diff --git a/INSTALL b/INSTALL index b2252bfb15..aa696e045f 100644 --- a/INSTALL +++ b/INSTALL @@ -1,3 +1,4 @@ + ProFTPD 1.2.0 Installation Instructions ======================================= @@ -31,6 +32,8 @@ Note that a sample RPM spec file has been included in contrib/dist/rpm/. NOTE TO PACKAGE MAINTAINERS: Please, do NOT remove the ELF .comment and .note sections. +If you install ProFTPD on a slightly uncommon (or really new or old) platform, +please consider recording and sharing your experience. ------------------ @@ -56,17 +59,20 @@ Installation Instructions and the other README.* and contrib/README.* files. Note that the following modules are included by default and need not - be added explicitly: mod_core, mod_auth, mod_xfer, mod_site, mod_ls, - mod_unixpw, and mod_log. Also, if libpam is detected by configure, - the mod_pam module will be included automatically. + be added explicitly: mod_auth, mod_core, mod_log, mod_ls, mod_site, + mod_unixpw and mod_xfer. Also, if PAM is detected by configure, + the mod_pam module will be included automatically. However, it has + been reported that some systems still require it to be added explicitly. + Further note that the contrib/mod_test module is not functional, and you + should not attempt to use it. You may need to specify the shared library search path on your system. See your system and compiler documentation. Frequently, the -R or -rpath - options are used for this operation. Be very careful to set the path on - AIX systems using the -blibpath option. See README.AIX. + options are used for this operation. Be especially careful to set the + path on AIX systems. See README.AIX. Hint: if your configure command line becomes long or complicated, - try storing it in a sh script file, say '.configcmd'. + you might try storing it in a sh script file, say '.configcmd'. 1. Configure the software. @@ -79,9 +85,9 @@ Installation Instructions $ ./configure By default the ProFTPD files will be installed as user 'root' and the - first gid=0 group listed in /etc/group, usually either 'root' or 'wheel'. - If you wish to install using a different user or group ownership, set the - install_user and install_group environment variables before running + first group with gid 0 listed in /etc/group, usually 'root' or 'wheel'. + If you wish to install using a different user or group ownership, set + the install_user and install_group environment variables before running configure. Using a Bourne-ish style shell (e.g. sh, ksh, bash), you can do this on the command line like this: @@ -112,24 +118,27 @@ Installation Instructions $ ./configure --sysconfdir=/etc --localstatedir=/var Optional ProFTPD modules can be included using '--with-modules=LIST', - where 'LIST' is a comma-separated list of module names. This applies + where 'LIST' is a colon-separated list of module names. This applies only to optional modules, such as those found in the contrib/ directory (the core modules in the modules/ directory are either mandatory or - included by default, with the exception of the non-functional mod_tar - and mod_test modules). For example, if you wish to include both the - readme and ldap modules, you would use: + included by default). For example, if you wish to include both the + readme and LDAP modules, you would use: $ ./configure --with-modules=mod_readme:mod_ldap - Note that if your system uses shadow password files which you wish - to be used for user authentication, you probably need to use either - '--enable-autoshadow' or '--enable-shadow'. Also, if you wish to use - the sqlpw module, you also must specify either the sqlpw or pgsql module - later in the module list, e.g. '--with-modules=mod_sqlpw:mod_mysql'. - It won't work if the ordering is reversed. + Some operating systems require you to use either '--enable-autoshadow' + or '--enable-shadow' if you wish to use the system's shadow password + file for user authentication. Using autoshadow allows proftpd to work + with either shadow or traditional password files. + + If you wish to use SQL for user authentication, you must specify mod_sql + and one SQL backend module, either mod_sql_mysql or mod_sql_postgres. + Further, the backend module must be specified *later* in the module list, + e.g. '--with-modules=mod_sql:mod_sql_postgres'. Otherwise, compilation + will succeed, but SQL authentication will not work. - Be aware that if you ever need to rerun the configure script, - you first should run 'make distclean'. + Be aware that if you ever need to rerun the configure script, you first + should run 'make distclean'. 2. Verify correct configure operation. @@ -149,7 +158,7 @@ Installation Instructions 4. Test the software. As of ProFTPD 1.2.0, there are no automated regression tests. - However, you may wish to perform your own ad-hoc, manual tests. + However, you are encouraged to perform your own ad-hoc, manual tests. Note that you can start proftpd directly from your shell prompt, but do remember that it must run as root for all functions to operate properly. @@ -157,11 +166,36 @@ Installation Instructions An alternate configuration file can be specified using the '-c' command line switch. In the configuration file, the TCP ports may be changed from the standard default ftp (21) and ftp-data (20) ports, and an - alternate passwd file may be specified. - - $ rm -f /tmp/TEST.passwd /tmp/PFTEST.group - $ cp -p sample-configurations/PFTEST.[pg]* /tmp - $ ./proftpd -c sample-configurations/PFTEST.conf + alternate passwd file may be specified. Since such a daemon will not be + able to change its uid, you also must specify the user and group names + to match those used to start the daemon. + + To demonstrate this process, a set of example config files have been + included in the sample-configurations subdirectory. + + % sh sample-configurations/PFTEST.install + Sample test files successfully installed in /tmp/PFTEST. + % ./proftpd -n -d 5 -c /tmp/PFTEST/PFTEST.conf + + Then, in another window, connect to the unprivileged port. PFTEST.conf + uses port 2021, and PFTEST.passwd defines a user "proftpd" with password + "proftpd". Using the traditional Unix ftp client, it might look something + like this: + + % ftp -n -d + ftp> open 2021 + ftp> user proftpd + ---> USER proftpd + 331 Password required for proftpd. + Password: [proftpd] + ---> PASS proftpd + 230 User proftpd logged in. + ftp> + + The supplied PFTEST.passwd is in traditional Unix format. Your system + may use a different file format, so you may have to create your own. + Further, you may have to use another method to insert your user and group + names into the PFTEST.conf file, if the PFTEST.install script fails. If you encounter any problems, be sure to see the "Troubleshooting" and "Help" sections below. @@ -173,12 +207,13 @@ Installation Instructions 6. Install the software. - Note: this and the remaining steps likely require root privilets. + Note: this and the following steps likely require root privileges. Unless a system specific installation package was created, e.g. an RPM, run 'make install' from the top-level build directory. This installs the ProFTPD executables, man pages, and a basic configuration file, - 'sample-configurations/basic.conf'. The full path to the configuration - file will be '/usr/local/etc/proftpd.conf', unless changed in Step 1. + copied from 'sample-configurations/basic.conf'. The full path to the + configuration file will be '/usr/local/etc/proftpd.conf', unless it was + changed in Step 1. If an installation package was created, install the ProFTPD package according to procedures appropriate for that packaging system. @@ -197,10 +232,10 @@ Installation Instructions 8. Modify the inetd superserver configuration file. Edit /etc/inetd.conf and then send the inetd process the -HUP signal, - so that it will reread it's now modified configuration file. On some - systems there are other mechanisms to signal inetd to reread its - configuration file, e.g. 'refresh -s inetd' is used on AIX. Check your - system documentation to see what is appropriate. + so that it will reread the updated configuration file. On some systems + there are other mechanisms to tell inetd to reread its configuration file, + e.g. 'refresh -s inetd' on AIX. Check your system documentation to see + what command is appropriate. If proftpd is to be run from inetd, find the line in /etc/inetd.conf that looks something like: @@ -231,15 +266,18 @@ Installation Instructions 10. Create the runtime state directory. - In order for MaxClients, MaxClientsPerHost and the ftpwho/ftpcount - utilities to work, you need to specify a scoreboard path for proftpd's - scoreboard files. The default is '/usr/local/var/proftpd/', but this - path may have been redefined in the configuration process in Step 1. - The ScoreboardPath directive in proftpd.conf will override the default - directory location. Whichever directory is used, it must exist prior - to starting proftpd, so you must create it manually if it does not - already exist. No special permissions are needed on the directory, - unless you wish to restrict who is allowed to run ftpwho and ftpcount. + In order for the MaxClients and MaxClientsPerHost directives and the + ftpwho and ftpcount utilities to work, proftpd must have a directory to + hold its scoreboard files. The default is '/usr/local/var/proftpd/', + though it may have been changed in the configuration process in Step 1. + The default location also can be overriden at run-time by using the + ScoreboardPath directive in the proftpd.conf configuration file. + Whatever diretory is used, it must exist prior to starting proftpd. + If you have installed from an installation package, the installation + scripts may have created the default directory. Nonetheless, if it does + not already exist you must create it manually. No special permissions + are needed on the directory, unless you wish to restrict who is allowed + to run ftpwho and ftpcount. 11. Verify operation. @@ -283,33 +321,39 @@ Good luck! Troubleshooting --------------- +This section is far from comprehensive. See the FAQ and other resourses +for further assistance. + + T1. Compile time problems are often easy to sort out by giving the right - options and search paths to the compiler. However, other times they - can be rather distressing to debug. Often they have to do with - header files or C preprocessor name space conflicts. A few packages - have been known to install conf.h headers in /usr/local/include. - Occasionally, one must resort to looking at the preprocessor output, - e.g. `cc -E file.c`. + options and search paths to the compiler. However, at other times they + can be rather difficult to debug. Problems often result from header + file or C preprocessor macro name conflicts. A few packages have been + known to install conf.h headers in /usr/local/include. Occasionally, + one must resort to looking at the preprocessor output. Consult your + compiler documentation for how to do this, though a command similar + to `cc -E file.c` often works. - Some common error messages are: + Some common error messages include: o "symbol ap_signal undefined in main.o" - This usually means that the fnmatch.h header is including - the Apache ap_config.h header, though proftpd does not link - with the Apache library. This mostly happens on Solaris 8, - though on RH6.0 causes the problem. + This usually means that the fnmatch.h header is including + the Apache ap_config.h header, though proftpd does not link + with the Apache library. This mostly happens on Solaris 8, + though a similar problem has been reported on Red Hat 6.0 + systems with the header. -T2. If you encounter runtime problems, first check your syslog messages. - The proftpd daemon logs all error conditions it encounters, including - problems parsing the configuration file. Authentication related +T2. If you encounter run-time problems, first check your syslog messages. + The proftpd daemon logs all the error conditions that it encounters, + including problems parsing the configuration file. Authentication related messages are logged using the syslog facility "auth" or, if available, - "authpriv", while all other messages use the syslog "daemon" facility, - unless redirected by the "-n" command line switch or by the configuration - file directives SyslogFacility or SystemLog. Check your syslogd.conf - to see what syslogd does with these messages. + "authpriv". All other messages use the syslog "daemon" facility, unless + redirected by the "-n" command line switch or by the SyslogFacility or + SystemLog directives. Check your syslogd.conf to see what syslogd does + with these messages. - Some common error messages are: + Some common error messages include: o "inet_create_connection() failed: Operation not permitted" This usually means that proftpd was not started as root. @@ -326,7 +370,26 @@ T2. If you encounter runtime problems, first check your syslog messages. "ProFTPD terminating (signal 11)" This usually means that shadow passwd file support is required but was not compiled in. Try starting the build over at Step 1, - adding either '--enable-autoshadow' or '--enable-shadow'. + adding either '--enable-autoshadow' or '--enable-shadow' to + the configure command line. + + o "Fatal: unknown configuration directive 'AuthPAMAuthoritative' + on line NN of '/etc/proftpd.conf'." + This means that either 'AuthPAMAuthoritative' was misspelld or + mod_pam was not compiled in to ProFTPD. If the latter, you may + need to reconfigure and recompile proftpd, explicitly adding + mod_pam with the "./configure --with-modules=mod_pam ...". + + If users can not login and your system uses PAM authentication, you may + need to configure PAM to work for FTP. For further details, consult your + system PAM documentation. If you have installed from a package, hopefully + this was done automatically. On Linux systems, the following may work: + + % cp -p contrib/dist/rpm/ftp.pamd /etc/pam.d/ftp + + If your client sees something like "server error 500, server shut down", + that probably means that you have a stale /etc/shutmsg file, which you + should delete. T3. You can generate additional debugging messages by starting the proftpd @@ -357,18 +420,18 @@ T5. If your system has a system call trace utility, you may wish to use it http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/trace-1.6/ http://devresource.hp.com/devresource/Tools/ToolLibrary.html#perfhp o syscalls, trace (AIX 4.x); sctrace (AIX: [$$$] http://www.tkg.com) - o par (Irix) + o par (IRIX) o alpha-trace (Digital Unix: ftp://ftp.mrc-lmb.cam.ac.uk/pub/jkb/) o ktrace/kdump (NetBSD, OpenBSD) - o ktrace/kdump, strace, ltrace (Linux) + o strace, ktrace/kdump, ltrace (Linux) T6. Another diagnostic technique is to monitor the FTP protocol communication between the proftpd server and the ftp client. Many ftp clients have a debug or trace option. Though requiring detailed knowledge of the FTP protocol, telnet can be used to connect and directly converse with the - proftpd server. Lastly, the FTP converstation can be observed using a - network monitoring tool, such as tcpdump, snoop or netsnoop. + proftpd server. Lastly, the FTP converstation can be traced using a + network monitoring tool, such as tcpdump, etherfind, snoop or netsnoop. T7. Further debugging probably will require the use of a debugger, @@ -383,8 +446,11 @@ Help H1. Before asking for help on the mailing list, look through the available documentation, including the FAQ and the searchable archives of the - mailing lists. Many common questions are answered in those documents. - See the "Resources" section below for pointers and links. + mailing lists. Not only are many common questions answered in those + documents, but they will often yield answers faster than a question + sent to the mailing list. + + See the "Resources" section below for documentation pointers and links. H2. When posting to the mailing list, try to be clear and concise, but give @@ -398,36 +464,38 @@ H2. When posting to the mailing list, try to be clear and concise, but give So, at a minimum, you should include: o OS type and version (e.g. `uname -a`) - o ProFTPD version (`proftpd -v`) + o ProFTPD extended version (`proftpd -vv`) o ProFTPD module list (`proftpd -l`) The following may help to further identify compilation information, especially if you are installing a vendor supplied package rather than building from sources yourself: - o `what proftp` or `ident proftpd` + o `what proftpd` or `ident proftpd` And still more compilation information may be available if your system uses the ELF object file format: - o `objdump -f proftp` or `dump -v -f proftp` - o `objdump -j .comment proftp` or `dump -n .comment proftp` - o `mcs -p proftp` - o `objdump -j .note proftp` or `dump -v -n .note proftp` - or `mcs -p -n .note proftp` + o `objdump -f proftpd` or `dump -v -f proftpd` + or `elfdump -v -f proftpd` + o `objdump -j .comment proftpd` or `dump -n .comment proftpd` + or `elfdump -n .comment proftpd` + o `mcs -p proftpd` + o `objdump -j .note proftpd` or `dump -v -n .note proftpd` + or `elfdump -v -n .note proftpd` or `mcs -p -n .note proftpd` H3. Please, please, do not use the bug reporting system for compilation or configuration problems and questions. Those should be sent to the mailing list. - In order conserve to development resources, please only submit bug reports - when you have some reasonable confidence that there is an actual code bug, + In order conserve development resources, please only submit bug reports + when you have reasonable confidence that there is an actual code bug, a portability problem, or problems with the build and compilation system. Even then, please first search the bug system to see if your bug has been reported already. If it has, use your own best judgement about adding comments to the existing report, especially either to confirm the bug's existence or to provide additional diagnostic and debugging information. - For some more suggestions about bug reporting, see: + For some more suggestions about reporting bugs, see: http://bugs.proftpd.org/bugwritinghelp.html @@ -448,31 +516,17 @@ R1. Basics. R2. ProFTPD Documentation Project. + Documents include a Configuration Reference, draft User Guide, and FAQ. + Formats include linked and single HTML files, PostScript, PDF and text. + + Note that this Configuration Reference may refer to a newer code base + than you are using. So, referring to doc/Configuration.html file in + your source distribution may be less confusing. (main): http://pdd.sourceforge.net/ (mirror): http://hamster.wibble.org/proftpd/ (mirror): http://www.flyhmstr.demon.co.uk/proftpd/ - Config Reference: http://pdd.sourceforge.net/html/Configuration.html - http://pdd.sourceforge.net/directives/linked/r1.html - http://pdd.sourceforge.net/directives/all_directives.html - http://pdd.sourceforge.net/directives/all_directives.ps - http://pdd.sourceforge.net/directives/all_directives.pdf - - NOTE: This Configuration.html may refer to a newer - code base than the one in your source distribution. - - User Guide (draft): http://pdd.sourceforge.net/userguide/linked/userguide.html - http://pdd.sourceforge.net/userguide/other/userguide_full.html - http://pdd.sourceforge.net/userguide/other/userguide.ps - http://pdd.sourceforge.net/userguide/other/userguide.pdf - - FAQ (hyperlinked): http://pdd.sourceforge.net/faq/proftpdfaq.html - FAQ (single file): http://pdd.sourceforge.net/faq/proftpdfaq-full.html - http://pdd.sourceforge.net/faq/proftpdfaq.ps - http://pdd.sourceforge.net/faq/proftpdfaq.pdf - http://pdd.sourceforge.net/faq/proftpdfaq.txt - R3. E-Mail Lists. @@ -515,3 +569,4 @@ R6. Statement about proftpd.org and proftpd.net. mirrors of one another. The official proftpd site is www.proftpd.org, however www.proftpd.net will remain in operation at a physically remote location in order to provide redundancy. + diff --git a/README b/README index 886a6f1295..90c9befd93 100644 --- a/README +++ b/README @@ -1,77 +1,112 @@ -ProFTPD 1.2 README + + ProFTPD 1.2.0 README + ==================== + +Introduction +------------ + +ProFTPD is a highly configurable FTP daemon for Unix and Unix-like +operating systems. See the README.ports file for more details about +the platforms on which ProFTPD in known or thought to build and run. + +ProFTPD grew from a desire for a secure and configurable FTP server. +It was inspired by a significant admiration of the Apache web server. +Unlike most other Unix ftp servers, it has not been derived from the old +BSD ftpd code base, but is a completely new design and implementation. + +ProFTPD's extensive configurability provides systems adminstrators great +flexibility in user authentication and access controls, including virtual +ftp users and easy chroot() ftp sessions for individual users. + +ProFTPD is popular with many service providers for delivering update +access to user web pages, without resorting to Unix shell accounts. + +ProFTPD powers many well-known, high-volume anonymous FTP sites, including +debian.org, freshmeat.net, gnu.org, isc.org, kernel.org, perl.org, redhat.com, +slashdot.org and sourceforge.net. + +ProFTPD is bundled with several Linux distributions, including +Conectiva and Trustix. + + +Latest Release +-------------- + + ftp://ftp.proftpd.org/distrib/ + http://www.proftpd.org/ + http://pdd.sourceforge.net/mirrors.html + + + +Major Features +-------------- + + o A single main configuration file, with directives and directive groups + patterned after those of the Apache web server. + + o Per directory ".ftpaccess" configuration similar to Apache's ".htaccess". + + o Designed to run either as a stand-alone server or from inetd. + + o Multiple virtual FTP servers and anonymous FTP services. + + o Multiple passwd files. + + o Shadow password support, including support for expired accounts. + + o Multiple authentication methods, including PAM, LDAP and SQL. + + o Virtual users. + + o ProFTPD never executes any external program at any time. + There is no SITE EXEC command, and all file and directory listings + are generated internally, without using an external ls command. + + o Anonymous FTP and other chroot directories do not require any specific + directory structure, executable programs or other system files. + + o Modular architecture with an API that facilitates well structured + extensions to meet user needs. + + o Visibility of directories or files controlled based on Unix style + permissions or user/group ownership. + + o Logging and utmp/wtmp support. Logging is compatible with wu-ftpd, + and extended, customizable logging is available. + + o If supported by the capabilities the host system, it can run as a + non-privileged user in stand-alone mode, thwarting attacks aimed at + exploiting "root" privileges. + + o GPL source license. The source code is available to audit. + + + +Documentation +------------- + + http://pdd.sourceforge.net/ + http://www.proftpd.org/docs/ + + + +Installation Overview --------------------- -URL: http://www.proftpd.org - -INTRODUCTION -************ - - -ProFTPD is a highly configurable ftp daemon for unix and unix-like -operating systems. Currently, the following operating systems are -supported: - -!! NOTE: gcc and gmake are _required_ on all platforms, unless otherwise - indicated !! - -Linux (recommend kernel 2.0.x or 2.2.x -- _glibc2 (libc6) required_) -BSDI 2.x (possibly) -BSDI 3.1 (tested -- use gmake instead of make) -BSDI 4.0 -IRIX 6.2 -IRIX 6.3 (native compiler or gcc) -IRIX 6.4 (tested) -Solaris 2.5.1 (see README.Solaris2.5x) -Solaris 2.6 (may get warnings) -Solaris 2.7 (may get warnings) -AIX 3.2 (native compiler) -AIX 4.2 (tested) -OpenBSD 2.2/2.3 (tested) -FreeBSD 2.2.7 (tested see NOTE) -FreeBSD 3.3 (see NOTE) -Digital UNIX 4.0A -DEC OFS/1 (native compiler) -MacOS X 1.02 - - [ NOTE: FreeBSD 2.0 to 3.3-RELEASE has a libc bug involving - setpassent(). If you know you have a fixed libc you can - use the --enable-force-setpassent to use it with one of these - releases otherwise ProFTPD will use its internal persistent - password support. If you'd like more information the bug is - FreeBSD PR #14201. ] - - -ProFTPD is designed to be somewhat of a "drop-in" replacement for wu-ftpd. -Full online documentation is available at http://www.proftpd.org, -including a server configuration directive reference manual. - - -INSTALLATION -************ - -For detailed installation instructions, see the INSTALL file in the source -distribution. - -1. Configure the source distribution for your OS type by running the GNU -autoconf 'configure' script in the root source directory. - -2. If configure runs without a problem, simply type 'make' from the root -source directory to build the necessary binaries. You may need to tweak -config.h and/or Makefile to suit your needs. - -3. 'make install' to install proftpd. By default, the 'proftpd' binary -is installed into /usr/sbin. You can alter the default installation -directories by editing the top level Makefile. - -4. By default, proftpd looks for a single configuration file as -/usr/local/etc/proftpd.conf. Copy sample-configurations/basic.conf to -/usr/local/etc/proftpd.conf and modify to suit your needs. More advanced -configuration examples are also included. - -5. If you wish to run proftpd as a standalone daemon, you'll need to -modify your system startup rc scripts to start proftpd on boot. Make sure -you change the ServerType directive in /etc/proftpd.conf in order to tell -proftpd which mode it is running in. If you wish to run proftpd from -inetd (the default), you'll need to modify your /etc/inetd.conf file -appropriately, and restart the inetd super-server. - -6. All done! + +For detailed installation instructions, see the INSTALL file in the root +directory of the source distribution. + +The ProFTPD source distribution is designed to be configured using the +GNU autotools, so compiling and installing follows the familiar command +sequence of './configure ; make ; make install'. However, a significant +portion of ProFTPD's configurability is done at compile time, so it is +highly recommended that you read INSTALL and all the README.* files that +pertain to your platform and desired features before building the sources. + +ProFTPD uses a single configuration file. A few examples are included in +the sample-configurations subdirectory of the source distribution. + +On most systems, the inetd or xinetd configuration must be changed, +either to remove the current ftpd entry to run ProFTPD standalone, +or to change the current ftpd entry to use the proftpd daemon. + diff --git a/README.AIX b/README.AIX new file mode 100644 index 0000000000..07ef8da5cc --- /dev/null +++ b/README.AIX @@ -0,0 +1,140 @@ + + ProFTPD 1.2.0 README.AIX + ======================== + +Introduction +------------ + +There are two issues when compiling on AIX systems that can be worked +around using the proper configure command lines. + +One problem involves the less than optimal default shared object search +path that the IBM linker inserts into executables. The second problem is +compilaton failure stemming from an incompatibility with the +header file when the IBM compiler attempts to inline some string functions. + + + +Executive Summary +----------------- + +If you are using the IBM xlc/cc compiler with the IBM ld linker: + + % env CC=cc \ + CPPFLAGS='-U__STR__' \ + LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ + ./configure ... + + +If you are using the GNU gcc compiler with the IBM ld linker: + + % env CC=gcc \ + LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ + ./configure ... + + +If you are using the GNU gcc compiler with the GNU ld linker, +something like this ought to work (untested): + + % env CC=gcc \ + LDFLAGS='-Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib' \ + ./configure ... + + +Note that the library paths shown here are for example use only. +You may need to use different paths on your system, particularly when +linking with any optional libraries (e.g. krb5, ldap, mysql, etc.). + + + +Linking with the IBM or GNU linker +---------------------------------- + +There is a potential security problem when using the IBM linker. +Unlike other Unix systems, by default the IBM linker automatically will +use the compile time library search path as the runtime shared library +search path. The use of relative paths in the runtime library search +path is an especially acute security problem for suid or sgid programs. +This default behavior is documented, so it is not considered a bug by IBM. +However, some suid programs that have shipped with AIX have included insecure +library search paths and are vulnerable to privilege elevation exploits. + +This may not be such a serious a security problem for ProFTPD, since it +is not installed suid or sgid. Nonetheless, it is wise to configure the +runtime shared library search path with a reasonable setting. For instance, +consider potential problems from searching NFS mounted directories. + +An existing AIX executable's library search path can be displayed: + + % dump -H progname + +The runtime library search patch should be specified explicitly at +build time using the -blibpath option: + + % cc -blibpath:/usr/lib:/lib:/usr/local/lib + + % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib + +See the ld documentation, not just that of xlc/cc, for further information +on the IBM linker flags. Alternatively, an insecure library search path +can be avoided using -bnolibpath, which causes the default path to be used +(either the value of the LIBPATH environment variable, if defined, or +/usr/lib:/lib, if not). + +It has been reported that at least some versions of GNU ld (e.g. 2.9.1) +have emulated this default linking behavior on AIX platforms. However, +GNU ld uses -rpath to set the runtime library search path, rather than +the IBM ld -blibpath or the Sun ld -R options: + + % gcc -Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib + +Again, consult the GNU ld documentation for further information. +Note that using the gcc compiler does not imply that it uses the GNU +ld linker. In fact, it is more common to use the IBM system linker. + + +The upshot of all this is that you should tell configure what to use +for the runtime shared library search path. This can be done by setting +LDFLAGS on the configure command line, possibly like this: + + % env CC=cc LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \ + ./configure ... + + % env CC=gcc LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \ + ./configure ... + + +In addition to setting the runtime library search path during the original +software build, the IBM linker can relink an existing *unstripped* executable +using a new runtime library search path: + + % cc -blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \ + -o progname.new progname + + % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \ + -o progname.new progname + +where the "-l" options refer to shared libraries, which can be determined +from the output of: + + % dump -Hv progname + +which displays shared library information. A basic proftpd executable +probably will not require any "-l" options at all. + + + +Compiling with the IBM xlc/cc compiler +-------------------------------------- + +There is a problem with the index and rindex macros defined in . +Apparently, these are used as part of an attempt to inline string functions +when the __STR__ C preprocessor macro is defined. Conflicts with these +definitions will cause compilation failures. + +The work-around is to undefine the __STR__ C preprocessor macro, which +is predefined by the IBM compiler. This can be done on the configure +command line by adding '-U__STR__' to the CPPFLAGS variable: + + % env CC=cc CPPFLAGS='-U__STR__' ./configure ... + diff --git a/README.FreeBSD b/README.FreeBSD new file mode 100644 index 0000000000..4aeb9a9e3b --- /dev/null +++ b/README.FreeBSD @@ -0,0 +1,10 @@ + + ProFTPD 1.2 README.FreeBSD + ========================== + +FreeBSD releases 2.0 through 3.3-RELEASE have a libc bug with setpassent(). +If you know that you have a fixed libc you can use the configure command line +option '--enable-force-setpassent' to use it with one of these fixed releases, +otherwise ProFTPD will use its internal persistent password support. If you +would like more information, this bug is described in FreeBSD PR #14201. + diff --git a/README.modules b/README.modules new file mode 100644 index 0000000000..0bab9870ea --- /dev/null +++ b/README.modules @@ -0,0 +1,134 @@ + + ProFTPD 1.2.0 README.modules + ============================ + + + +Core ProFTPD Modules (modules subdirectory) +------------------------------------------- + +Modules always included: + + mod_auth + Implements FTP authentication commands (USER, PASS, ACCT, REIN). + + mod_core + Implements core configuration directives and most RFC-959 FTP commands + (CWD, CDUP, MKD, PWD, RMD, DELE, RNTO, RNFR, PASV, PORT, SYST, HELP, + QUIT, NOOP), and the MDTM and SIZE extensions. + + mod_log + Interface to Unix message logging (syslog or file). + + mod_ls + Implements the FTP LIST, NLST and STAT commands. + + mod_site + Implements the FTP SITE command, and the HELP and CHMOD subcommands. + + mod_unixpw + Interface to the native Unix password system. + + mod_xfer + Implements FTP file transfer commands (STOR, RETR, APPE, REST, + ABOR, TYPE, STRU, MODE, ALLO, SMNT, STOU). + + +Modules automatically included when supported by the OS: + + mod_pam + PAM (Pluggable Authentication Modules) authentication. + See README.PAM. + Originally contributed by MacGyver . + + +Optional modules: + + mod_readme + Display "readme" files, controlled by the "DisplayReadme" directive. + See the comments in contrib/mod_readme.c. + Originally contributed by . + + + +Contributed ProFTPD Modules (contrib subdirectory) +-------------------------------------------------- + +Also, see contrib/README. + +Authentication modules: + + mod_ldap + LDAP (Light-weight Directory Access Protocol) authentication. + See README.LDAP. + Contributed by John Morrissey . + + mod_sql, mod_sql_mysql, mod_sql_postgres + (formerly known as mod_sqlpw, mod_mysql, mod_pgsql) + SQL (Structured Query Language) database authentication and + other functions, with backends for MySQL and PostgreSQL. + See contrib/README.mod_sql. + Contributed by Johnie Ingram . + Maintained by Andrew Houghton . + + +Feature modules: + + mod_linuxprivs, libcap + POSIX 1e (IEEE 1003.1e draft) security model enhancements + (capabilities and capability sets), available for Linux + kernels 2.1.104 and later. + See README.linux-privs. + + mod_quota + Directory tree based disk quotas. + Contributed by Eric Estabrooks . + + mod_ratio + User upload/download ratios. + See contrib/README.ratio and the comments in mod_ratio.c. + Contributed by Johnie Ingram + and Jim Dogopoulos /. + + mod_wrap + TCP Wrappers. + See contrib/README.mod_wrap and contrib/mod_wrap.html. + Contributed by TJ Saunders . + + +Note that the mod_test module is non-functional. +Do not attempt to compile or use it. + + + + +Other ProFTPD modules (not included in the source distribution) +--------------------------------------------------------------- + +These modules (and patches) are neither evaluated nor sanctioned in any way. +Draw no implication based on inclusion or non-inclusion in this list. + +A more complete and current list may be found on the web site: + + http://www.proftpd.org/docs/ + http://www.proftpd.org/links.html + + +Authentication modules: + + mod_dbauth + Berkeley DB 1.x authentication. + ftp://pooh.urbanrage.com/pub/c/ + Eric Estabrooks + + mod_pwcheck + Checks anonymous passwords and connections. + ftp://ftp.eos.hokudai.ac.jp/pub/pck/release/ + Akihiko Yamamoto + + mod_opie + OPIE (One-time Passwords In Everything) authentication. + ftp://pooh.urbanrage.com/pub/c/ + Eric Estabrooks + + diff --git a/README.ports b/README.ports new file mode 100644 index 0000000000..1ae9cf94ef --- /dev/null +++ b/README.ports @@ -0,0 +1,100 @@ + + ProFTPD 1.2 README.ports + ======================== + + +See the web site for a more complete and current list: + + http://www.proftpd.org/ports.html + +If you have successfully built and run ProFTPD on a platform not listed, +you are invited to share your experience. Please include your platform +name and version (e.g. `uname -a`), compiler and version, the proftpd +version (e.g `./proftpd -v`), any optional modules that you are using +(e.g. `./proftpd -l`), and any special instructions or notes. + + proftpd-devel@proftpd.org + http://www.proftpd.org/<> + + +Note: the Linux compilation environment depends on: + kernel + glibc + gcc + libpam +So, please either report the versions of these components, or the +distribution name, version and any patches affecting the compilation +environment. + + +ProFTPD 1.2.0 has been reported to build on the following: + + OS Compiler Notes + ----------------- -------- ---------------------------------------- + AIX 4.2.1 gcc see README.AIX + AIX 4.2.1 cc see README.AIX + ?AIX 4.3.3 see README.AIX + ?BSD/OS 4.1 + ?BSD/OS 4.2 + ?Compaq Tru64 5.0A + ?Compaq Tru64 5.0B + ?Digital UNIX 4.0A + ?FreeBSD 3.5 see README.FreeBSD + ?FreeBSD 4.1 + ?FreeBSD 4.2 + ?HP/UX 10.x + ?HP/UX 11.x + IRIX 6.5 cc lib/Makefile ranlib + ?IRIX 6.5 gcc lib/Makefile ranlib + ?Linux kernel 2.0.x, 2.2.x or 2.4.x + glibc2 (libc6) required + ?MacOS X + ?NetBSD 1.4 + ?NetBSD 1.5 + ?OpenBSD 2.6 + ?OpenBSD 2.7 + ?OpenBSD 2.8 + Solaris 2.5 gcc see README.Solaris2.5x + ?Solaris 2.5.1 gcc see README.Solaris2.5x + ?Solaris 2.6 + ?Solaris 7 + Solaris 8 cc + ?Solaris 8 gcc + ?UnixWare 7 + +Linux distros: + ?Caldera + ?Conectiva + ?Debian 2.2 + ?Immunix 6.2 + ?Mandrake + ?Red Hat 6.2 + ?Red Hat 7.0 + ?Slackware 7 + ?SuSE + ?Trustix bundled + ?TurboLinux + + + +ProFTPD 1.2.0pre3 has been reported to build on the following: + + OS Compiler Notes + ----------------- -------- ---------------------------------------- + AIX 3.2 native compiler + AIX 4.2 tested + BSDI 2.x possibly + BSDI 3.1 tested; use gmake instead of make + BSDI 4.0 + DEC OFS/1 native compiler + Digital UNIX 4.0A + FreeBSD 2.2.7 tested see README.FreeBSD + FreeBSD 3.3 see README.FreeBSD + IRIX 6.2 + IRIX 6.3 native compiler or gcc + IRIX 6.4 tested + Linux kernel 2.0.x or 2.2.x; glibc2 (libc6) required + OpenBSD 2.2/2.3 tested + Solaris 2.5.1 see README.Solaris2.5x + Solaris 2.6 + diff --git a/configure b/configure index 85c167ad53..5bfe2456c3 100755 --- a/configure +++ b/configure @@ -1,6 +1,5 @@ #! /bin/sh -# # Guess values for system-dependent variables and create Makefiles. # Generated automatically using autoconf version 2.13 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. @@ -31,7 +30,7 @@ ac_help="$ac_help --enable-initgroups enabled use of initgroups/getgroups (default=no) " ac_help="$ac_help - --enable-autoshadow enabled auto-detection of shadowed passwords + --enable-autoshadow enable run-time auto-detection of shadowed passwords (requires shadow) " ac_help="$ac_help --enable-force-setpassent force use of setpassent (default=no on FreeBSD) @@ -2394,15 +2393,9 @@ if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then cat >> confdefs.h <&6 @@ -2410,10 +2403,11 @@ fi done - if test `echo $ac_addl_modules | grep -c mod_pam` = "1"; then + + if test `echo $ac_addl_modules | grep -c mod_pam` = "1"; then echo $ac_n "checking for pam_start in -lpam""... $ac_c" 1>&6 -echo "configure:2416: checking for pam_start in -lpam" >&5 +echo "configure:2411: checking for pam_start in -lpam" >&5 ac_lib_var=`echo pam'_'pam_start | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2421,7 +2415,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpam $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2430: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2451,11 +2445,10 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then #define HAVE_PAM 1 EOF - LIBS="$LIBS -lpam" else echo "$ac_t""no" 1>&6 echo $ac_n "checking for pam_end in -lpam""... $ac_c" 1>&6 -echo "configure:2458: checking for pam_end in -lpam" >&5 +echo "configure:2452: checking for pam_end in -lpam" >&5 ac_lib_var=`echo pam'_'pam_end | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2463,7 +2456,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lpam -ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:2471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2493,7 +2486,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then #define HAVE_PAM 1 EOF - LIBS="$LIBS -lpam -ldl" + LIBS="$LIBS -ldl" else echo "$ac_t""no" 1>&6 fi @@ -2508,17 +2501,17 @@ for ac_hdr in ctype.h getopt.h crypt.h bstring.h strings.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2511: checking for $ac_hdr" >&5 +echo "configure:2505: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2521: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2515: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2548,17 +2541,17 @@ for ac_hdr in sys/types.h sys/param.h sys/file.h sys/uio.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2551: checking for $ac_hdr" >&5 +echo "configure:2545: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2561: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2555: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2588,17 +2581,17 @@ for ac_hdr in netdb.h netinet/in.h netinet/tcp.h arpa/inet.h sys/stat.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2591: checking for $ac_hdr" >&5 +echo "configure:2585: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2601: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2595: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2628,17 +2621,17 @@ for ac_hdr in errno.h sys/socket.h sys/termios.h sys/termio.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2631: checking for $ac_hdr" >&5 +echo "configure:2625: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2641: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2635: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2668,17 +2661,17 @@ for ac_hdr in sys/statvfs.h sys/vfs.h sys/select.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2671: checking for $ac_hdr" >&5 +echo "configure:2665: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2681: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2675: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2708,17 +2701,17 @@ for ac_hdr in utmpx.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2711: checking for $ac_hdr" >&5 +echo "configure:2705: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2721: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2715: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2748,17 +2741,17 @@ for ac_hdr in regex.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2751: checking for $ac_hdr" >&5 +echo "configure:2745: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2761: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2755: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2786,17 +2779,17 @@ done ac_safe=`echo "glob.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for glob.h""... $ac_c" 1>&6 -echo "configure:2789: checking for glob.h" >&5 +echo "configure:2783: checking for glob.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2799: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2793: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2819,17 +2812,17 @@ fi ac_safe=`echo "syslog.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for syslog.h""... $ac_c" 1>&6 -echo "configure:2822: checking for syslog.h" >&5 +echo "configure:2816: checking for syslog.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2832: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2826: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -2852,12 +2845,12 @@ fi echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:2855: checking for working const" >&5 +echo "configure:2849: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2903: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -2927,21 +2920,21 @@ EOF fi echo $ac_n "checking for inline""... $ac_c" 1>&6 -echo "configure:2930: checking for inline" >&5 +echo "configure:2924: checking for inline" >&5 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2938: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_inline=$ac_kw; break else @@ -2967,12 +2960,12 @@ EOF esac echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:2970: checking for uid_t in sys/types.h" >&5 +echo "configure:2964: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -3001,12 +2994,12 @@ EOF fi echo $ac_n "checking for pid_t""... $ac_c" 1>&6 -echo "configure:3004: checking for pid_t" >&5 +echo "configure:2998: checking for pid_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3034,12 +3027,12 @@ EOF fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:3037: checking for size_t" >&5 +echo "configure:3031: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3067,12 +3060,12 @@ EOF fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:3070: checking for mode_t" >&5 +echo "configure:3064: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3100,12 +3093,12 @@ EOF fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:3103: checking for off_t" >&5 +echo "configure:3097: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3133,7 +3126,7 @@ EOF fi echo $ac_n "checking type of array argument to getgroups""... $ac_c" 1>&6 -echo "configure:3136: checking type of array argument to getgroups" >&5 +echo "configure:3130: checking type of array argument to getgroups" >&5 if eval "test \"`echo '$''{'ac_cv_type_getgroups'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3141,7 +3134,7 @@ else ac_cv_type_getgroups=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_type_getgroups=gid_t else @@ -3180,7 +3173,7 @@ fi if test $ac_cv_type_getgroups = cross; then cat > conftest.$ac_ext < EOF @@ -3205,12 +3198,12 @@ EOF echo $ac_n "checking for timer_t""... $ac_c" 1>&6 -echo "configure:3208: checking for timer_t" >&5 +echo "configure:3202: checking for timer_t" >&5 if eval "test \"`echo '$''{'pr_cv_header_timer_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -3221,7 +3214,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else rm -rf conftest* cat > conftest.$ac_ext < EOF @@ -3250,7 +3243,7 @@ EOF fi echo $ac_n "checking size of long long""... $ac_c" 1>&6 -echo "configure:3253: checking size of long long" >&5 +echo "configure:3247: checking size of long long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3258,7 +3251,7 @@ else ac_cv_sizeof_long_long=0 else cat > conftest.$ac_ext < main() @@ -3269,7 +3262,7 @@ main() exit(0); } EOF -if { (eval echo configure:3272: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3266: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long_long=`cat conftestval` else @@ -3289,7 +3282,7 @@ EOF echo $ac_n "checking size of unsigned long long""... $ac_c" 1>&6 -echo "configure:3292: checking size of unsigned long long" >&5 +echo "configure:3286: checking size of unsigned long long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_long_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3297,7 +3290,7 @@ else ac_cv_sizeof_unsigned_long_long=0 else cat > conftest.$ac_ext < main() @@ -3308,7 +3301,7 @@ main() exit(0); } EOF -if { (eval echo configure:3311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3305: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_unsigned_long_long=`cat conftestval` else @@ -3328,12 +3321,12 @@ EOF echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 -echo "configure:3331: checking whether time.h and sys/time.h may both be included" >&5 +echo "configure:3325: checking whether time.h and sys/time.h may both be included" >&5 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3342,7 +3335,7 @@ int main() { struct tm *tp; ; return 0; } EOF -if { (eval echo configure:3345: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3339: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_time=yes else @@ -3363,12 +3356,12 @@ EOF fi echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6 -echo "configure:3366: checking whether struct tm is in sys/time.h or time.h" >&5 +echo "configure:3360: checking whether struct tm is in sys/time.h or time.h" >&5 if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3376,7 +3369,7 @@ int main() { struct tm *tp; tp->tm_sec; ; return 0; } EOF -if { (eval echo configure:3379: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3373: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_struct_tm=time.h else @@ -3398,12 +3391,12 @@ fi echo $ac_n "checking for umode_t""... $ac_c" 1>&6 -echo "configure:3401: checking for umode_t" >&5 +echo "configure:3395: checking for umode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_umode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3431,12 +3424,12 @@ EOF fi echo $ac_n "checking for ino_t""... $ac_c" 1>&6 -echo "configure:3434: checking for ino_t" >&5 +echo "configure:3428: checking for ino_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_ino_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -3468,17 +3461,17 @@ for ac_hdr in utmp.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3471: checking for $ac_hdr" >&5 +echo "configure:3465: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3481: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:3475: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -3508,12 +3501,12 @@ done if test $have_utmp; then echo $ac_n "checking whether your struct utmp has ut_user""... $ac_c" 1>&6 -echo "configure:3511: checking whether your struct utmp has ut_user" >&5 +echo "configure:3505: checking whether your struct utmp has ut_user" >&5 if eval "test \"`echo '$''{'pr_cv_header_utmaxtype'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -3531,12 +3524,12 @@ fi echo "$ac_t""$pr_cv_header_utmaxtype" 1>&6 echo $ac_n "checking whether your struct utmp has ut_host""... $ac_c" 1>&6 -echo "configure:3534: checking whether your struct utmp has ut_host" >&5 +echo "configure:3528: checking whether your struct utmp has ut_host" >&5 if eval "test \"`echo '$''{'pr_cv_header_ut_host'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -3569,12 +3562,12 @@ fi if test "$have_glob_h" = "yes"; then echo $ac_n "checking whether your glob.h defines GLOB_PERIOD""... $ac_c" 1>&6 -echo "configure:3572: checking whether your glob.h defines GLOB_PERIOD" >&5 +echo "configure:3566: checking whether your glob.h defines GLOB_PERIOD" >&5 if eval "test \"`echo '$''{'pr_cv_header_glob_period'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3599,12 +3592,12 @@ echo "$ac_t""$pr_cv_header_glob_period" 1>&6 if test "$pr_cv_header_glob_period" = "yes"; then echo $ac_n "checking whether your glob.h defines GLOB_ALTDIRFUNC""... $ac_c" 1>&6 -echo "configure:3602: checking whether your glob.h defines GLOB_ALTDIRFUNC" >&5 +echo "configure:3596: checking whether your glob.h defines GLOB_ALTDIRFUNC" >&5 if eval "test \"`echo '$''{'pr_cv_header_glob_altdirfunc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3647,12 +3640,12 @@ EOF echo $ac_n "checking whether your syslog.h defines LOG_CRON""... $ac_c" 1>&6 -echo "configure:3650: checking whether your syslog.h defines LOG_CRON" >&5 +echo "configure:3644: checking whether your syslog.h defines LOG_CRON" >&5 if eval "test \"`echo '$''{'pr_cv_header_syslog_log_cron'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3676,12 +3669,12 @@ fi echo "$ac_t""$pr_cv_header_syslog_log_cron" 1>&6 echo $ac_n "checking whether your syslog.h defines LOG_FTP""... $ac_c" 1>&6 -echo "configure:3679: checking whether your syslog.h defines LOG_FTP" >&5 +echo "configure:3673: checking whether your syslog.h defines LOG_FTP" >&5 if eval "test \"`echo '$''{'pr_cv_header_syslog_log_ftp'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -3720,9 +3713,9 @@ fi for dirfd in d_fd dd_fd __dd_fd ; do echo $ac_n "checking for $dirfd in DIR structure""... $ac_c" 1>&6 -echo "configure:3723: checking for $dirfd in DIR structure" >&5 +echo "configure:3717: checking for $dirfd in DIR structure" >&5 cat > conftest.$ac_ext < @@ -3735,7 +3728,7 @@ int i = dirp->$dirfd; ; return 0; } EOF -if { (eval echo configure:3738: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3732: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval ac_cv_struct_dir_$dirfd=yes else @@ -3761,19 +3754,19 @@ done # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:3764: checking for working alloca.h" >&5 +echo "configure:3758: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { void *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:3776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:3770: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -3794,12 +3787,12 @@ EOF fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:3797: checking for alloca" >&5 +echo "configure:3791: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:3824: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -3859,12 +3852,12 @@ EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:3862: checking whether alloca needs Cray hooks" >&5 +echo "configure:3856: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3892: checking for $ac_func" >&5 +echo "configure:3886: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:3914: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3944,7 +3937,7 @@ done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:3947: checking stack direction for C alloca" >&5 +echo "configure:3941: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3952,7 +3945,7 @@ else ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3968: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -3994,13 +3987,13 @@ fi if test $ac_cv_prog_gcc = yes; then echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6 -echo "configure:3997: checking whether ${CC-cc} needs -traditional" >&5 +echo "configure:3991: checking whether ${CC-cc} needs -traditional" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_pattern="Autoconf.*'x'" cat > conftest.$ac_ext < Autoconf TIOCGETP @@ -4018,7 +4011,7 @@ rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat > conftest.$ac_ext < Autoconf TCGETA @@ -4040,7 +4033,7 @@ echo "$ac_t""$ac_cv_prog_gcc_traditional" 1>&6 fi echo $ac_n "checking whether setpgrp takes no argument""... $ac_c" 1>&6 -echo "configure:4043: checking whether setpgrp takes no argument" >&5 +echo "configure:4037: checking whether setpgrp takes no argument" >&5 if eval "test \"`echo '$''{'ac_cv_func_setpgrp_void'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4048,7 +4041,7 @@ else { echo "configure: error: cannot check setpgrp if cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_setpgrp_void=no else @@ -4092,12 +4085,12 @@ EOF fi echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:4095: checking return type of signal handlers" >&5 +echo "configure:4089: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4114,7 +4107,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:4117: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4111: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -4133,12 +4126,12 @@ EOF echo $ac_n "checking for vprintf""... $ac_c" 1>&6 -echo "configure:4136: checking for vprintf" >&5 +echo "configure:4130: checking for vprintf" >&5 if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4158: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_vprintf=yes" else @@ -4185,12 +4178,12 @@ fi if test "$ac_cv_func_vprintf" != yes; then echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 -echo "configure:4188: checking for _doprnt" >&5 +echo "configure:4182: checking for _doprnt" >&5 if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4210: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func__doprnt=yes" else @@ -4240,12 +4233,12 @@ fi for ac_func in getcwd gethostname gettimeofday mkdir rmdir select socket strerror strtol do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4243: checking for $ac_func" >&5 +echo "configure:4237: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4265: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4295,12 +4288,12 @@ done for ac_func in strchr memcpy bcopy flock getopt getopt_long strsep do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4298: checking for $ac_func" >&5 +echo "configure:4292: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4320: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4351,12 +4344,12 @@ done for ac_func in vsnprintf snprintf do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4354: checking for $ac_func" >&5 +echo "configure:4348: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4376: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4408,12 +4401,12 @@ then for ac_func in fconvert fcvt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4411: checking for $ac_func" >&5 +echo "configure:4405: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4433: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4464,17 +4457,17 @@ done do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4467: checking for $ac_hdr" >&5 +echo "configure:4461: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4477: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4471: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4504,12 +4497,12 @@ fi for ac_func in setsid setgroupent seteuid setegid crypt fgetpwent fgetgrent do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4507: checking for $ac_func" >&5 +echo "configure:4501: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4529: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4559,12 +4552,12 @@ done for ac_func in inet_aton siginterrupt setpgid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4562: checking for $ac_func" >&5 +echo "configure:4556: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4584: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4614,12 +4607,12 @@ done for ac_func in regcomp do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4617: checking for $ac_func" >&5 +echo "configure:4611: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4639: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4669,12 +4662,12 @@ done for ac_func in tzset do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4672: checking for $ac_func" >&5 +echo "configure:4666: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4724,12 +4717,12 @@ done for ac_func in pathconf fpathconf do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4727: checking for $ac_func" >&5 +echo "configure:4721: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4781,12 +4774,12 @@ if test x"$enable_initgroups" = xyes ; then for ac_func in initgroups do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4784: checking for $ac_func" >&5 +echo "configure:4778: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4836,12 +4829,12 @@ done fi echo $ac_n "checking for setpassent""... $ac_c" 1>&6 -echo "configure:4839: checking for setpassent" >&5 +echo "configure:4833: checking for setpassent" >&5 if eval "test \"`echo '$''{'ac_cv_func_setpassent'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_setpassent=yes" else @@ -4895,7 +4888,7 @@ fi if test x"$enable_sendfile" = xyes ; then echo $ac_n "checking which sendfile() implementation to use""... $ac_c" 1>&6 -echo "configure:4898: checking which sendfile() implementation to use" >&5 +echo "configure:4892: checking which sendfile() implementation to use" >&5 if eval "test \"`echo '$''{'pr_cv_func_sendfile'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4903,7 +4896,7 @@ else if test "$pr_cv_func_sendfile" = "None"; then cat > conftest.$ac_ext < @@ -4918,7 +4911,7 @@ size_t c; ; return 0; } EOF -if { (eval echo configure:4921: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* pr_cv_func_sendfile="Linux" else @@ -4930,7 +4923,7 @@ fi if test "$pr_cv_func_sendfile" = "None"; then cat > conftest.$ac_ext < @@ -4947,7 +4940,7 @@ struct sf_hdtr h; ; return 0; } EOF -if { (eval echo configure:4950: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:4944: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* pr_cv_func_sendfile="BSD" else @@ -4976,17 +4969,17 @@ EOF do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4979: checking for $ac_hdr" >&5 +echo "configure:4973: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4989: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4983: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -5033,12 +5026,12 @@ if test "$have_glob_h" = "yes" && \ for ac_func in glob do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5036: checking for $ac_func" >&5 +echo "configure:5030: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5058: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5090,12 +5083,12 @@ fi for ac_func in setproctitle do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5093: checking for $ac_func" >&5 +echo "configure:5087: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5115: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5146,17 +5139,17 @@ for ac_hdr in libutil.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:5149: checking for $ac_hdr" >&5 +echo "configure:5143: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5159: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:5153: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -5183,7 +5176,7 @@ fi done echo $ac_n "checking for setproctitle in -lutil""... $ac_c" 1>&6 -echo "configure:5186: checking for setproctitle in -lutil" >&5 +echo "configure:5180: checking for setproctitle in -lutil" >&5 ac_lib_var=`echo util'_'setproctitle | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5191,7 +5184,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lutil $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5199: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5239,17 +5232,17 @@ else do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:5242: checking for $ac_hdr" >&5 +echo "configure:5236: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5252: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:5246: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -5280,12 +5273,12 @@ done for ac_func in pstat do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5283: checking for $ac_func" >&5 +echo "configure:5277: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5305: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5350,7 +5343,7 @@ EOF if test "$pf_argv_set" = "no"; then cat > conftest.$ac_ext < EOF @@ -5375,19 +5368,19 @@ EOF if test "$pf_argv_set" = "no"; then echo $ac_n "checking whether __progname and __progname_full are available""... $ac_c" 1>&6 -echo "configure:5378: checking whether __progname and __progname_full are available" >&5 +echo "configure:5372: checking whether __progname and __progname_full are available" >&5 if eval "test \"`echo '$''{'pf_cv_var_progname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5384: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* pf_cv_var_progname="yes" else @@ -5409,12 +5402,12 @@ EOF fi echo $ac_n "checking which argv replacement method to use""... $ac_c" 1>&6 -echo "configure:5412: checking which argv replacement method to use" >&5 +echo "configure:5406: checking which argv replacement method to use" >&5 if eval "test \"`echo '$''{'pf_cv_argv_type'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <Configuration Directives

Notes

    -
  1. There are no directives which can be used multiple times - within a given context
    2. -
+
  • This document is valid for 1.2.0-final only. + +
  • SQL support was moved from three to a single module + (mod_sql) after 1.2.0rc3 + +

    Alphabetical List of Directives

    The following configuration parameters control ProFTPD features and configuration:

    -

    Note: A number of the configuration directives are listed but -not fully documented yet..

    -
    @@ -117,11 +117,6 @@

    Alphabetical List of Directives

  • MultilineRFC2228
  • MySQLInfo
  • Order
    • - -
  • PassivePorts
  • PathAllowFilter
  • PathDenyFilter
    • @@ -156,12 +151,23 @@

    Alphabetical List of Directives

  • ShowDotFiles
  • ShowSymlinks
  • SocketBindTight
    • +
  • SQLAuthTypes
  • SQLAuthoritative
    • +
  • SQLConnectInfo +
  • SQLDefaultGID +
  • SQLDefaultUID +
  • SQLDoAuth +
  • SQLDoGroupAuth
  • SQLEmptyPasswords
  • SQLEncryptedPasswords -
  • SQLGidField +
  • SQLGidField +
  • SQLGroupGidField +
  • SQLGroupMembersField +
  • SQLGroupnameField +
  • SQLGroupTable
  • SQLHomedir
  • SQLHomedirField +
  • SQLHomedirOnDemand
  • SQLKey
  • SQLKeyField
  • SQLLogDirs @@ -169,12 +175,15 @@

    Alphabetical List of Directives

  • SQLLogHosts
  • SQLLoginCountField
  • SQLLogStats +
  • SQLMinID
  • SQLPasswordField
  • SQLPlaintextPasswords
  • SQLRatios Incomplete
    • +
  • SQLShellField
  • SQLUidField
  • SQLUserTable
  • SQLUsernameField +
  • SQLWhereClause
  • SyslogFacility
  • SyslogLevel
  • SystemLog
    • @@ -321,19 +330,25 @@

    AllowForeignAddress

    Context: server config, <VirtualHost>, <Anonymous>, <Global>
    Module: mod_core
    Compatibility: 1.1.7 and later

    -

    Normally, proftpd disallows clients from using the ftp PORT command with anything - other than their own address (the source address of the ftp control connection), - as well as preventing the use of PORT to specify a low-numbered (< 1024) - port. In either case, the client is sent an "Invalid port" error and - a message is syslog'd indicating either "address mismatch" or "bounce - attack". By enabling this directive, proftpd will allow clients to transmit - foreign data connection addresses that do not match the client's address. This - allows such tricks as permitting a client to transfer a file between two FTP - servers without involving itself in the actual data connection. Generally it's - considered a bad idea, security-wise, to permit this sort of thing.

    -

    AllowForeignAddress only affects data connection addresses; - not tcp ports. There is no way (and no valid reason) to allow a client to use - a low-numbered port in its PORT command.

    + +

    Normally, proftpd disallows clients from using the ftp PORT + command with anything other than their own address (the source + address of the ftp control connection), as well as preventing the + use of PORT to specify a low-numbered (< 1024) port. In either + case, the client is sent an "Invalid port" error and a + message is syslog'd indicating either "address mismatch" + or "bounce attack". By enabling this directive, proftpd + will allow clients to transmit foreign data connection addresses + that do not match the client's address. This allows such tricks as + permitting a client to transfer a file between two FTP servers + without involving itself in the actual data connection. Generally + it's considered a bad idea, security-wise, to permit this sort of + thing.

    + +

    AllowForeignAddress only affects data connection + addresses; not tcp ports. There is no way (and no valid reason) to + allow a client to use a low-numbered port in its PORT command.

    +

    AllowGroup

    Syntax: AllowGroup group-expression
    @@ -341,15 +356,19 @@

    AllowGroup

    Context: <Limit>
    Module: mod_core
    Compatibility: 1.1.1 and later

    -

    AllowGroup specifies a group-expression that is specifically - permitted within the context of the <Limit> block it is applied to. group-expression - has the same format as that used in DefaultRoot, - in that it should contain a comma separated list of groups or "not" - groups (by prefixing a group name with the `!' character) that are to be allowed - access to the block. The expression is parsed as a boolean "and" list, - meaning that ALL elements of the expression must evaluate to logically true - in order for the explicit allow to apply.

    + +

    AllowGroup specifies a group-expression + that is specifically permitted within the context of the <Limit> block it is applied + to. group-expression has the same format + as that used in DefaultRoot, in that it + should contain a comma separated list of groups or "not" + groups (by prefixing a group name with the `!' character) that are + to be allowed access to the block. The expression is parsed as a + boolean "and" list, meaning that ALL elements of the + expression must evaluate to logically true in order for the explicit + allow to apply.

    +

    See Also: DenyGroup, DenyUser, AllowUser

    @@ -362,6 +381,7 @@

    AllowOverwrite

    Compatibility: 0.99.0 and later

    The AllowOverwrite directive permits newly transfered files to overwrite existing files. By default, ftp clients cannot overwrite existing files.

    +

    AllowUser

    Syntax: AllowUser user-expression
    @@ -381,6 +401,34 @@

    AllowUser

    true in order to the explicit allow to apply.

    See Also: DenyUser, DenyGroup, AllowGroup

    + +
    +

    AllowRetrieveRestart

    +

    Syntax: AllowRetrieveRestart on|off
    + Default: on
    + Context: server config, <VirtualHost>, <Anonymous>, + <Directory>, <Global>, .ftpaccess
    + Module: mod_core
    + Compatibility: 0.99.0 and later

    +

    The AllowRetrieveRestart directive permits or denies clients from performing + "restart" retrieve file transfers via the FTP REST command. By default + this is enabled, so that clients may resume interrupted file transfers at a + later time without losing previously collected data.

    +
    +

    AllowStoreRestart

    +

    Syntax: AllowStoreRestart on|off
    + Default: off
    + Context: server config, <VirtualHost>, <Anonymous>, + <Directory>, <Global>, .ftpaccess
    + Module: mod_core
    + Compatibility: 0.99.0 and later

    +

    The AllowStoreRestart directive permits or denies clients from "restarting" + interrupted store file transfers (those sent from client to server). By default + restarting (via the REST command) is not permitted when sending files to the + server. Care should be taken to disallow anonymous ftp "incoming" + transfers to be restarted, as this will allow clients to corrupt or increase + the size of previously stored files (even if not their own).

    +

    AnonRequirePassword

    Syntax: AnonRequirePassword on|off
    @@ -430,32 +478,8 @@

    AnonRequirePassword

    </Directory>
    </Anonymous>

    -
    -

    AllowRetrieveRestart

    -

    Syntax: AllowRetrieveRestart on|off
    - Default: on
    - Context: server config, <VirtualHost>, <Anonymous>, - <Directory>, <Global>, .ftpaccess
    - Module: mod_core
    - Compatibility: 0.99.0 and later

    -

    The AllowRetrieveRestart directive permits or denies clients from performing - "restart" retrieve file transfers via the FTP REST command. By default - this is enabled, so that clients may resume interrupted file transfers at a - later time without losing previously collected data.

    -
    -

    AllowStoreRestart

    -

    Syntax: AllowStoreRestart on|off
    - Default: off
    - Context: server config, <VirtualHost>, <Anonymous>, - <Directory>, <Global>, .ftpaccess
    - Module: mod_core
    - Compatibility: 0.99.0 and later

    -

    The AllowStoreRestart directive permits or denies clients from "restarting" - interrupted store file transfers (those sent from client to server). By default - restarting (via the REST command) is not permitted when sending files to the - server. Care should be taken to disallow anonymous ftp "incoming" - transfers to be restarted, as this will allow clients to corrupt or increase - the size of previously stored files (even if not their own).

    + +

    AnonRatio

    Syntax: AnonRatio foo1 foo2 foo3
    @@ -2153,9 +2177,12 @@

    MySQLInfo

    Syntax: MySQLInfo hostname sqluser sqlpass dbname
    Default: none
    Context: server config, <Global>, <VirtualHost>
    - Module: mod_mysql
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    +

    This directive is deprecated, use SQLConnectInfo + instead.

    +

    Configures the MySQL database driver (the database may be remote). A connection isn't made until use of a SQL feature requires it, after which it may be held open for the lifetime of the @@ -2355,9 +2382,12 @@

    PostgresInfo

    Syntax: PostgresInfo hostname sqluser sqlpass dbname
    Default: none
    Context: server config, <VirtualHost>
    - Module: mod_pgsql
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    +

    This directive is deprecated, use SQLConnectInfo + instead.

    +

    Configures the Posgresql database driver (the database may be remote). A connection isn't made until use of a SQL feature requires it, after which it may be held open for the lifetime of @@ -2370,9 +2400,12 @@

    PostgresPort

    Syntax: PostgresPort port-number
    Default: 5432
    Context: <Directory>, <VirtualHost>
    - Module: mod_pgsql
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    +

    This directive is deprecated, use SQLConnectInfo + instead.

    +

    Specifies which TCP/IP port to use for connecting. Default is 5432, or UNIX socket for localhost. @@ -2667,7 +2700,7 @@

    ServerAdmin

    href="#DisplayFirstChdir">DisplayFirstChdir).

    ServerIdent

    -

    Syntax: On|Off [identification string]
    +

    Syntax: off|on [identification string]
    Default: ProFTPD [version] Server (server name) [hostname]
    Context: server config, <VirtualHost>, <Global>
    Module: mod_core
    @@ -2802,25 +2835,194 @@

    SocketBindTight

    pair. This may or may not be aesthetically desirable, depending on your circumstances.

    + +
    +

    SQLAuthTypes

    +

    Syntax: SQLAuthTypes OpenSSL|Crypt|Backend|Plaintext|Empty
    + Default: none
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    This directive deprecates 'SQLEmptyPasswords', + 'SQLScrambledPasswords', 'SQLSSLHashedPasswords', + 'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'. + +

    Specifies the allowed authentication types and their check order. + There must be at least one authentication method specified + +

    SQLAuthTypes Crypt Empty

    + +

    The above configuration fragment means check whether the password + in the database matches in UNIX crypt() format; if that fails, check + to see if the password in the database is empty (matching ANY given + password); if that fails, mod_sql refuses to authenticate the user. + +

    Currently supported types + +

    +
    Plaintext +
    Allows passwords in the database to be in plaintext + +
    OpenSSL +
    Allows passwords in the database to be of the form + '{digestname}hashedvalue'. This check is only available if you + define 'HAVE_OPENSSL' when you compile proftd and you link with the + OpenSSL 'crypto' library. + +
    Crypt +
    Allows passwords in the database to be in UNIX crypt() form + +
    Backend +
    A database-specific backend check function. Not all backends + support this. Specifically, the MySQL backend uses this type to + authenticate MySQL 'PASSWORD()' encrypted passwords. The Postgres + backend does nothing. + +
    Empty + +
    Allows empty passwords in the database, which match against + anything the user types in. The database field + must be a truly empty string -- that is, NULL values are never + accepted. Extreme caution is advised with this + authentication type and it's general use is not recommended unless + you understand the full implications of how it works +
    +

    SQLAuthoritative

    Syntax: SQLAuthoritative on|off
    Default: off
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Specifies whether authentication stops at mod_mysql, or whether other possibilites (like standard UNIX logins) are tried. Default - is off - others are tried. + is off - other handlers will be tried. + +

    This is a *very* powerful directive. If SQLAuthoritative is set, + *all* authorization goes through your SQL database -- group lookups, uid + lookups, etc. See the 'SQLDoAuth' and 'SQLDoGroupAuth' directives, too. + + +

    +

    SQLConnectInfo

    +

    Syntax: SQLConnectInfo connection-info [username] [password]
    + Default: none
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    This directive deprecates 'MySQLInfo', 'PostgresInfo', and +'PostgresPort'. + +

    Specifies connection information. Connection-info specifies the + database, host, port, and other backend-specific information. + username and password specify the username and password to connect + as, respectively. Both default to NULL, which the backend will + treat in some backend-specific manner. If you specify a password, + you MUST specify a username. + +

    Any given backend has the opportunity (but not the + responsibility) to check for syntax errors in the connection-info + field at proftpd startup, but you shouldn't expect semantic errors + (i.e., can't connect to the database) to be caught until mod_sql + attempts to connect for a given host. + +

    The MySQL and Postgres backends connection-info is expected to be + of the form: + +

    database[@hostname][:port]

    + +

    hostname will default to a backend-specific hostname (which + happens to be 'localhost' for both the MySQL and Postgres backends), + and port will default to a backend-specific default port (3306 for + the MySQL backend, 5432 for the Postgres backend). + +

    For example +

    +
    SQLConnectInfo ftpusers@foo.com + +
    means "Try connecting to the database 'ftpuser' via the default + port at 'foo.com'. Use a NULL username and a NULL password." + +
    SQLConnectInfo ftpusers:3000 admin + +
    means "Try connecting to the database 'ftpuser' via port 3000 at + 'localhost'. Use the username 'admin' and a NULL password." + +
    SQLConnectInfo ftpusers@foo.com:3000 admin mypassword + +
    means "Try connecting to the database 'ftpuser' via port 3000 at + 'foo.com'. Use the username 'admin' and the password 'mypassword'" +
    +

    Backends may require different information in the connection-info +field; check your backend module for specifics. +

    + +
    +

    SQLDefaultGID

    +

    Syntax: SQLDefaultGID number
    + Default: 65533
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Sets the default GID for users. Must be greater than SQLMinID.

    + +
    +

    SQLDefaultUID

    +

    Syntax: SQLDefaultUID number
    + Default: 65533
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Sets the default UID for users. Must be greater than SQLMinID.

    + +
    +

    SQLDoAuth

    +

    Syntax: SQLDoAuth on|off
    + Default: on
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Activates SQL authentication. This overrides all other directives -- +SQLDoGroupAuth and SQLAuthoritative are ineffectual if SQLDoAuth is off. + +

    +

    SQLDoGroupAuth

    +

    Syntax: SQLDoGroupAuth on|off
    + Default: on
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    This directive causes mod_sql to pretend it has no group information. +It necessarily breaks ALL CONFIG FILES up to 1.2.0rc2, since mod_sql +now assumes that group information is available UNLESS this directive +is set to OFF. + +

    This DOESN'T override SQLAuthoritative -- if SQLAuthoritative is set +to 'On' but SQLDoGroupAuth is set to 'Off', all group-related queries +will fail without giving other modules the opportunity to handle them. + +

    Prior to 1.2.0, there was no way to provide group information from +the database. This caused a few bugs, and reduced the functionality of +this module.

    SQLEmptyPasswords

    Syntax: SQLEmptyPasswords on|off
    Default: off
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    + +

    This directive is DEPRECATED. Please use SQLAuthTypes instead.

    Specifies whether an empty (non-NULL but zero-length) password is acceped from the database. Default is no, and truly NULL passwords @@ -2835,8 +3037,11 @@

    SQLEncryptedPasswords

    Syntax: SQLEncryptedPasswords on|off
    Default: on
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    + +

    This directive is DEPRECATED. Please use SQLAuthTypes instead.

    Specifies whether the password in the database may be in UNIX crypt() format. Default is true, with this being the only check @@ -2846,27 +3051,71 @@

    SQLEncryptedPasswords

    Example:

    SQLEncryptedPasswords off

    -

    SQLGidField

    -

    Syntax: SQLGidField fieldname
    - Default: none, GID is 65533
    +

    SQLGIDField

    +

    Syntax: SQLGIDField fieldname
    + Default: gid
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    -

    Specifes what field holds the gid number, for users authenticated - with this module. Default is to use the compiled-in default 65533. - If the retrieved gid is in the range reserved for admin accounts - (0-9999), 65533 is used instead. +

    Specifies the field in the user table that holds the user's GID. When + a GID is retrieved from the database it is checked against the value + of SQLMinID. If the database has no value (missing column) or the + retrieved value is less than SQLMinID, the user's GID is set to + SQLDefaultGID.

    Example:

    SQLGidField custgid

    + +
    +

    SQLGroupGIDField

    +

    Syntax: SQLGroupGIDField fieldname
    + Default: gid
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Specifies the field in the group table that holds the group's GID.

    + +
    +

    SQLGroupMembersField

    +

    Syntax: SQLGroupMembersField fieldname
    + Default: gid
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Specifies the field in the group table that holds the group's member + list. + + +

    +

    SQLGroupTable

    +

    Syntax: SQLGroupTable table
    + Default: groups
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Specifies the name of the table that holds group information.

    + +
    +

    SQLGroupnameField

    +

    Syntax: SQLGroupnameField fieldname
    + Default: groupname
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Specifies the field in the group table that holds the group name.

    +

    SQLHomedir

    Syntax: SQLHomedir /path/to/virtual/site
    - Default: nonw
    + Default: none
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Specifies the homedir to use for all users authenticated with this module, overriding any SQLHomedirField directive. If no @@ -2874,13 +3123,14 @@

    SQLHomedir

    Example:

    SQLHomedir /ftp/vhost/ftp.example.com/

    +

    SQLHomedirField

    Syntax: SQLHomedirField fieldname
    Default: none
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Specifies what field holds the home directory, for users authenticated with this module. The directory can also be defined @@ -2889,15 +3139,28 @@

    SQLHomedirField

    Example:

    SQLHomedirField home

    +
    +

    SQLHomedirOnDemand

    +

    Syntax: SQLHomedirOnDemand on|off
    + Default: off
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    +

    Specifies whether to automatically create a user's home directory if +it doesn't exist at login. + +

    SQLKey

    Syntax: SQLKey key-value
    Default: none
    Context: server config, Global, VirtualHost
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: 1.2.0 and later

    +

    This directive is DEPRECATED. Please use SQLWhereClause instead. +

    SQLKey (ROOT, GLOBAL, VIRTUAL) sets the value that the SQLKeyField column needs to match.

    @@ -2905,9 +3168,11 @@

    SQLKey

    Syntax: SQLKeyField column-name
    Default: none
    Context: server config, Global, VirtualHost
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: 1.2.0 and later

    +

    This directive is DEPRECATED. Please use SQLWhereClause instead. +

    SQLKeyField (ROOT, GLOBAL) designates a table field that's used to distinguish what logins belong to what virtual host.

    @@ -2916,10 +3181,10 @@

    SQLKey

    SQLLogDirs

    Syntax: SQLLogDirs on
    Syntax: SQLLogDirs fieldname
    - Default: off, or `fcdir' if field unspecified
    + Default: off
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Activates logging of the last directory the user changed to. This is done after every CHDIR command - the initial login to "/" @@ -2938,7 +3203,7 @@

    SQLLogHits

    Syntax: SQLLogHits hit-table filename-field hits-field dir-field
    Default: off, or `filename, hits' if fields unspecified
    Context: server config
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: only available with the Debian package.

    Activates logging of RETR commands on a file to a separate table @@ -2962,7 +3227,7 @@

    SQLLogHosts

    Syntax: SQLLogHosts host-field ipaddr-field time-field
    Default: off, or (`fhost faddr ftime') if fields unspecified
    Context: server config
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    Activates logging of host, IP, and last-login timestamp to the @@ -2971,12 +3236,23 @@

    SQLLogHosts

    Example:

    SQLLogHosts on

    + +
    +

    SQLLogStats

    +

    + Syntax: SQLLogHosts on|off
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    No details yet +

    SQLLoginCountField

    Syntax: SQLLoginCountField fieldname
    Default: none
    - Context: server config
    - Module: mod_sqlpw
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    Activates incrementation of a login count for the user, done with @@ -2991,7 +3267,7 @@

    SQLLogStats

    Syntax: SQLLogStats F-stor-field F-retr-field B-stor-field B-retr-field
    Default: off, or `fstor fretr bstor bretr"' if fields unspecified
    Context: server config
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    Activates logging of upload/download statistics for this user. @@ -3006,10 +3282,10 @@

    SQLLogStats

    SQLPasswordField

    Syntax: SQLPasswordField fieldname
    - Default: None known
    + Default: password
    Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Using this directive activates SQL authentication functions, if a database driver is configured. It specifies which field holds the @@ -3017,14 +3293,30 @@

    SQLPasswordField

    Example:

    SQLPasswordField passwd

    + +
    +

    SQLMinID

    +

    Syntax: SQLMinID minumumid
    + Default: 999
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    SQLMinID is checked whenever retrieving a user's GID or UID. If the +retrieved values for GID or UID are less than the value of SQLMinID, +they are reported as the values of, respectively, 'SQLDefaultGID' and +'SQLDefaultUID'. +

    SQLPlaintextPasswords

    Syntax: SQLPlaintextPasswords on|off
    Default: off
    Context: server config
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    +

    This directive is DEPRECATED. Please use SQLAuthTypes instead. +

    Specifies whether the two passwords should be compared as plaintext. Default is no - passwords must be UNIX DES-encrypted (the default). Setting this does not turn off other tests. @@ -3037,19 +3329,33 @@

    SQLRatios

    Default: None known
    Context: <Directory>, <Anonymous>, <Limit>, .ftpaccess
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    The SQLRatios directive .... INCOMPLETE

    Example:

    SQLRatios

    + +
    +

    SQLShellField

    +

    Syntax: SQLShellField fieldname
    + Default: shell
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    Specifies the field in the user table that holds the user's shell. If + this field doesn't exist or the result of the query is NULL, the shell + is reported as "". + +

    SQLUidField

    Syntax: SQLUidField fieldname
    Default: none, UID is 655533
    Context: server config
    - Module: mod_sqlpw
    + Module: mod_sql
    Compatibility: at least 1.2.0 and later

    Specifes what field holds the uid number, for users authenticated @@ -3063,9 +3369,9 @@

    SQLUidField

    SQLUserTable

    Syntax: SQLUserTable tablename
    Default: users
    - Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Specifies the table used to look up the other information, defaults to `users'. @@ -3076,9 +3382,9 @@

    SQLUserTable

    SQLUsernameField

    Syntax: SQLUsernameField fieldname
    Default: userid
    - Context: server config
    - Module: mod_sqlpw
    - Compatibility: at least 1.2.0 and later

    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0rc2 and later

    Specifies the name of the username field, defaults to `userid'. This is used in a WHERE clause for all other operations. @@ -3086,6 +3392,35 @@

    SQLUsernameField

    Example:

    SQLUsernameField customerid

    +
    +

    SQLWhereClause

    +

    Syntax: whereclause
    + Default: none
    + Context: server config, <Global>, <VirtualHost>
    + Module: mod_sql
    + Compatibility: 1.2.0 and later

    + +

    This directive deprecates 'SQLKey' and 'SQLKeyField'. + + Specifies a where clause that is added to every user query (this has + no effect on group queries). The where clause *must* contain all + relevant punctuation, and *must not* contain a leading 'and'. + + As an example of switching from the old-style 'SQLKey' and + 'SQLKeyField' directives, if you had: + + SQLKey true + SQLKeyfield LoginAllowed + + You would now use: + + SQLWhereClause "LoginAllowed = 'true'" + + This would be appended to every user-related query as the string + + " and (LoginAllowed = 'true')" + +

    SyslogFacility

    Syntax: facility-level
    @@ -3404,7 +3739,7 @@

    UseHostsAllowFile

    Example: UseHostsAllowFile /etc/ftpd.allow

    -

    UseHostsDenyFile

    +

    UseHostsDenyFile

    Syntax: UseHostsDenyFile filename
    Default: /etc/hosts.deny
    Context: server, <Anonymous>, <VirtualHost>
    diff --git a/sample-configurations/PFTEST.conf.in b/sample-configurations/PFTEST.conf.in new file mode 100644 index 0000000000..5188656178 --- /dev/null +++ b/sample-configurations/PFTEST.conf.in @@ -0,0 +1,44 @@ +# +# This ProFTPD configuration is intended for unprivileged TESTING ONLY. +# See Step 4 in INSTALL. +# + +ServerName "ProFTPD TEST Installation" +ServerType standalone +DefaultServer on + +# Use a non-privileged port, rather than the standard ftp port (21). +# The ftpd-data port will be one less. +Port 2021 + +User %User% +Group %Group% + +# These must be absolute paths. +AuthUserFile %TestDir%/PFTEST.passwd +AuthGroupFile %TestDir%/PFTEST.group + +PidFile %TestDir%/PFTEST.pid +ScoreboardPath %TestDir% +SystemLog %TestDir%/PFTEST.syslog +TransferLog %TestDir%/PFTEST.xferlog + +# Disable some checks. +IdentLookups off +RequireValidShell off +UseFtpUsers off +UseReverseDNS off +WtmpLog off + +# Umask 022 is a good standard umask to prevent new dirs and files +# from being group and world writable. +Umask 022 + +# To prevent DoS attacks, set the maximum number of child processes to 5. +MaxInstances 5 + +# Normally, we want files to be overwriteable. + + AllowOverwrite on + + diff --git a/sample-configurations/PFTEST.group b/sample-configurations/PFTEST.group new file mode 100644 index 0000000000..d2ef97e87a --- /dev/null +++ b/sample-configurations/PFTEST.group @@ -0,0 +1 @@ +proftpd:*:666: diff --git a/sample-configurations/PFTEST.install b/sample-configurations/PFTEST.install new file mode 100755 index 0000000000..fa8e4c6cd7 --- /dev/null +++ b/sample-configurations/PFTEST.install @@ -0,0 +1,83 @@ +#!/bin/sh +# +# PFTEST.install - setup files for an unprivileged proftpd test +# + +PFTESTDIR=/tmp/PFTEST +SRCDIR=./sample-configurations + +FILELIST="PFTEST.passwd PFTEST.group PFTEST.conf.in" + +PATH=/usr/bin:/bin +export PATH +umask 022 + + +# +# Preconditions +# +if [ ! -d ${SRCDIR} ] || [ ! -r ${SRCDIR} ]; then + echo "Error: \"${SRCDIR}\" not found." >&2 + exit 2 +fi + +for file in ${FILELIST} ; do + if [ ! -r ${SRCDIR}/${file} ]; then + echo "Error: \"${SRCDIR}/${file}\" not found." >&2 + exit 2 + fi +done + +if [ -d ${PFTESTDIR} ] || [ -f ${PFTESTDIR} ] || [ -h ${PFTESTDIR} ] \ + || [ -b ${PFTESTDIR} ] || [ -c ${PFTESTDIR} ] || [ -p ${PFTESTDIR} ] +then + echo "Error: \"${PFTESTDIR}\" already exists." >&2 + exit 2 +fi + + +# +# Determine current user and group names +# +if [ -x /usr/xpg4/bin/id ] && /usr/xpg4/bin/id -un >/dev/null 2>&1 ; then + USERNAME=`/usr/xpg4/bin/id -un` + GROUPNAME=`/usr/xpg4/bin/id -gn` +elif type id >/dev/null && id -un >/dev/null 2>&1 ; then + USERNAME=`id -un` + GROUPNAME=`id -gn` +else + # Could try harder... + echo "Error: can not determine user and group names." >&2 + exit 3 +fi + + +# +# Install the files +# +mkdir ${PFTESTDIR} || { + echo "Error: mkdir failed." >&2 + exit 4 +} + +chmod 755 ${PFTESTDIR} || { + echo "Error: chmod failed." >&2 + exit 4 +} + +cp -p ${SRCDIR}/PFTEST.passwd ${PFTESTDIR} \ +&& cp -p ${SRCDIR}/PFTEST.group ${PFTESTDIR} \ +&& sed -e "s/%User%/${USERNAME}/" \ + -e "s/%Group%/${GROUPNAME}/" \ + -e "s|%TestDir%|${PFTESTDIR}|" \ + ${SRCDIR}/PFTEST.conf.in > ${PFTESTDIR}/PFTEST.conf + +if [ $? -ne 0 ]; then + echo "Error: installation failed." >&2 + exit 5 +fi + +echo "Sample test files successfully installed in ${PFTESTDIR}." + +exit 0 + diff --git a/sample-configurations/PFTEST.passwd b/sample-configurations/PFTEST.passwd new file mode 100644 index 0000000000..100b334c76 --- /dev/null +++ b/sample-configurations/PFTEST.passwd @@ -0,0 +1 @@ +proftpd:wE9QEbO736feY:666:666:ProFTPD TEST Acct:/tmp:/bin/sh diff --git a/sample-configurations/PFTEST.shadow b/sample-configurations/PFTEST.shadow new file mode 100644 index 0000000000..5e91fdb145 --- /dev/null +++ b/sample-configurations/PFTEST.shadow @@ -0,0 +1 @@ +ftpd:wE9QEbO736feY:11357::::::