpenSSL 1.1.x - The QUIT command didn't work properly when the server was compiled without support for RFC2640. This has been fixed. - 3DES was removed from the default cipher suite. * Version 1.0.43: - Passwords can now be hashed using Argon2i, which is now the default algorithm for puredb accounts. - Authentication against system accounts is compatible with OpenBSD 6.0. - The -J switch didn't work properly in version 1.0.42. This has been fixed. * Version 1.0.42: - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not compiled with libsodium. - The connection is now dropped if HTTP commands are received. - LDAP force_default_gid and force_default_uid now work as documented. - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd 1.0.22 circa 2009, but disabled back then due to client compatibility concerns) is now on by default, except in broken clients compatibility mode. * Version 1.0.41: - MariaDB and MySQL 5.5+ are now fully supported - MySQL <= 4.0.0 is not supported any more - Some Linux distributions ship a version of OpenSSH without support for ECC. Pure-FTPd can now be compiled on these. - New command-line switch: -2/--certfile= to set the path to the certificate file when using TLS. * Version 1.0.40: - Support for TCP_FASTOPEN added on Linux - The LDAP configuration file didn't allow a default gid without also defining a default uid. This is no longer the case. - The process handling a user session could be crashed by trying to match a file pattern longer than the maximum length for a path. This has been fixed. Upgrading is recommended. * Version 1.0.39: - Compilation fix for ancient versions of OpenSSL. - TLS sockets shutdown fixed in order to prevent incomplete transfers. * Version 1.0.38: - Passwords hashed using scrypt can be used in the MySQL, PostgreSQL and LDAP backends. - Support for TLS forward secrecy was added. If you are upgrading and using TLS, please run the following command prior to launching the new version: # openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 * Version 1.0.37: - The -C: prefix can be added to the cipher suite in order to make valid client certificates mandatory. This is no longer a compile-time option. - The Clear Command Channel (CCC) command is now supported. - SSL (v2, v3) is refused by default. - The PureDB backend supports the scrypt function in order to hash passwords. This is the preferred algorithm, but requires the presence of libsodium. - LDAP uid and gid values can over overridden in the LDAP configuration file. - Support for LDAP over TLS (LDAPUseTLS in the configuration file) was added. * Version 1.0.36: - Support for external authentication handlers has been fixed. Reported by Rasmus Fauske. - Directory listings can now report file sizes up to 1 exabyte. - Pure-FTPd is now useable on Win32 again. - Per popular request, dot files are now hidden from directory listings when the -X flag is turned on. * Version 1.0.35: - An old-standing bug has been fixed: when a file was renamed and overwrote an existing file, the quota wasn't properly updated. Reported by Hiramoto Kouji. * Version 1.0.34: - Fix uploads. The bug was introduced in version 1.0.33. Thanks to Hugo Gomes. * Version 1.0.33: - SITE UTIME now supports the 2-arguments syntax in addition to the 5-arguments syntax. - Support for the MFMT command has been implemented. - A default directory can now be specified when using the LDAP backend. * Version 1.0.32: - Support SHA1 password hashing in MySQL and PostgreSQL backends - Support for braces expansion in directory listings has been disabled - Cf. CVE-2011-0418 * Version 1.0.31: - The list of allowed ciphers for SSL/TLS connections can now be specified (--tlsciphersuite / -J). - Shell-like escaping is now partially handled when emulating the "ls" command in order to improve compatibility with legacy clients. - Linking issues with MySQL support on Fedora have been solved. * Version 1.0.30: - pure-quotacheck can now work with a large number of files. - OPTS UTF-8 is now an alias to OPTS UTF8. - Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411. * Version 1.0.29: - Fixed corruption when downloading > 4 Gb files on a 32-bits arch. - Fixed error on exit on Linux. - Downloading should be slightly faster. * Version 1.0.28: - When --autorename is enabled, an upload script will now get the final file name instead of the original one. - The ALLO command now checks for the actual disk space in addition to the virtual quota. - ABOR on OSX has been fixed. - Fixed the virtual quota computation after an atomic upload has been resumed. - Fixed AUTH_ENCRYPTED. - A workaround against spurious disconnections with ncftp has been implemented. * Version 1.0.27: - IPv6 connections are accepted again (regression from version 1.0.26) - SSLv3 renegociation has been disabled - .pureftpd-upload-* files can be deleted by users with no quota. - The server can be forced to shut down on iPhone. * Version 1.0.26: - Fix incompatibilities with Cyberduck and dramatically speed up directory listings and transfers when TLS is enabled with some other clients like LFTP. - Allow authentication of non-chrooted users again. It was a regression from version 1.0.25. Spotted by Juergen Daubert. * Version 1.0.25: - The FTP server can now be built as a library for iPhone and iPod Touch. - Display symbolic links in the MSLD command as symbolic links, unless the broken clients mode is enabled, just like STAT/LIST/NLST. - Enhanced compatibility with gcc 2.x and with custom installation paths. - Fix packaging issues, especially when the server isn't installed in the default paths - Downloads now require less CPU and less memory. - Fix an infinite loop that could lead to a client process burning a CPU core if the client didn't disconnect properly. Reported by Thomas Min and Margus Kaidja. - Handle fake download resumes the traditional way for the sake of being compatible with weird clients that insist on doing that. - The group name is now always displayed instead of the gid when it matches the primary user group. * Version 1.0.24: - When using LDAP in BIND mode, empty passwords are refused. Reported by Henning Brauer. * Version 1.0.23: - The LDAP schema has been fixed. - LDAP authentication through binding is now possible in addition to passwords. This allows for the FTP server to run with an unprivileged LDAP account. - In LDAP objects, the "enabled" value is accepted again as a FTPStatus property. - Privilege separation is now enabled by default. - The server should now properly compile on Solaris with privsep. - Charset conversions are properly made on directory names. - Transfers now handle every kind of disconnection. - More informative log messages for errors and activity reporting. - Virtual quotas are way more reliable and uploads are interrupted as soon as quotas are exceeded. - Atomic uploads are only used when necessary and only if --notruncate is enabled. - Dangling .pureftpd-upload files should be a thing of past. - Enhanced conformance with RFCs and better compatibility with FTP clients. - Improved SSL performance, compatibility and commands support. - By default, up to 10000 files per directory can be listed instead of 2000. - ALLO can now tell clients whether an upload would blow quotas before the upload actually starts. - PAM is now enabled by default on OSX. - Switch euid to the _pure-ftpd account (unless it's nonexistent) in the privsep process. - --without-banner is not necessary any more. Having a cookie file (--fortunefile=...) automatically disables the default banner, thus allowing full customization of the welcome banner. - ./configure --localstatedir is now honored in order to change the run-time directory. - Support for building a FTPS (implicit SSL/TLS) server, using --with-implicittls * Version 1.0.22: - the LDAP authentication backend now supports TLS encryption. - TLS encryption is supported on data channels. - downloads require way less CPU time on platforms with slow mmap() calls. - MySQL 5+ stored procedures can now be used in the authentication process. - time zones issues should be fixed for good. - on-demand directories can now be created with any set of permissions. - password scrambling of MySQL 5+ is now supported. - a catalan translation has been contributed. - spurious disconnections due to some clients keepalive tricks have been fixed. - custom authentication handlers are now informed about the encryption status of the session. - standard-conformance and compatibility with several clients have improved. - large files are now supported by default. - enhanced support for Solaris. - a bunch of bug fixes, optimizations and compatibility with newer libraries and operating system versions. - "ftp" and "anonymous" user names can have passwords if the -E switch (no anonymous logins) is specified. - in compatibility mode, non-dangling symbolic links are now displayed as if they were regular files/directories. - --with-everything now includes privsep. * Version 1.0.21: - pure-pw has a new option (-F) to specify the location of the puredb database. - --with-rendezvous is now --with-bonjour. - User names can now be up to 127 characters long by default. - Compilation with PAM support has been fixed on MacOS X. - The MySQL PASSWORD() function can now be used with MySQL >= 4.1. - Logging has now the correct timezone. - Experimental support for RFC2640 (UTF-8), based upon code contributed by Jui-Nan Lin. - The LDAP schema has been changed: FTPStatus should be a boolean. - The pid file can now be set for pure-authd and pure-uploadscript. Contributed by Old Sparky. - Support for large files is now enabled by default, with no slowdown on Linux. - SITE UTIME and OPTS MLST have been implemented. - Huge performance improvement while transferring a lot of small files. - Better handling of aborted transfers. - MySQL queries can now include multiple statements (MysQL 4.1 and later) and call MySQL 5 stored procedures. Thanks to Mike Goins. - MySQL connection errors are now logged. * Version 1.0.20: - On MacOS X Panther and Tiger, clients were sometimes rejected when they has no reverse DNS entry and DNS resolution was enabled. This has been fixed. Thanks to Yann Thomas Gerard . - The command-line parser was broken on FreeBSD and Solaris in version 1.0.19. This has also been fixed. People running other operating systems don't need to upgrade. * Version 1.0.19: - A workaround for pure-ftpwho not working on OpenBSD has been added. - Real disk space is no more shown. - A possible denial of service when too many users were connected should be fixed. Reported by Agri , thanks! * Version 1.0.18: - A new, nice-looking PDF version of the documentation is now available from http://www.pureftpd.org/readme.pdf . Contributed by Torgny Wernersson. - The beast now compiles and links against MySQL 4.1.x, but passwords must not be hashed with MySQL-specific hashing function. - Buglets were fixed in the documentation. - Two new translations were added : hungarian and catalan. Contributed by Bánhalmi Csaba and Contributed by Oriol Magrané. - The server now uses distinct IPv4 and IPv6 to listen to both protocols on all operating systems. A new switch, -6, forces the server to only listen to IPv6. - W3C and CLF alternative log formats are now more standard conformant. - Pure-FTPd can now produce WU-FTPd (xferlog) compatible log files. - Support for Rendezvous was added on MacOS X. - Support for Apple / GNUStep plist data output was added to pure-ftpwho. - UTF-8 characters are now supported in file names. A new switch, --without-unicode, can be used to filter out non-latin characters. * Version 1.0.17a: - An old standing issue has been fixed : ungracefully aborted transfers caused the session to exit without removing ftpwho entry and atomic files. This fix also speeds up ftpwho and peruserlimit. * Version 1.0.17: - The SSL certificate file can now be changed through a new configuration switch, --with-certfile. It doesn't depend on sysconfdir any more and it defaults to the original location : /etc/ssl/private/pure-ftpd.pem . - Shadowed NIS accounts and MacOS X Panther system accounts are now processed by the pure-pwconvert tool. - The server doesn't reject users any more on Linux when capabilities are used. - The documentation has been improved (man pages, README, FAQ, typos). - Optimizations have been made. - SO_REUSEPORT is now used on FreeBSD to always bind the ftp-data port. - SSL-related error messages are now more explicit. - The SITE TIME command has been implemented. - The sample PAM configuration file has been rewritten. - A logfile parser has been added to the contribs. - MacOS X Panther specific instructions have been added. - Upload is now atomic. A file is uploaded with a temporary name and it gets its final name only once the upload has been completed. If a file already exists with the same name, the content can be preserved until the new content has been fully transferred (using the new --notruncate run-time switch). Web servers will no more serve partially transferred files during uploads. The new handling of uploads also limits the races in virtual quota handling. * Version 1.0.16c: - The PAM backend and the CGI mode were accidentally broken in version 1.0.16b. This version fixes both issues. - The Norwegian translation has been updated. * Version 1.0.16b: - The server now properly compiles with SSL/TLS on RedHat 9 systems. - pure-ftpwho now outputs nice-looking XHTML 1.1 conformant code, an XSS issue has been fixed and the local host name is now properly displayed in verbose mode. - The path to SSL certificates now follows the --sysconfdir prefix. - Minor optimizations have been made. - IPv4 and IPv6 addresses will now listen for connections even without the -4 switch on NetBSD and FreeBSD. * Version 1.0.16a: - pure-uploadscript was broken in 1.0.16 due to a typo and sometimes it wouldn't work on some systems. * Version 1.0.16: - Authentication is now working on Solaris with shadow/NIS. Based upon a patch by Axel Apitz . - Bugs in starting scripts were fixed. - A big cleanup in man pages was performed by Claudiu Costin. - Support for SSL/TLS was implemented. This is the end of cleartext passwords sent through the network. - Pure-FTPd is now working on MacOS X Panther. - The software can also be linked against MySQL 4.1.x. * Version 1.0.15: - A turkish translation has been added. Thanks to Mehmet Cokcevik . - Various functional and portability fixes have been made to the handling of upload scripts, to the pure-pw command and to the automatic creation of home directories. - Accounts in a puredb database can now be quickly listed ("pure-pw list"). - The anonymous FTP directory can now be overridden on the Windows port (using a WIN32_ANON_DIR environment variable). - The default banner has been stripped down to look more professionnal (ie. boring). - Transfer speed on BSD systems has been improved. - The license of the whole package has changed from GPL to a simplified BSD license. * Version 1.0.14: - Privilege separation has been introduced. When this feature is enabled, each client session spawns two processes communicating over a private channel : a restricted trusted part and the main part that definitely revokes all privileges after authentication and chroot(). Add --with-privsep to ./configure in order to enable that feature. - Automatic detection of Virtuozzo was added. - Forced passive IP addresses (-P) can now work with gateways whose addresses are dynamic (DSL and cable modem users), using symbolic host names. * Version 1.0.13a: - The previous release broken compilation with PostgreSQL and it didn't work any more with very old versions of the Perl interpreter. Both issues were fixed. No other change has been made - If 1.0.13 works for you, there's absolutely no need to upgrade. * Version 1.0.13: - Traditional and simplified chinese translations are not messed any more (Thanks to Ying-Chieh Liao) . - The documentation has been improved. - OpenLDAP 2.1.x is now supported. - New LDAP directives were added to provide more flexibility (LDAPFilter, LDAPHomeDir and LDAPVersion, see README.LDAP) . - On-demand directories are now also created when path contains extra slashes. - pure-uploadscript will no more immediately give up when the server hasn't been started before. - Files whose names contains non-printable characters are not listed any more. - A new switch (--with-boring) has been introduced to produce more professional-looking messages. - Zero-copy transfers of large files have been fixed on Solaris, thanks to Emmanuel Hocdet. - Larger banner messages can now be displayed. - Owner-readability is now only enforced for files when quotas are enabled (Claudiu) . - A new Czech translation has been added. Contributed by Martin Sarfy - Default UID and GID can now be used for SQL-based authentication, contributed by Clive Goodhead, adapted to PostgreSQL as well. - A Vpopmail authentication module has been added (contrib/pure-vpopauth.pl) . - "make -f Makefile.gui" should work again on most today's Linux distributions. - The Win32 port was slightly improved. The server is now compiled as non-root (but binds port 21) and ASCII transfers are not mangled any more. - The RPM initialization script (redhat.init, installed as /etc/init.d/pure-ftpd) now calls pure-config.pl . It means that /etc/sysconfig/pure-ftpd is deprecated and you must use /etc/pure-ftpd.conf instead. * Version 1.0.12: - New workarounds and conformance fixes were added to improve client compatibility. - Zero-copy downloads are now enabled on HPUX and Solaris. - Russian and Chinese (simplified + traditional) translations were added. - LDAP_FTPUID and LDAP_FTPGID are now really fetched from the directory. - The Windows ports has been stabilized. - A protection against common bruteforce scanners for hidden directories has been added. - The FTP data connection assurance draft (ESTA/ESTP) has been implemented. - Per-user (including anonymous) concurrency limits are now available. * Version 1.0.11: - New translation: norwegian. Contributed by Kurt Inge Smċdal / EasyISP.org . - The server now compiles and runs on OpenBSD/Sparc and HPUX. - Minor fixes and cleanups were made. - The good'ol poweredby.jpg logo has been replaced by pure-ftpd.png, the new official logo contributed by Gabriele Vinci . * Version 1.0.10: - Pure-FTPd can now compiles out of the box on OpenBSD with PostgreSQL. - Overall minor speedups were comitted. - File names with multiple successive dots in their names are now accepted in a virtual chroot jail. - A "customerproof" option has been added, in order to turn on workarounds against common customer mistakes (-Z / --customerproof) . - Spec file has been improved. - PureDB has been upgraded to version 2.1 . * Version 1.0.9: - The server can now run 100% as a non-root user with all features turned on, including chroot, virtual domains and virtual users. - ACLs for virtual users (puredb) can now resolve dynamic host names, not only static IP addresses. - The LDAP backend now supports an extended schema with quota, ratios, bandwidth management and FTP-specific uid/gid attributes. - MD5 hashed passwords are now implemented in the PostgreSQL backend. - External authentication modules are now properly working on non-Linux systems and they can compile without ratio/quotas/throttling. - Korean, Spanish and Slovak translations were updated. - System random devices can now be probed at run-time. - PAM examples are now more generic. * Version 1.0.8: - /./ in path to home directory is now accepted for anonymous users. - Virtual chroot can now play nicely with the non-root mode: users are restricted to the directory pure-ftpd was started in. - The package was ported to AtheOS and Windows. - pure-quotacheck can now run as any user. (suggested by Philip Mak ) . - MD5 passwords can now be used in SQL authentication. -Contributed by Nicolas Doye. - W3C logfiles can now be generated (-O w3c:/path/to/log/file) . - contributed by Thomas Briggs . - New switch: -G (--norename) to disallow rename. - Pure-FTPd works again on MacOS X. - An external authentication handler (-lextauth:/path/to/socket) was added, so that any custom authentication scheme can easily be added without recompiling anything. See the README.Authentication-Modules file for more info. - Long-standing bugs were fixed, compatibility with SecureFX was improved, compilation with SSL-enabled OpenLDAP is now properly working, bashisms were removed, source code was cleaned up, FAQ has grown, etc. * Version 1.0.7: - Use OpenBSD security features when applicable. Thanks to Brad Smith - Virtual hosts and virtual chroot can now play together. - Directory aliases ("cd" shortcuts and "SITE ALIAS" command) were implemented. (by Kenneth Stailey . - More compilation fixes for old Solaris versions. - A workaround for an FTP Explorer bug has been fixed. -Thanks to Shiroiwa Noboru for reporting this. - pure-pw useradd now works on some buggy GlibC versions. - New translation: Swedish. Contributed by Ulrik Sartipy - Access to dot-files is now allowed even with virtual quotas. Thanks to Benoit Massard. * Version 1.0.5: - Rename and delete operations are now syslogged. - Multiple IP/mask filtering rules can now be used for a single account with virtual users (puredb) . - Pure-FTPd now compiles and runs on systems without snprintf(), especially Solaris < 2.6 . (contributed by Kenneth Stailey) . - Documentation and translations were updated. - Minor bugs were fixed. * Version 1.0.4: - .message files are now handled on Irix systems - Michael Glad . - Passive mode can now be handled through SMC Barricade routers, that deliberately block it. Contributed by Gareth Blades - A preliminary FAQ was added. - The package now compiles and runs on Corel Netwinder devices (Gareth Woolridge) . * Version 1.0.3: - A workaround for a bug in Macromedia Homesite was added. Thanks to Stephan Wentz  for his help on that issue. - ASCII downloads have been optimized. * Version 1.0.2: - Non-atomic renaming of files is now supported when virtual quotas are enabled. - New compile-time option to support system (not virtual) quotas. - pure-ftpwho displays bandwidth usage and download progression again. Thanks to Erik Larsson for reporting this. - On-demand creation of home directories can now create all parent directories. - New UPLOAD_VUSER environment variable, to fetch virtual user names through pure-uploadscript. - PureDB version 2.0 was merged in. Lookups are 2x to 10x faster than with version 1.0, due to a new binary search code, contributed by Philip Gladstone - New MaxDiskUsage configuration file in Perl/Python config file parsers. Contributed by Laurent Culioli ***** IMPORTANT ***** If you are using PureDB files with versions < 1.0.2, you must rebuild the database (pure-pw mkdb) after upgrading to 1.0.2 or later. ***** IMPORTANT ***** * Version 1.0.1: - Bandwidth throttling is now fixed on Linux platforms when sendfile() is enabled. - Quotas fixes. - ASCII upload fixes. Thanks a million to Terry Davis for his help. - New funny french messages pack. * Version 1.0.0: - Support Base64-encoded MD5/SHA and salted MD5 (SMD5) and SHA (SSHA) LDAP passwords. - Fixed throttling with virtual users. - Members of the trusted group can delete files even when -K is enabled. - New translations: Slovak (contributed by Robert Varga) and Korean (contributed by Im Eunjea) . - Portability enhancements. Pure-FTPd now compiles and runs on SGI Irix. Thanks to Florin Andrei. - Fixed compilation on Sparc 64-bit architectures with Sun Forte C compiler. Contributed by Xavier Beaudouin - Code cleanups. -Matthias. - pure-pw can build puredb databases, regardless of server compilation options. Suggested by Arkadiusz. - New --with-confdir switch for ./configure . - Allow files beginning/ending with spaces. Thanks to Andreas Piening for helping to solve that issue. * Version 0.99.9: - All known bugs in pure-ftpwho were fixed. - Robustness improvements. - Directory listings speedups. - New '-m' option to pure-pw that automatically calls pure-pw mkdb after a change to an account. Suggested by Olivier Deckmyn. - New optional PURE_PASSWDFILE and PURE_DBFILE environment variables for pure-pw. Suggested by Olivier Deckmyn. - "pure-pw mkdb" without any further argument can now rebuild the database with default files. - New Italian translation, contributed by Stefano F.  . - New Brazilian Portuguese translation, contributed by Roger Constantin Demetrescu - New poweredby.jpg web button, contributed by Freeman - New -g (--pidfile=) option to specify the location of the PID file. Suggested by Jason Lunz. * Version 0.99.4: - Better support for LFS. Contributed by Thorsten Kukuk . - Pure-PW bug fixes. * Version 0.99.3: - Old versions of MySQL (<= 3.22.x) are now supported. Thanks to Marc Jauvin . - Individual quotas can be stored in MySQL databases. Contributed by Marc Jauvin. - Support for MySQL's password() hash function. Contributed by Robin Ericsson (lobbin) . - New "any" option for the MySQLCrypt field, to match any hashing function. - Use MySQL transactions with InnoDB, BerkeleyDB and Gemini tables. - Ratios and bandwidth can now be stored in MySQL databases. - New SQL digraph: \D (remote IP address as a long decimal number). Suggested by Bernie. - Individual IP filtering and time restrictions can be enabled for virtual users. - New uploads are now removed if the quota has already been exceeded. - Pure-FTPd now compiles and works on very old Linux distributions and Darwin (MacOS X) . * Version 0.99.2a: - When quotas were enabled, but no quota was specified, uploads were always truncated to 0 bytes. It has been fixed. * Version 0.99.2 - Dutch translation, provided by Johan Huisman and Jan van Veen - Fix --createhome option, reported by Lan Yufeng. - New --without-iplogging compile-time switch to never log any IP address, for servers that need to protect privacy. Suggested by Jeff Moe. - Added a workaround for buggy IP stacks. - RPM can now be build with PAM support. - A new safe-guard protects users against executing confusing chmod commands on their home directories (and root on /, too) . - Support for virtual quotas (new option: --quotas / -n , new command: pure-quotacheck) . Please read the "virtual quotas" section in README. - New port: Playstation 2 Linux, thanks to Tomonori Kamitaki - The memory footprint for uploads has been slightly reduced, especially when bandwidth throttling is enabled. Thanks to Daniel Tschan. - Virtual users (FTP-only local user list, independent of /etc/passwd) were implemented. Every user can have different bandwidth, quota and ratio. * Version 0.99.1b - Access to remote MySQL databases has been fixed. - New program: "pure-statsdecode" to convert timestamps into human- readable dates in "stats" logfiles. - IP addresses of remote clients can now be used in SQL queries with a new '\R' digraph. - A default uid and gid can now be specified for LDAP objects. - The shell is not checked any more with MySQL and LDAP authentication schemes. - New switch: --createhomedir (-j) to automatically create missing home directories. Suggested by Christian Janssen . * Version 0.99.1a - New alternative logging format: "stats", designed for the ftpStats application. - Cosmetic fix with ratios. - New -K / --keepallfiles directive. - Workaround for broken clients that don't properly end up their command lines. * Version 0.99.1 - Accounts can now be stored in a MySQL database. - Uploadscript work together with Apache-like log files. - Support for asynchronous (pipelined) FTP. - Process names are now properly changed on Linux. - Always report download progression and individual bandwidth usage in pure-ftpwho. - Fix support of old Solaris versions. - Bandwidth throttling is now working with > 2Gb files. - Assorted optimizations, bug fixes and cleanups. * Version 0.99b - Big fixes and improvements to LDAP authentication: Solaris compilation fixes and support MD5 and SHA1 digests. - Fixed Apache-like log files for Webalizer. - Downloaded/uploaded files are now logged with LOG_NOTICE priority. - Support for network filesystems. - Display real user name instead of uid even for chrooted users. - Don't crash after authentication failures when the server is launched in non-root mode. - RPM improvements. * Version 0.99a - Always display the local IP and port with pure-ftpwho -v. - Fixed CLF logfiles. Thanks to Paul Hansen for reporting this. * Version 0.99 - New README.Debian file. - Danish translation, contributed by Isak Lyberth. - Fixed throttling and performance improvements on FreeBSD. Reported by Rafa Michaelski. - Show setuid/setgid/sticky bits in ls -l. - New -R/--nochmod option to disallow SITE CHMOD usage. * Version 0.99pre2 - "ftp" can be used as a fake shell, no need to add it to /etc/shells. - Improvements to the RPM package. - More accurate throttling. - New "-1" (--logpid) option to add PID info to syslog output. Contributed by Matthias Andree. - Changed the trusted gid behavior when the /./ trick is used: members of the trusted group *are* chrooted, but they have no ratio and dot-files are allowed - Suggested by Leszek Reimus. - New --with-paranoidmsg compile-time option to favor paranoia over sysadmin-friendly messages. - New --with-everything compile-time option to build a full-featured server. - Backward compatibility with old IP stacks (old GlibC, Solaris < 8, ...) - --help now displays the server version (only for root) . - Memory optimizations. - New --altlog option to created log files in alternative formats. Apache-like files can be produced so that any web statistic software can be used to analyze Pure-FTPd activity. - Workaround for an AbsoluteFTP bug (reported by Daniel Elsaesser) regarding CWD error codes. * Version 0.99pre1 - Have MSIE open an authentication dialog when anonymous users are forbidden (-E) in compatibility mode (-b) . - Don't choke CuteFTP when the NAT mode (-N) is enabled. Reported by David Vincelli. - Have metacharacters work on OpenBSD. - Fixed typos in documentation. * Version 0.98.7 - Fixed a bug with ASCII upload: with some clients, the last carriage return wasn't written. - Allow the retrieval of regular files pointed by symbolic links. - Fixed arithmetic errors in pure-ftpwho. - CHMOD and DELE workarounds for broken clients. - Optimizations. - Don't hangup when a new transfer is asked but no semaphores are available. - Try to handle very low bandwidth throttling (reported by Sergey Mihailov ) . * Version 0.98.6 - Fixed a nasty bug introduced in 0.98.5: overwriting a file didn't truncate the previous content (Reported by Chris Mentjox). * Version 0.98.5 - Recognize ADAT command to please Kerberized Fetch 5 clients (Macintosh) - Thanks to Darren Casey for reporting this. - Fix syslog output on broken implementations without locking (reported by Sami Koskinen). - Don't auto-login to please some broken clients who are sending strange commands before being authenticated. - New 'contrib' directory with users-contributed work. - Fix support for > 2Gb files on Linux. - Fix PAM support on Solaris. - Don't wait after a download when throttling is enabled. - Implement --maxdiskusagepct and --maxload options on non-Linux systems. - Accept non-anonymous users in virtual hosts (suggested by Chris Mentjox . - Parse all clients in pure-ftpwho, even when we reached the limit (reported by Brandon Covert). - Performance improvements under high load: rewritten command parser. - Don't remove partially uploaded files for non-anonymous users. - The script run after an upload can now get extra info about the newly uploaded file in environment variables: UPLOAD_SIZE, UPLOAD_PERMS, UPLOAD_UID, UPLOAD_GID, UPLOAD_USER and UPLOAD_GROUP. - New option (-r) to automatically rename uploaded files instead of overwriting them. - New option (-i) to disallow upload to anonymous users, whatever directory permissions are (suggested by Chris Mentjox). - New option (-V ) to restrict non-anonymous access to a specific IP address. - New configuration flag: --with-virtualhosts to enable /etc/pure-ftpd/ support. * Version 0.98.4 - The nasty bug of the -C option was finally fixed: no more syslog output in client sockets (Thanks to Paul Hansen for tracking this down). * Version 0.98.3 - Reliability fixes. - Security fix for non-Linux and non-BSD systems. - Fix listing of symbolic links to directories (Reported by Martin Hadenfalk) . * Version 0.98.2a - Accept "." in LDAP user names. - Fix --sysloghack typo for Debian users. * Version 0.98.2 - Enhanced portability: the server is now working on LinuxPPC, Solaris 8, Tru64 and possibly other modern operating systems. Thanks a lot to Erik (Cirvam, ) for his very nice help on the Solaris port. - Backward-compatibility with old OpenLDAP releases (1.x), thanks to M.Robbins. - Bandwidth is properly reported after a resumed transfer. - Transfers can now be gracefully aborted by clients. - Improved performance: lower system load during transfers (especially under Linux and FreeBSD) and various optimizations. - Improved performance (2): new code for directory listings, way much efficient than the previous one, with reduced memory footprint and disk I/O. * Version 0.98.1 - Files and directories can now have separated umask. It fixes the 'mkdir' permissions problem introduced in 0.98. - Improved display of user group list. * Version 0.98 - Support for long options on BSD. - Actually include the polish translation. - Spanish translation (Luis Llorente Campo). - Renamed mrtginfo to pure-mrtginfo. - The default umask is now 133. By explicitly setting the mask to 022, uploaded files can become executable. - Logging can be disabled (-f none) . - Upload and download bandwidth can now be throttled separately. - Pure-ftpwho is now reporting transfer progress, file sizes and individual bandwidth usage. There's also a new target (-s, 'shell mode') for easy parsing with cut/sed . - A new daemon (pure-uploadscript) can now automatically run a program or script after a successful upload. * Version 0.97.7 - Fixed Xinetd documentation (Olivier Tharan). - Added 'welcome.msg' compatibility (Togusa). - Change process names on BSD systems. - Minor bug fixes or optimizations. - Completed the romanian translation (Claudiu) . - Added polish translation (Arkadiusz) . - Safe defaults for -c. - New 'pure-ftpwho' command to display current active connections, with text, HTML, CGI and XML outputs. * Version 0.97.6 - Allow anonymous users to read dot-files if '-z' is specified. - New option: '-N' for servers behind broken NAT/masquerading gateways. - Fixed a possible security flaw in file listings. - Display '.banner' files for all users, not just anonymous ones (suggested by Shea Martin) . - Fixed -U option (reported by Shea Martin) . - Updated documentation/man pages. - Happy Easter to everyone:) * Version 0.97.5 - Optimizations and portability improvements. - Bug fixes: a wrong file size was logged for uploads, no space after the result of SIZE (fixes a problem with LeechFTP), keep all connections even under high load and improved configuration file parsers. - New option: '-4', to only accept IPv4 connections (needed for OpenBSD). * Version 0.97.4 - Fixed a nasty bug with group initialization introduced in 0.97.3 . Reported by Brian . * Version 0.97.3 - Pure-FTPd now works on Linux and FreeBSD. - German, romanian and french translations. - Size of downloaded files is always logged. - Enhanced support of the FTP protocol and modern extensions: multi-lines responses for HELP/FEAT, STAT command and new format for directory listings through MLST and MLSD (autodetected by NcFTP) . - Minor cosmetic changes and more compilation flexibility. - The server can now run as a non-privileged user. - New '-k' flag to disallow upload if mode than X % of the partition is full. - /var/run/pure-ftpd.pid is created in standalone mode. - Support for alternative long GNU options, with built-in help. - Minor bugfixes. * Version 0.97.2 - Fixed a big bad typo in 0.97.1 that prevented passive transfers from working. - EPSV ALL support. - The standalone server daemonizes if '-B' is given. Contributed by Jason Lunz. - Added the size of downloaded/uploaded files in log messages. - Minor optimizations. * Version 0.97.1 - More security paranoia for passive connections handling. - Fixed a bug with .message and .banner files containing nothing but white spaces (thanks to Emmanuel Hocdet for reporting this) . - More compatibility in (-b)roken mode: disable HELP and ask a dummy password to anonymous clients. * Version 0.97-final - Accept non-ascii (accents) file names. (Reported by Louis Rouxel ) - Dynamic process title change. - Stabilized the standalone code. - New '-E' option to disallow anon login even if ~ftp exists (Suggested by Daniel Elsaesser) . - New '-C' option to limit the number of simultaneous connections from the same client IP address. * Version 0.97pre5 - Pure-FTPd has now a fast and IPv6 capable standalone mode, so that a super-server is no more required. - New '-U' option to change the umask. - New '-x' and '-X' option to prevent users from reading/writing dot-files, even if they own them to protect files like .ssh, .qmail, and .history .(Thanks to William Kern for the suggestion) . - Bandwidth throttling is now specified in exact KB/s. * Version 0.97pre4 - Added '-D' option to force 'ls' display dot-files even when a client doesn't send the '-a' option (ls -la) . - Keep the previous permissions when overwriting a file. - New '-I' option to change the maximum idle time. * Version 0.97pre3 / 0.96.2 - Fixed HELP and SITE commands. - Faster globbing and more eye-candy built-in "ls" format. - Support for shadow passwords expiration dates. - Support for large files (> 2 gigabytes) . - FXP now works with IPv6 as well. - Standard 'fortune' files are now used as login cookies. - Easier to parse and more verbose log messages. * Version 0.97pre2 - Memory allocation bug fixed in glibc-glob. - Macroized ls.c messages for translation. * Version 0.97pre1 - Check for and convert 4-in-6 addresses. - Count IPv6 connections. - Code cleanups, optimizations and more paranoia. - Ready for translated messages. - LDAP support fixed. - Configurable fortune cookies (new '-F ' option). * Version 0.96.1 - Definitive fix against possible globbing denial of service. - Changed the ASCII restart message to something more friendly. * Version 0.96 - More 'ls' fixes against denial of service. - Better support for broken NAT gateways. * Version 0.96pre1 - Added '-P' flag (explicitly set an IP address in reply to a PASV command), '-A' flag (to chroot() everyone) and '-H' flag (to avoid DNS resolution), '-U' flag (to limit the maximum depth of a recursive 'ls' and the maximum number of displayed files) and '-M' flag (allow anonymous users to create directories). - Added FEAT command. - Allow anonymous users to create directories if they have write access to the parent directory. - Rewritten handling of virtual hosts. - Full IPv6 support. * Version 0.95.2 - Changed the build-in 'ls' format to have Internet Explorer properly parse symbolic links. - Implemented STOU, ALLO and APPE commands. - Added '-e' flag to only allow anonymous connections. - Drop CAP_SYS_CHROOT to enhance security. * Version 0.95.1 - Fixed wrong user count for the '-c' option. - Fixed chroot() when capabilities drop is enabled. - Always force 8 bits transfers if we didn't set the compatibility mode (-b) . * Version 0.95 - Fixed GUI for old versions of Dialog (Slackware). - Handle SPSV, XCWD and XCUP commands. - Improved documentation. - Better PAM sample. - Minor bug fixes and more security paranoia. - Included a patch to improve Netfilter's FTP connection tracking. - Upload/download quotas for w4r3z d00d2. - Native support for LDAP directories. * Version 0.95-pre{1,2,3,4} - Raised the upload buffer size: uploads should be a bit faster now. - Bandwidth throttling (see flags '-t' and '-T') to avoid anonymous users fill up the whole bandwidth. - Incremental delay after authentication failures to limit brute-force password scanning. - Removed a DNS double-check that caused connection problems with hosts that had broken DNS entries. - Installation GUI (dialog). - Implemented SITE HELP. - Version number is now displayed in the first banner. - Insecure users (non-chrooted, non-root and anonymous) can't upload dot files any more. - Added paranoid timeouts. * Version 0.94 - Linux capabilities fixes. - SITE CHMOD support. * Version 0.93 - Support for the FXP protocol. * Version 0.92 - Added a workaround for broken clients like LeechFTP. - Syslog identity changed to "pure-ftpd". - Idle clients sending nothing but NOOP are now disconnected. * Version 0.91 - Possible better network throughput (TCP_CORK usage). - The number of active sessions wasn't properly computed if the server port wasn't the default FTP port - fixed. We can now have several Pure-FTPd instances on different ports of the same computer. - Deprecated '-x' flag in favor of '-a'. - Updated man pages, documented http-style handling. - Moved to Sourceforge. * Version 0.90: initial release. - IPv6 support. - PAM authentication. - ASCII transfers. - Preliminary large files support (needs a sendfile() wrapper). - Capabilities drop. - Switchable user names. - Switchable humor. - Cookies. - Chroot()ed home directories. - Various security enhancements. - Fixed HTTP-style handling. - Rewritten documentation. - Autoconf. - Code clean up and compilation fixes. - No more need for mkusers - symbolic names are now dynamically cached. pure-ftpd-1.0.46.orig/README0000644000000000000000000022410713077406760012235 0ustar .:. PURE-FTPD .:. Documentation for version 1.0.46 ------------------------ BLURB ------------------------ Pure-FTPd is a fast, production-quality, standard-conformant FTP server, based upon Troll-FTPd. The server has been designed to be secure in default configuration, it has no known vulnerability, it is really trivial to set up and it is especially designed for modern kernels. It was successfully ported to Linux, FreeBSD, DragonflyBSD, NetBSD, OpenBSD, Bitrig, OSX, AIX and iPhone. Features include chroot()ed and/or virtual chroot()ed home directories, virtual domains, built-in 'ls', anti-warez system, configurable ports for passive downloads, FXP protocol, bandwidth throttling, ratios, LDAP / MySQL / PostgreSQL-based authentication, fortune files, Apache-like log files, fast standalone mode, text / HTML / XML real-time status report, virtual users, virtual quotas, privilege separation, TLS and more. ------------------------ WHO'S USING IT? ------------------------ Many people new to Unix are running Pure-FTPd because they find it easy to install. But that software is also used on embedded systems and highly loaded production servers, especially for hosting services. For large sites with centralized user management, Pure-FTPd provides flexible authentication schemes including SQL and LDAP backends, plus the ability to easily write new custom handlers in any language. ------------------------ COMPILATION ------------------------ In its current form, Pure-FTPd uses some OS-specific system calls. And although some portability work has been done in order to ease its port to other operating systems, only Linux FreeBSD, NetBSD, OpenBSD, ISOS, MirBSD, BSDi, DragonflyBSD, Darwin, Solaris, Tru64, Irix, AIX and HPUX are known to work, other operating systems may need some tweaks. With Linux, any modern distribution should be ok. * Step 1 (optional but recommended): Create a specific, unprivileged user and group called _pure-ftpd, without any valid shell. Don't use this for anything else, including FTP virtual users. groupadd _pure-ftpd useradd -g _pure-ftpd -d /var/empty -s /etc _pure-ftpd If having a user whose name begins with an underscore is a no-go for you, you can also call it pure-ftpd, without the underscore. * Step 2: If you have Cdialog or Xdialog installed on your system, try the following command to build and install Pure-FTPd: make -f Makefile.gui If you don't have Cdialog or if you prefer the conventional way, here it is: ./configure make install-strip Et voila! The software is now installed in /usr/local/sbin/pure-ftpd * Step 3: To launch the server, just type the following command: /usr/local/sbin/pure-ftpd & If you installed a binary package (RPM, SLP, Debian), maybe use the following command instead: /usr/sbin/pure-ftpd & Your server is ready. Just type 'ftp localhost' to test it. If you want to automatically run the server when the system boots, add the previous command to /etc/rc.d/rc.local or /etc/rc.d/boot.local . Don't forget the '&' sign. Note: To deinstall Pure-FTPd (no, do you really want to do this?), use: ./configure make uninstall ------------------------ ADVANCED COMPILATION ------------------------ The "./configure" script accepts some arguments you might want to add before the compilation: /-------------------- "--with-" switches --------------------/ --with-altlog: in addition to the syslog output, support logging into a specific file, in an alternative format. Currently, the CLF, Stats, W3C and xferlog formats are implemented. CLF (common log format) is the basic format produced by Apache, WebFS, Roxen and most web servers. These log files only record file transfers and they can feed web statistic software (Analog, Webalizer, etc.) to analyze the load of your FTP server. The Stats format is a special output format, designed for log file analysis software. The W3C format is a standard format parsed by most commercial log analyzers (all analyzers with support for IIS should deal with it) . Xferlog is the traditional format created by wu-ftpd. Check the -O option later in this documentation for additional info. --with-brokenrealpath: some Solaris versions have a broken realpath() implementation. If altlog and/or pure-uploadscript doesn't seem to work properly on your system, try to recompile with this switch. --with-tls: enable TLS support. Read README.TLS for more about this feature. --with-certfile=: the file with the TLS certificate (see README.TLS). The default is /etc/ssl/private/pure-ftpd.pem . --with-cookie: display a fortune or a customized banner when a user logs in (see the '-F' option) . --with-diraliases: support directory aliases ("shortcuts" for the "cd" command) . Please read the appropriate section about this (further in this manual) . --with-everything: build a big server with almost all features turned on: altlog, cookies, throttling, ratios, ftpwho, upload script, virtual users (puredb), quotas, virtual hosts, directory aliases, external authentication, Bonjour and privilege separation. --with-extauth: compiles support for external authentication modules. Please read README.Authentication-Modules and the pure-authd(8) man page before enabling this feature. Most users don't need it. --with-ftpwho: support for the 'pure-ftpwho' command. Enabling this feature needs some extra memory. Better use it when the server is run in standalone mode. It can be way slower in inetd mode. --with-language=english --with-language=german --with-language=romanian --with-language=french --with-language=polish --with-language=spanish --with-language=danish --with-language=italian --with-language=brazilian-portuguese --with-language=slovak --with-language=dutch --with-language=korean --with-language=swedish --with-language=norwegian --with-language=russian --with-language=traditional-chinese --with-language=simplified-chinese --with-language=hungarian --with-language=catalan --with-language=czech: change the language of server messages. Default is english. If you want to contribute a translation, please translate the 'src/messages_en.h' file and send it to . --with-ldap: use the native LDAP directory support. When this option is enabled, system accounts can be bypassed. You need OpenLDAP to use that feature. If OpenLDAP is installed in a custom location, you can use the --with-ldap= syntax. See the README.LDAP file for more info about LDAP and Pure-FTPd. --with-minimal: to efficiently use features of modern FTP clients, Pure-FTPd implements the basics of the FTP protocol, with many extensions (SITE IDLE, SITE CHMOD, MLSD, ...) . Using the --with-minimal directive, these extensions won't be compiled in. Also, there will be no standalone server, no lookup for user/group names, no humor and no ASCII support. But the executable file size will be smaller than in a default installation. You need at least GCC 3.3 to compile with this option. Regular expressions are compiled in. If you still want to reduce the size, use --without-globbing in conjunction with --with-minimal. If you are building an embedded system, use this. In all other cases, to avoid complaints from customers (especially with Windows clients), forget this. --with-mysql: use the native MySQL support for users database. When this option is enabled, system accounts can be bypassed. MySQL client libraries should be installed to use that feature. If MySQL is installed in a custom location, you can use the --with-mysql= syntax. See the README.MySQL file for more info about MySQL and Pure-FTPd. --with-nonroot: set up a server that doesn't need root privileges to be started. Any regular user can run the server. It can be useful if you have a limited shell access to a non-dedicated hosting server. But some features will be disabled and passwords can only be checked via LDAP, SQL or PureDB. When virtual chroot is enabled, people will be restricted to the directory the server was started in. This is an insecure mode, designed for setting up very temporary servers by regular (non-root) users. Port 2121 will be listened by default in standalone mode. If you want to use the nonroot mode, you must compile and *install* the software (./configure --prefix=... && make install-strip) . /sbin, /bin and /man directories will be created in that prefix. But you must also add an /etc directory (readable and writeable by the user pure-ftpd will run as) . You can change the anonymous FTP root directory through an environment variable named FTP_ANON_DIR. --with-pam: use pluggable authentication modules. Don't use this option if your login/passwd pairs are always refused (but the real fix would be to fix your PAM configuration). You need to create a /etc/pam.d/pure-ftpd file to properly use the PAM authentication. The 'pam' directory contains an example of such a file. --with-paranoidmsg: favor paranoid messages over sysadmin-friendly messages. When this option is enabled, login failures will show the same message to the user, regardless of the source of the problem. Without this option, "Authentication failure" is displayed when this is a password problem and "Sorry, I can't trust you" is displayed when the user has been banned by the sysadmin. --with-peruserlimits: enable per-user concurrency limits. Avoid this on very loaded servers. --with-pgsql: use the native Postgres support for users database. When this option is enabled, system accounts can be bypassed. Postgres client libraries should be installed to use that feature. If Postgres is installed in a custom location, you can use the --with-pgsql= syntax. See the README.PGSQL file for more info about Postgres and Pure-FTPd. --with-probe-random-dev: Pure-FTPd uses /dev/urandom or /dev/random devices to provide hardly-predicable random numbers. Presence of these devices are usually probed at compile-time. If you want to compile a binary package on a host, then run it on another host, this option will enable the probe at run-time. This is useless on Linux and BSD systems, but it can be needed on Solaris and QNX. --with-puredb: support virtual users, ie. a local users database, independent of your system accounts. Please read the README.Virtual-Users file for more info about virtual users. --with-quotas: enable virtual quotas. With virtual quotas, you can restrict the maximal number of files a user can store in his account. You can also of course restrict the total size. See the "quotas" section later in this document. --with-ratios: support upload/download ratios, to please w4r3z fr34k2. --with-sysquotas: support system quotas (not Pure-FTPd's virtual quotas) . --with-throttling: support bandwidth throttling (see below). --with-uploadscript: since 0.98, Pure-FTPd has a nice feature regarding uploads. Any external program or script can be automatically called after a successful upload. It needs another program installed by the Pure-FTPd package, called 'pure-uploadscript'. Check the man page for more info about this. --with-virtualchroot: usually, when a user is chrooted (-A and -a options), it's impossible to go out of his home directory. Enabling that feature makes it possible: symbolic links are always followed, even if they are pointing to directories not located in the user's home directory. This is very useful for having shared directories (for instance, have a symbolic link to /var/incoming in every home directory) . This feature isn't enabled by default. --with-virtualhosts: support virtual hosting. It means that you can have different anonymouns FTP areas for each IP address. If your server has only one IP address, you don't need that feature. But if you have multiple IP addresses and if you want a client that connects to IP xxx to get the content of /etc/pure-ftpd/xxx/ instead of ~ftp/ , enable this option. And read the the "VIRTUAL SERVERS" section at the end of this file. --with-welcomemsg: read 'welcome.msg' files for compatibility with some other FTP servers. This is a security flaw (anonymous users may upload 'welcome.msg' files to add random banners) . Pure-ftpd uses '.banner' files by default. --with-boring: display boring "professionnal-looking" messages. --with-bonjour: enable Bonjour support on MacOS X (see the -v switch). --with-rfc2640: enable support for charset conversion. It adds a dependency over the iconv library and it requires a little more CPU time. See the -8 and -9 switches. --with-implicittls: build a FTPS server (TLS is implicitly enabled). The protocol is incompatible with FTP and listens to another port by default (port 990, ftps). Never enable this option unless you know what you're doing. /----------------------- "--without-" switches -----------------------/ --without-privsep: disable privilege separation (see notes about this later), not recommended. --without-ascii: does not support 7-bits transfers (ASCII) . If you have customers using Windows clients to send scripts and HTML files, don't use this option or they will yell at you. --without-capabilities: if the capabilities library (libcap) is found, Pure-FTPd will try to use it in order to enhance security. This option overrides the test to ignore the library. Try this if capabilities don't work properly on your system. libcap can be downloaded from ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/ . --without-globbing: don't include the globbing code. It reduces the memory footprint but regular expressions won't work any more (things like 'ls *.rpm') . Most people shouldn't use --without-globbing. Globbing is a nice feature. --without-humor: if you find what this option does without peeking at the source code, you're a lucky guy! --without-inetd: if you will always be running Pure-FTPd in standalone-mode, enabling this flag can save a few code bytes. Don't enable --without-inetd and --without-standalone, because it's impossible to run a server without one of them. These options aren't enabled on binary distributions of Pure-FTPd, so that both inetd-like and standalone mode are supported. --without-iplogging: don't log any IP address to protect confidentiality, especially for political servers. --without-nonalnum: paranoid file name checking: only allow basic alphanumeric characters. Never enable this switch blindly, or your customers will complain. --without-unicode: disallow non-latin characters. Recommended if you don't have special characters in file names. --without-sendfile: on Linux, Solaris, HPUX and FreeBSD kernels, Pure-FTPd tries to reduce the CPU/memory usage by using a special system call (sendfile) . It works very well with most filesystems. However, this optimization is not implemented for all filesystems in current kernels. Users reported that downloading files with Pure-FTPd failed with SMBFS (Samba) on FreeBSD and TmpFS and NTFS on Linux (the error reported by the server is "broken pipe" or "Error during write to data connection") . If you are planning to serve files from these filesystems, you have to use the --without-sendfile switch to enable a workaround. It was also reported that PA-Risc Linux systems need this flag. --without-shadow: ignore the shadow passwords, even though they are auto-detected. Usually a bad idea, unless you use PAM, LDAP or SQL. Pure-FTPd support expiration dates of shadow passwords (both for accounts and passwords) . --without-standalone: the FTP server can normally run in standalone-mode (without any super-server) . If you don't need that feature and if you want to save few code bytes, add this option. A super-server such as xinetd or tcpserver will be mandatory to run the service. But the standalone mode is the recommended mode of operation. --without-usernames: never outputs user and group names in directory listings, only UIDs and GIDs. It improves security and performances, but some people find this not user-friendly. /-------------- Other notes --------------/ Other traditional autoconf options are of course recognised, in particular: - "--prefix=" to change the installation prefix, that defaults to "/usr/local/" - "--sysconfdir=" to change the configuration files directory (defaults to "/etc" unless you specified a prefix with --prefix) - "--localstatedir=" to change the runtime files directory (defaults to "/var" even if you specified a prefix with --prefix) FYI, the binary RPM packages of Pure-FTPd are configured with the following command line: ./configure --with-everything --with-paranoidmsg --without-capabilities \ --with-virtualchroot RPM packages are also compiled with --without-pam to enhance their portability. ------------------------ STANDALONE INSTALLATION ------------------------ This is the recommended way to start the server. Unless you compiled the server with "--without-standalone", running the server is as easy as typing: /usr/local/sbin/pure-ftpd & In the following examples, we will assume that the 'pure-ftpd' file is located in /usr/local/sbin. This is the default if you compiled the server from the source code tarball. But as I said earlier in this document, if you installed a binary package (RPM, SLP, DEB, TGZ), the server maybe installed in /usr/sbin/. So just replace '/usr/local/sbin/pure-ftpd' with '/usr/sbin/pure-ftpd'. When the previous command is run, the server will listen for incoming connections on every interface, all IP addresses and the standard FTP port (21) . If your system has IPv6 addresses, they should work as well. Now, if you want to listen for an incoming connection on a non-standard port, just append '-S' and the port number: /usr/local/sbin/pure-ftpd -S 42 Service names are also allowed ('-S smtp' and the daemon will be accepting connections on the SMTP port (25) . Very uncommon, but we should please everybody anyway, even disturbed minds) . Now, what if your system has many IP addresses and you want the FTP server to be reachable on only one of these addresses, let's say 192.168.0.42? Just use the following command line: /usr/local/sbin/pure-ftpd -S 192.168.0.42, The final comma is important, don't forget it. Actually, it's a shorthand for: /usr/local/sbin/pure-ftpd -S 192.168.0.42,21 If you prefer host names over IP addresses, it's your choice: /usr/local/sbin/pure-ftpd -S ftp.example.com,21 IPv6 addresses are of course supported. With previous command lines, the server will run in the default configuration. Anonymous FTP logins will be allowed if there's a system account called 'ftp' and every user of your system will be able to access the FTP server using their regular login/password pair. If you need to tweak that default configuration, other command-lines options can be added. For instance: /usr/local/sbin/pure-ftpd -c 50 & or /usr/local/sbin/pure-ftpd -S ftp.example.com,21 -c 50 & And only 50 simultaneous connections will be allowed. To discover what options are available please jump to the 'OPTIONS' chapter below. If the server runs perfectly for you in standalone mode, you don't need to read the following chapter about super-servers. But read the options. '-m' and '-C' are recommended. '-D' is also a good choice if you (or your customers) use broken clients. Please read on. When you run 'ps auxw|grep pure-ftpd', the result looks like this: root 15211 0.1 0.3 1276 452 ? S 13:53 0:00 pure-ftpd [SERVER] root 15212 0.1 0.5 1340 672 ? S 13:54 0:00 pure-ftpd [IDLE] root 15214 0.0 0.5 1340 672 ? S 13:56 0:00 pure-ftpd [DOWNLOADING] [SERVER] is the main server. If you kill this process, the server will exit after the next connection. [IDLE] shows a client with no transfer activity. [DOWNLOADING] shows a client downloading a file. [UPLOADING] show a client uploading a file. For easy scripting, the file '/var/run/pure-ftpd.pid' is created and it always contains the PID of the main server process. If you want to stop the server, you can just kill the processes: pkill -x pure-ftpd Of course, don't use -9 unless the server is completely stuck. -9 doesn't let processes any chance to clean things up and should never be used except where there's absolutely nothing else to do. ------------------------ SUPER-SERVER INSTALLATION ------------------------ Pure-FTPd can also run with the help of a super-server, like telnet, wu-ftp, finger or Qmail. This is not recommended. If this is an option, start it in standalone mode instead. Using a super-server is usually slower than the standalone mode. But if you love tcpwrappers or built-in filtering abilities of your super-server, Pure-FTPd can cope with them. Unix has tons of super-servers: Inetd (the most common one), TCPserver, G2S, Xinetd, Rlinetd, ... Only the first three will be covered here, but integration with other super-servers should be painless. **** Usage with Inetd **** Important: if security matters for you, forget inetd. In the default configuration, inetd will stop a service after a high rate of connections to the same port. This creates an easy denial-of-service. Also, inetd doesn't have any concurrency limit. Bad guys can fill up your memory and your descriptor tables even if you are restricting the number of connections in pure-ftpd. Better use a modern replacement for inetd, or run pure-ftpd in standalone mode. 1) Check that inetd is up: ps auxw | grep inetd root 3699 0.0 0.3 1072 492 ? S 15:47 0:00 inetd 2) Edit /etc/inetd.conf and look for a line like: ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd The line may also end with "proftpd" or "wuftpd", but it should start with "ftp stream tcp". 3) Replace that line with the following one: ftp stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/pure-ftpd If /usr/sbin/tcpd is missing on your system, try the following line instead: ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd 4) Restart the inetd daemon: pkill -x -s HUP inetd If 'pkill' is missing on your system, try this: kill -HUP $(cat /var/run/inetd.pid) **** Usage with Xinetd **** Add the following entry to the /etc/xinetd.conf file: service ftp { socket_type = stream server = /usr/local/sbin/pure-ftpd protocol = tcp user = root wait = no disable = no } On Redhat systems, you can also put this in a /etc/xinetd.d/pure-ftpd file. Then, restart the server: pkill -x -s USR2 xinetd **** Usage with TCPserver **** TCPServer is part of the ucspi-tcp package by Dan Bernstein. The simplest way of running Pure-FTPd with TCPserver is the following command: tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd & You can add that line to your system local startup scripts (usually /etc/rc.d/boot.local or /etc/rc.d/rc.local) . If it doesn't work, replace 'tcpserver' with its full path (eg. '/usr/local/bin/tcpserver') . ------------------------ OPTIONS ------------------------ The previous steps should be enough to get a running FTP server. But you can add some command-line arguments to change its behavior. These arguments have to be added after the pure-ftpd path in your super-server configuration. For instance, you want to add the '-s' and '-a 42' flags. Here are what the configuration lines will look like in your super-server: - Inetd: ftp stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/pure-ftpd -s -a42 or ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd -s -a42 If you use Inetd, don't put space between options and arguments. e.g. use -a42 instead of -a 42 . Inetd has trouble dealing with a lot of options and with characters like ':' . - Xinetd: service ftp { socket_type = stream server = /usr/local/sbin/pure-ftpd server_args = -s -a 42 protocol = tcp user = root wait = no disable = no } - TCPserver: tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -s -a 42 & - G2S: { SERVICE ftp DESCRIPTION "Pure-FTPd" RUN /usr/local/sbin/pure-ftpd -s -a 42 } Users need a shell listed in /etc/shells to get restricted or unrestricted FTP access. Alternatively, you can give them "ftp" as a shell. Users with a "ftp" shell will be able to login through FTP only: no telnet, no SSH. And there's no need (and you shouldn't do so) for an "ftp" entry in /etc/shells. Here are the recognized switches: - '-0': when a file is uploaded and there is already a previous version of the file with the same name, the old file will neither get removed nor truncated. Upload will take place in a temporary file and once the upload is complete, the switch to the new version will be atomic. For instance, when a large PHP script is being uploaded, the web server will still serve the old version and immediately switch to the new one as soon as the full file will have been transferred. - '-1': log the PID of each session in syslog output. - '-2 ': when using TLS, set the path to the certificate file. - '-4': only listen to IPv4 connections. - '-6': don't listen to IPv4, only listen to IPv6. - '-a ': authenticated users will be granted access to their home directory and nothing else (chroot) . This is especially useful for users without shell access, for instance, WWW-hosting services shared by several customers. Only member of group number will have unrestricted access to the whole filesystem. So add a "staff", "admin" or "ftpadmin" group and put your trusted users in. is a NUMERIC group number, not a group name. This feature is mainly designed for system users, not for virtual ones. Note: 'root' (uid 0) always has full filesystem access. If you want to chroot() everyone, but root, use the following flag: - '-A': chroot() everyone, but root. There's no such thing as a trusted group. '-A' and '-a ' are mutually exclusive. - '-b': Ignore parts of RFC standards in order to deal with some totally broken FTP clients, or broken firewalls/NAT boxes. Also, non-dangling symbolic links are shown as real files/directories. - '-B': Have the standalone server start in background (daemonization). - '-c ': Allow a maximum of clients to be connected. For instance '-c 42' will limit access to simultaneous 42 clients. There is a 50 client limit by default. - '-C ': Limit the number of simultaneous connections coming from the same IP address. This is yet another very effective way to prevent stupid denial of services and bandwidth starvation by a single user. It works only when the server is launched in standalone mode (if you use a super-server, it is supposed to do that) . If the server is launched with '-C 2', it doesn't mean that the total number of connections is limited to 2. But the same client, coming from the same machine (or at least the same IP), can't have more than two simultaneous connections. This feature needs some memory to track IP addresses, but it's recommended to use it. - '-d': Send various debugging messages to the syslog. Don't use this unless you really want to debug Pure-FTPd. Passwords aren't logged. Duplicate '-d' to log responses, too. - '-D': List files beginning with a dot ('.') even when the client doesn't append the '-a' option to the list command. A workaround for badly configured FTP clients. If you are a purist, don't enable this. If you provide hosting services and if you have lousy customers, enable this. - '-e': Only allow anonymous users. Use this on a public FTP site with no remote FTP access to real accounts. - '-E': Only allow authenticated users. Anonymous logins are prohibited. - '-f ': Use that facility for syslog logging. It defaults to 'ftp' (or 'local2' if you got an obsolete libc without that facility). Logging can be disabled with '-f none' . - '-F ': Display a fortune cookie on login. The sentence is a random extract from the text file . This text file should be formatted like standard "fortune" files (fortunes are separated by a '%' sign on a single line) . Pure-FTPd has to be compiled with support for cookies (--with-cookie). If you just want a simple banner displayed before the login prompt, add the name of any text file here. - '-g ': Change the location of the pid file when the server is run in standalone mode. The default is /var/run/pure-ftpd.pid . - '-G': Disallow renaming. - '-H': By default, fully-qualified host names are logged. To achieve this, DNS lookups are mandatory. The '-H' flag avoids host names resolution. ("213.41.14.252" will be logged instead of "www.toolinux.com") . It can significantly speed up connections and reduce bandwidth usage on busy servers. Use it especially on public FTP sites. Also, please note that without -H, host names are informative but shouldn't be trusted: no reverse mapping check is done to save DNS queries. - '-i': Disallow upload for anonymous users, whatever directory permissions are. This option is especially useful for virtual hosting, to avoid your users creating warez sites in their account. - '-I ': Change the maximum idle time. The timeout is in minutes and defaults to 15 minutes. Modern FTP clients are trying to fool timeouts by sending fake commands at regular interval. We disconnect these clients when they are idle for twice (because they are active anyway) the normal timeout. - '-j': If the home directory of a user doesn't exist, automatically create it. The newly created home directory belongs to the user and permissions are set according to the current directory mask. Only the home directory can be created (so /home/john/./public_html won't work, but /home/john will) . To avoid local attacks, the parent directory should never belong to an untrusted user. Also note that you must trust whoever manages the users databases, because with that feature, he'll be able to create/chown directories anywhere on the server's filesystem. - '-J ': Sets the list of ciphers that will be accepted for TLS connections. - '-k ': Don't allow uploads if the partition is more than % full. For instance, "-k 95" will ensure your disks will never get filled more than 95% by FTP. No need for the "percent" sign after the number. - '-K': Allow users to resume and upload files, but *NOT* to delete or rename them. Directories can be removed, but only if they are empty. However, overwriting existing files is still allowed (to support upload resume) . If you want to disable this too, add -r (--autorename) . - '-l ' or '-l :': Adds a new rule to the authentication chain. Please read the "Authentication" section, later in this README file. It's an important section. - '-L :': To avoid stupid denial-of-service attacks (or just CPU hogs), Pure-FTPd never displays more than 10000 files in response to an 'ls' command. Also, a recursive 'ls' (-R) never goes further than 5 subdirectories. You can increase/decrease those limits with the '-L' option. - '-m ': Don't allow anonymous download if the load is above . A very efficient way to prevent overloading your server. Upload is still allowed, though. - '-M': Allow anonymous users to create directories. - '-n :': If the server has been compiled with support for virtual quotas, enforce these quota settings for all users (except members of the 'trusted' group) . is in Megabytes. See the "virtual quotas" section later in this document. - '-N': NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box that doesn't support applicative FTP proxying, or if you use port redirection without a transparent FTP proxy, use this. Well... the previous sentence isn't very clear. Okay: if your network looks like this: (FTP server)-------(NAT/masquerading gateway/router)------(Internet) and if you want people coming from the internet to have access to your FTP server, please try without this option first. If Netscape clients can connect without any problem, your NAT gateway rulez. If Netscape doesn't display directory listings, your NAT gateway sucks. Use '-N' as a workaround. - '-o': Write all uploaded files to '/var/run/pure-ftpd.upload.pipe' so that the 'pure-uploadscript' program can run. Don't enable that option if you don't actually use 'pure-uploadscript' otherwise pure-ftpd will hang waiting for pure-uploadscript to start. - '-O :': Record all file transfers into a specific log file, in an alternative format. Currently, four formats are supported: CLF (Apache-like), Stats, W3C and xferlog. If you add '-O clf:/var/log/pureftpd.log' to your starting options, Pure-FTPd will log transfers in /var/log/pureftpd.log in a format similar to the Apache web server in default configuration. If you use '-O stats:/var/log/pureftpd.log' to your starting options, Pure-FTPd will create log files in a special format, designed for statistical reports. The Stats format is compact, more efficient and more accurate that CLF and the old broken "xferlog" format. The Stats format is: is a GMT timestamp (time()) and identifies the current session. is unquoted, but it's always the last element of a log line. "U" means "Upload" and "D" means "Download". Warning: the session id is only designed for statistics purposes. While it's always an unique string in the real world, it's theoretically possible to have it non unique in very rare conditions. So don't rely on it for critical missions. A command called "pure-statsdecode" can be used to convert timestamps into human-readable dates. The W3C format is enabled with '-O w3c:/var/log/pureftpd.log' . For security purposes, the path must be absolute (eg. /var/log/pureftpd.log , not ../log/pureftpd.log) . If this log file is stored on a NFS volume, don't forget to start the lock manager (often called "lockd" or "rpc.lockd"). - '-p :': Use only ports in the range to inclusive for passive-mode downloads. This is especially useful if the server is behind a firewall without FTP connection tracking. Use high ports (40000-50000 for instance), where no regular server should be listening. - '-P ': Force the specified IP address in reply to a PASV/EPSV/SPSV command. If the server is behind a masquerading (NAT) box that doesn't properly handle stateful FTP masquerading, put the ip address of that box here. If you have a dynamic IP address, you can put the public host name of your gateway, that will be resolved every time a new client will connect. - '-q :': Enable ratios for anonymous users. - '-Q :': Enable ratios for everybody (anonymous and non-anonymous). Members of the root (0, something called 'wheel') have no ratio. - '-r': Never overwrite existing files. Uploading a file whose name already exists cause an automatic rename. Files are called xyz, xyz.1, xyz.2, xyz.3, etc. Tip: if you compile with 'make AUTORENAME_REVERSE_ORDER=1' , the naming convention will be reversed. Files will be called xyz, 1.xyz, 2.xyz, 3.xyz, etc. - '-R': Disallow users (even non-anonymous ones) usage of the CHMOD command. On hosting services, it may prevent newbies from making mistakes, like setting bad permissions on their home directory. Only root can use CHMOD when -R is enabled. - '-s': The "waReZ protection". Don't allow anonymous users to download files owned by "ftp" (generally, files uploaded by other anonymous users) . So that uploads have to be validated by a system administrator (chown to another user) before being available for download. - '-S [,|,] [|]'. This option is only effective when the server is launched as a standalone server. Connections are accepted on the specified IP and port. IPv4 and IPv6 are supported. Numeric and fully-qualified host names are accepted. A service name (see /etc/services) can be used instead of a numeric port number. - '-T ' and '-t ': Enable bandwidth limitation (see below) . is specified in kilobytes/seconds. To set up separate upload/download bandwidth, the []:[] syntax is supported. - '-u ': Don't allow uids below to log in. '-u 1' denies access to root (safe), '-u 100' denies access to virtual accounts on most Linux distros. - '-U :': Change the file creation mask. The default is 133:022. If you want a new file uploaded by a user to only be readable by that user, use '-U 177:077'. If you want uploaded files to be executable, use 022:022 (files will be readable -but not writable- by other users) or 077:077 (files will only be executable and readable by their owner) . Please note that Pure-FTPd support the SITE CHMOD extension, so a user can change the permissions of his own files. - '-V ': Allow non-anonymous FTP access only on this specific local IP address. All other IP addresses are only anonymous. With that option, you can have routed IPs for public access and a local IP (like 10.x.x.x) for administration. You can also have a routable trusted IP protected by firewall rules and only that IP can be used to login as a non-anonymous user. - '-v ': Set the service name for Apple's Bonjour. Only available on MacOS X when Bonjour support is compiled in. - '-w': Support the FXP protocol only for authenticated users. FXP works with IPv4 and IPv6 addresses. - '-W': Support the FXP protocol. FXP allows transfers between two remote servers without any file data going to the client asking for the transfer. However: **************************************************************************** *FXP IS AN INSECURE PROTOCOL* (third-party hosts can steal the current connection) . In Pure-FTPd, specific precautions have been taken to reduce FXP insertion attacks. But if your FTP server serves private data: NEVER ALLOW FXP ACCESS TO UNTRUSTED HOSTS. YOU CAN PLAY WITH IT ON AN INTERNAL SERVER, BUT _DON'T_ GIVE FXP ACCESS TO ANONYMOUS INTERNET USERS. **************************************************************************** It's why FXP is disabled by default on Pure-FTPd unless you explicitly enable it with '-W' or '-w'. - '-x': In normal operation mode, authenticated users can read/write files beginning with a dot ('.') . Anonymous users can't, for security reasons (like changing banners or a forgotten .rhosts) . When '-x' is used, authenticated users can download dot-files, but not overwrite/create them, even if they own them. That way, you can prevent hosted users from messing .qmail files. If you want to give user access to a special dot-file, create a symbolic link to the dot-file with a file name that has no dot in it and the client will be able to retrieve the file through that link. - '-X': This flag is identical to the previous one (writing dot-files is prohibited), but in addition, users can't even *read* files and directories beginning with a dot (like "cd .ssh") . **************************************************************************** When used in conjunction with "-a", members of the trusted group can bypass '-x'/'-X' restrictions. **************************************************************************** - '-y :': This option only works if the server has been compiled with --with-peruserlimits. It restricts the number of concurrent sessions the same user can have. A null value ('0') means 'unlimited'. Here's a concrete example: /usr/local/sbin/pure-ftpd -y 3:20 -c 15 -C 5 -B Here, we allow: * A max total of 15 sessions. * 5 connections max coming from the same IP address. * 3 connections max with the same user name. * 20 anonymous users max. With such a setup, a single user can't easily fill all slots. - '-Y 0': Disable the TLS encryption layer (default). '-Y 1': Accept both standard and encrypted sessions. '-Y 2': Refuse connections that aren't using TLS security mechanisms, including anonymous sessions. The server must have been compiled with --with-tls and a valid certificate must be in place to get this feature. See the README.TLS file for more info about TLS. '-Y 3': Cleartext sessions are refused and only TLS compatible clients are accepted. Clear data connections are also refused, so private data connections are enforced. - '-z': Allow anonymous users to read files and directories starting with a dot ('.') . - '-Z': Try to protect customers against common mistakes to avoid your technical support being busy with stupid issues. Right now, the '-Z' switch prevents your users against making bad 'chmod' commands, that would deny access to files/directories to themselves. The switch may turn on other features in the future. If you are a hosting provider, turn this on. If you prefer long options (GNU-style) over standard ones, the following aliases are available. You can get this list at any time by typing 'pure-ftpd --help' . --(switches sorted by ##standard switches## lexical order)-- -0 --notruncate -1 --logpid -4 --ipv4only -6 --ipv6only -8 --fscharset -9 --clientcharset -a --trustedgid -A --chrooteveryone -b --brokenclientscompatibility -B --daemonize -c --maxclientsnumber -C --maxclientsperip -d --verboselog -D --displaydotfiles -e --anonymousonly -E --noanonymous -f --syslogfacility -F --fortunesfile -g --pidfile -G --norename -h --help -H --dontresolve -i --anonymouscantupload -I --maxidletime