• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

.github/H30-Aug-2021-347290

contrib/H03-May-2022-215,500154,530

doc/H03-May-2022-367116

include/H30-Aug-2021-10,0874,412

lib/H03-May-2022-76,17360,436

locale/H03-May-2022-12,4639,917

m4/H30-Aug-2021-195187

modules/H30-Aug-2021-38,86726,078

sample-configurations/H03-May-2022-1,104563

src/H03-May-2022-66,22245,920

tests/H30-Aug-2021-441,868319,110

utils/H30-Aug-2021-3,5592,580

.autom4te.cfgH A D30-Aug-2021155 86

.cirrus.ymlH A D30-Aug-20212 KiB5346

.codacy.ymlH A D30-Aug-2021179 1110

.gitattributesH A D30-Aug-202150 32

.gitignoreH A D30-Aug-20212 KiB116114

.lgtm.ymlH A D30-Aug-20211.5 KiB4541

.remarkrc.ymlH A D30-Aug-2021366 1312

COPYINGH A D30-Aug-202117.6 KiB341281

CREDITSH A D30-Aug-20212.2 KiB6352

ChangeLogH A D30-Aug-20211.6 MiB53,39234,351

INSTALLH A D30-Aug-202124.6 KiB574422

Make.rules.inH A D30-Aug-20213.9 KiB11794

Makefile.inH A D30-Aug-202110.3 KiB296216

NEWSH A D30-Aug-2021183.2 KiB3,3593,259

README.AIXH A D30-Aug-20215.9 KiB163110

README.FreeBSDH A D30-Aug-20213.4 KiB9965

README.LDAPH A D30-Aug-202124.9 KiB587487

README.Solaris2.5xH A D30-Aug-20211.7 KiB4433

README.UnixwareH A D30-Aug-20211.5 KiB3929

README.cygwinH A D30-Aug-20213.8 KiB11983

README.mdH A D30-Aug-20214.9 KiB9571

README.modulesH A D30-Aug-20216.8 KiB219160

README.portsH A D30-Aug-20213.2 KiB10883

RELEASE_NOTESH A D30-Aug-202110.5 KiB304206

acconfig.hH A D30-Aug-20212.8 KiB11348

aclocal.m4H A D30-Aug-20212.3 KiB6959

config.guessH A D30-Aug-202147.3 KiB1,6681,457

config.h.inH A D30-Aug-202130.5 KiB1,194817

config.subH A D30-Aug-202130.9 KiB1,7941,637

configureH A D30-Aug-2021786.2 KiB28,43222,013

configure.inH A D30-Aug-2021118.4 KiB4,2733,790

install-shH A D30-Aug-202113.3 KiB520344

ltmain.shH A D30-Aug-2021237.7 KiB8,4136,481

README.AIX

1
2                        ProFTPD 1.3.x README.AIX
3                        ========================
4
5Introduction
6------------
7
8There are two issues when compiling on AIX systems that can be worked
9around using the proper configure command lines.
10
11One problem involves the less than optimal default shared object search
12path that the IBM linker inserts into executables.  The second problem is
13compilaton failure stemming from an incompatibility with the <string.h>
14header file when the IBM compiler attempts to inline some string functions.
15
16Also, a minor usage note: do NOT use the --enable-autoshadow or --enable-shadow
17configure options when configuring ProFTPD for AIX.  AIX does not use
18the shadow libraries.
19
20
21Executive Summary
22-----------------
23
24If you are using the IBM xlc/cc compiler with the IBM ld linker:
25
26  % env CC=cc \
27    CFLAGS='-D_NO_PROTO' \
28    LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \
29    ./configure ...
30
31If you are using the GNU gcc compiler with the IBM ld linker:
32
33  % env CC=gcc \
34    LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \
35    ./configure ...
36
37If you are using the GNU gcc compiler with the GNU ld linker,
38something like this ought to work (untested):
39
40  % env CC=gcc \
41    LDFLAGS='-Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib' \
42    ./configure ...
43
44Note that the library paths shown here are for example use only.
45You may need to use different paths on your system, particularly when
46linking with any optional libraries (e.g. krb5, ldap, mysql, etc.).
47
48
49Compiling with the GNU compiler
50-------------------------------
51
52It is recommend that gcc-3.3.2 *not* be used when compiling proftpd on AIX.
53There were problems reported of session processes going into endless loops.
54Using gcc-4.1.0 should work properly.
55
56
57Linking with the IBM or GNU linker
58----------------------------------
59
60There is a potential security problem when using the IBM linker.
61Unlike other Unix systems, by default the IBM linker automatically will
62use the compile time library search path as the runtime shared library
63search path.  The use of relative paths in the runtime library search
64path is an especially acute security problem for suid or sgid programs.
65This default behavior is documented, so it is not considered a bug by IBM.
66However, some suid programs that have shipped with AIX have included insecure
67library search paths and are vulnerable to privilege elevation exploits.
68
69This may not be such a serious a security problem for ProFTPD, since it
70is not installed suid or sgid.  Nonetheless, it is wise to configure the
71runtime shared library search path with a reasonable setting.  For instance,
72consider potential problems from searching NFS mounted directories.
73
74An existing AIX executable's library search path can be displayed:
75
76  % dump -H progname
77
78The runtime library search patch should be specified explicitly at
79build time using the -blibpath option:
80
81  % cc -blibpath:/usr/lib:/lib:/usr/local/lib
82
83  % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib
84
85See the ld documentation, not just that of xlc/cc, for further information
86on the IBM linker flags.  Alternatively, an insecure library search path
87can be avoided using -bnolibpath, which causes the default path to be used
88(either the value of the LIBPATH environment variable, if defined, or
89/usr/lib:/lib, if not).
90
91It has been reported that at least some versions of GNU ld (e.g. 2.9.1)
92have emulated this default linking behavior on AIX platforms.  However,
93GNU ld uses -rpath to set the runtime library search path, rather than
94the IBM ld -blibpath or the Sun ld -R options:
95
96  % gcc -Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib
97
98Again, consult the GNU ld documentation for further information.
99Note that using the gcc compiler does not imply that it uses the GNU
100ld linker.  In fact, it is more common to use the IBM system linker.
101
102The upshot of all this is that you should tell configure what to use
103for the runtime shared library search path.  This can be done by setting
104LDFLAGS on the configure command line, possibly like this:
105
106  % env CC=cc LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \
107    ./configure ...
108
109  % env CC=gcc LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \
110    ./configure ...
111
112In addition to setting the runtime library search path during the original
113software build, the IBM linker can relink an existing *unstripped* executable
114using a new runtime library search path:
115
116  % cc -blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \
117    -o progname.new progname
118
119  % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \
120    -o progname.new progname
121
122where the "-l" options refer to shared libraries, which can be determined
123from the output of:
124
125    % dump -Hv progname
126
127which displays shared library information.  A basic proftpd executable
128probably will not require any "-l" options at all.
129
130
131Compiling with the IBM xlc/cc compiler
132--------------------------------------
133
134There is a problem with the index and rindex macros defined in <string.h>.
135Apparently, these are used as part of an attempt to inline string functions
136when the __STR__ C preprocessor macro is defined.  Conflicts with these
137definitions will cause compilation failures.
138
139The work-around is to undefine the __STR__ C preprocessor macro, which
140is predefined by the IBM compiler.  This can be done on the configure
141command line by adding '-U__STR__' to the CPPFLAGS variable:
142
143  % env CC=cc CPPFLAGS='-U__STR__' ./configure ...
144
145However, with newer versions of proftpd, it has been found that the following
146combination works better when compiling:
147
148  % env CC=cc CFLAGS='-D_NO_PROTO' ./configure ...
149
150
151Sendfile support in AIX
152-----------------------
153
154It appears that the sendfile() function in AIX 5.3
155(specifically AIX 5300-04-02) is faulty.  If you are running proftpd-1.3.0
156or later on AIX, place the following in your proftpd.conf:
157
158  UseSendfile off
159
160Failure to do so can result in downloads of files that end up being
161the wrong size (downloaded files being far too large, etc).
162
163

README.FreeBSD

1
2			ProFTPD 1.2 README.FreeBSD
3			==========================
4
5Packages
6--------
7
8A precompiled FreeBSD package for x86, Alpha, AMD64, and UltraSPARC systems
9can be installed from sources, including CD-ROM, the FreeBSD FTP server and
10its mirrors.  To install from the main FreeBSD FTP server:
11
12  # pkg_add -r proftpd
13
14Or, if you want MySQL support:
15
16  # pkg_add -r proftpd-mysql
17
18As the port is updated to a newer version, the corresponding package will be
19updated.
20
21
22Bugs
23----
24
25FreeBSD releases 2.0 through 3.3-RELEASE have a libc bug with setpassent().
26If you know that you have a fixed libc you can use the configure command line
27option '--enable-force-setpassent' to use it with one of these fixed releases,
28otherwise ProFTPD will use its internal persistent password support.  If you
29would like more information, this bug is described in FreeBSD PR #14201.
30
31
32Compiling From Source
33---------------------
34
35The FreeBSD ports collection[1,2] enables the downloading, configuring,
36building and installation of ProFTPD in one easy step.
37
38First, you must have the ports collection installed on the system*. The
39ProFTPD port is in ftp/proftpd, so if your ports collection is installed in
40/usr/ports, you should change to that directory:
41
42  $ cd /usr/ports/ftp/proftpd
43
44and run "make" to fetch the ProFTPD source distribution, extract it, apply the
45necessary patches for FreeBSD, configure and build the program. This should be
46done as a normal system user, not root, to minimise the chance of incidents.
47
48  $ make
49
50You can watch the progress as the port builds. Once it has finished, you can
51install the software on the system and register it in the FreeBSD package
52database by running "make install" as root:
53
54  # make install
55
56You can watch the progress as the port installs. Pay attention to any messages
57at the end of the install. Once it has finished, you can set up the system to
58start the ProFTPD server at boot by copying the file proftpd.sh.sample to
59proftpd.sh in directory /usr/local/etc/rc.d/.
60
61If you have installed "portupgrade" (sysutils/portupgrade), you can do this
62all on one line with e.g.:
63
64  $ portupgrade --new --recursive --sudo --verbose ftp/proftpd
65
66After creating your server configuration in /usr/local/etc/proftpd.conf (see
67proftpd.conf.default) for an example) you can start the server with
68
69  # /usr/local/etc/rc.d/proftpd.sh start
70
71Note that the proftpd binary is kept in the library executable directory,
72/usr/local/libexec/ which is not (and should not be) in your PATH, so if you
73want run a configuration test or add debugging flags from the command line,
74use the full path, e.g.:
75
76  # /usr/local/libexec/proftpd --configtest
77
78To get log messages from the FTP server, make sure you have configured syslog
79to save messages with facility "ftp", e.g. in syslog.conf put:
80
81  ftp.info		/var/log/ftplog
82
83and signal syslogd to re-read its configuration:
84
85  # kill -HUP `cat /var/run/syslog.pid`
86
87A second port has been created for the ProFTPD "Candidate" releases with the
88provisional name ftp/proftpd-devel, however at the time of writing it has not
89been added to the ports collection.
90
91* After choosing to install it during the initial FreeBSD install or by
92installing it from the FTP site[3], you should keep it up-to-date using
93cvsup[4].
94
95[1] http://www.freebsd.org/ports/
96[2] http://www.freebsd.org/doc/handbook/ports-using.html
97[3] ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
98[4] http://www.freebsd.org/doc/handbook/cvsup.html
99

README.LDAP

1mod_ldap v2.9.2
2===============
3
4mod_ldap is a ProFTPD module that performs user authentication and
5name/UID/quota lookups against an LDAP directory.
6
7**Please note:** Read the Changes section below for mod_ldap v2.9 changes;
8some significant changes have been made. Do *NOT* upgrade to mod_ldap v2.9
9or later before reading the Changes section.
10
11Sections:
121. Author
132. How do I set up mod_ldap?
143. Changes
154. Thanks
16
17
18=========
191. Author
20=========
21
22John Morrissey, <jwm@horde.net>, http://horde.net/~jwm/software/mod_ldap/.
23Feedback is much appreciated. If you're using mod_ldap successfully, are
24having problems getting mod_ldap up and running at your site, or have some
25code improvements or ideas for development, please let me know!
26
27
28============================
292. How do I set up mod_ldap?
30============================
31
32* tar xvzf proftpd-version.tar.gz
33* If you wish to use a newer version of mod_ldap that is not yet included
34  with a release version of ProFTPD, download the file mod_ldap.c and say:
35
36    cp -f mod_ldap.c proftpd-version/contrib
37
38* cd proftpd-version
39* ./configure --with-modules=mod_ldap
40* make
41* make install
42* The 'user-ldif' file contains a sample user ldif. Modify it to your liking
43  and say ldapadd -D your-root-dn -w your-root-dn-password < ldif
44* You are *strongly* encouraged to read up on the LDAP config-file
45  directives in proftpd-version/doc/Configuration.html. At bare minimum,
46  you'll need LDAPServer, LDAPBindDN, and LDAPUsers configuration directives
47  in your proftpd.conf.
48
49  A set of basic mod_ldap configuration directives would look like:
50
51    LDAPServer localhost
52    LDAPBindDN cn=your-dn,dc=example,dc=com dnpass
53    LDAPUsers "dc=users,dc=example,dc=com"
54
55  Of course, you will need to update these configuration directives with
56  the proper values for your environment.
57
58
59==========
603. Changes
61==========
62v2.9.2:
63- Prevent segmentation fault when no user filters (second and third
64  arguments to LDAPUsers) are specified.
65
66v2.9.1:
67- Handle potential NULL return value from crypt(). (Bug #3551)
68- Update README to mention the LDAPDNInfo -> LDAPBindDN change in v2.9.0.
69
70v2.9.0:
71- Overhaul configuration directives, hopefully yielding a more
72  straightforward, easier way to configure mod_ldap.
73
74  The LDAPDoAuth and LDAPDoUIDLookups directives have been combined into the
75  new LDAPUsers directive. The third argument to LDAPDoUIDLookups (the UID
76  filter template) is now the third argument to LDAPUsers.
77
78  LDAPDoGIDLookups is now LDAPGroups.
79
80  LDAPDoQuotaLookups is now obsolete. The default quota can be specified
81  with the new LDAPDefaultQuota directive.
82
83  Also, the on/off booleans on these directives have been removed. Now, if
84  the directive is present, the corresponding functionality will be enabled.
85
86  For example, the previous configuration:
87
88    LDAPDNInfo cn=your-dn,dc=example,dc=com dnpass
89    LDAPDoAuth on ou=people,dc=horde,dc=net (uid=%u)
90    LDAPDoUIDLookups on ou=people,dc=horde,dc=net (uidNumber=%u)
91    LDAPDoGIDLookups on ou=groups,dc=horde,dc=net
92    LDAPDoQuotaLookups on ou=people,dc=horde,dc=net (uid=%u) false,hard,10485760,0,0,0,0,0
93
94  becomes:
95
96    LDAPBindDN cn=your-dn,dc=example,dc=com dnpass
97    LDAPUsers ou=people,dc=horde,dc=net (uid=%u) (uidNumber=%u)
98    LDAPGroups ou=groups,dc=horde,dc=net
99    LDAPDefaultQuota false,hard,10485760,0,0,0,0,0
100
101- Remove OpenSSL local verification of password hashes; 'LDAPAuthBinds on'
102  should do exactly the same thing in a more secure and standard way.
103- Remove deprecated LDAPNegativeCache and LDAPUseSSL directives.
104- Add group members to debug output.
105- Various internal improvements to comments, log/debug messages, style, and
106  logic.
107
108v2.8.23:
109* Add support needed by mod_sftp_ldap for fetching user public keys.
110* Bad LDAP lookup can cause mod_ldap segfault under some conditions.
111  (Bug #3424)
112
113v2.8.22:
114* Disable the LDAPUseSSL directive, instead logging a warning so existing
115  configurations do not cause ProFTPD startup failure. Previous versions
116  enabled TLS when this directive was enabled. This behavior was incorrect,
117  since the intended behavior was to enable LDAPS/LDAP over SSL. To use
118  LDAPS, specify the ldaps:// protocol in the LDAPServerURL URL(s).
119
120  If you wish to continue using TLS, you must modify your configuration to
121  specify the ldap:// scheme in the LDAPServerURL URL and add the directive
122  'LDAPUseTLS on' to your configuration.
123* Add support for quota profiles. If a user entry doesn't have an ftpQuota
124  attribute, search for the DN contained in the user's ftpQuotaProfileDN
125  attribute (if present) and use the ftpQuota attribute present on that DN.
126  (Bug #2617)
127* Fix segfaults in debug logging on platforms whose printf() does not
128  gracefully handle NULL string pointers. (Bug #3346)
129* Escape LDAP filter metacharacters in inserted values when interpolating
130  filter templates.
131* Emit a debug warning when an LDAP URL is specified without an explicit
132  search scope.
133* Bug 2922 locks authentication for an account to the same module that
134  fetched the original account information. Remove the kludge wherein
135  "*" is passed to pr_auth_check() if we're doing auth binds to prevent
136  other modules from processing authentication. This has the convenient
137  side effect of making the UserPassword directive work with LDAP-sourced
138  accounts. Bump the required ProFTPD version to 1.3.1rc3.
139* Emit correct LDAP timeout in debug message, accounting for the default if
140  none was specified. Reported by Nikos Voutsinas <nvoutsin@noc.uoa.gr>.
141
142v2.8.21:
143* Implement an internal failover mechanism instead of relying on the LDAP
144  SDK's built-in failover (if any). Fixes failover regression introduced
145  in v2.8.19 when ldap_initialize() was first used.
146* Multiple LDAP URL arguments may now be passed to LDAPServer:
147
148  LDAPServer ldap://127.0.0.1/??sub ldap://172.16.0.1/??sub
149* When setting whether to dereference LDAP aliases after connecting to
150  the LDAP server, treat failure as a hard failure and refuse to continue
151  with that LDAP server. Previously, failure when specifying whether to
152  dereference aliases would be logged but the connection to that server
153  would continue.
154
155v2.8.20:
156* Prevent the use of LDAPSearchScope or LDAPUseSSL when LDAPServer specifies
157  a URL. Instead, the desired search scope and SSL setting should be
158  specified by the URL.
159* When using OpenSSL for local password verification (as opposed to
160  'LDAPAuthBinds on'), make the Base64 encoding buffer larger to ensure
161  we account for expansion resulting from the encoding.
162* Retrieve all LDAP attributes when calling pr_ldap_user_lookup() since
163  it will need various attributes (to perform home directory generation,
164  for one). Thanks to Nikos Voutsinas <nvoutsin@noc.uoa.gr>.
165  http://forums.proftpd.org/smf/index.php/topic,3562.0.html
166* Portability fix: don't use ldap_initialize() and ldap_unbind_ext_s()
167  unless we're building against the corresponding versions of the OpenLDAP
168  SDK.
169
170v2.8.19:
171* Fix compilation with old LDAP SDKs (LDAP_API_VERSION < 2000). Thanks to
172  Saju Paul <saju.paul@messageway.com>.
173* Define LDAP_SCOPE_DEFAULT if not defined by the SDK, fixing compilation
174  with (recent?) Sun LDAP headers.
175* Use the configured ldap_port in "connected..." debug message, not
176  LDAP_PORT.
177* Fix segfaults on client connect when an LDAP URL is used as an argument
178  to the LDAPServer directive. (Bug #3097)
179* Automatically enable LDAP TLS support based on a best guess as to whether
180  the installed LDAP SDK supports it.
181* Fixed missing ldap_init() -> ldap_initialize() when updating for latest
182  LDAP C API. Fixes segfaults on (some?) 64-bit systems. (Bug #3046)
183
184v2.8.18:
185* Remove all local caching code in favor of the recently added caching in
186  the ProFTPD Auth layer.
187* Silence some compiler warnings.
188* To verify non-crypt() password hashes locally with OpenSSL, it is no
189  longer necessary to edit mod_ldap.c to enable HAVE_OPENSSL. Instead,
190  build ProFTPD with the --enable-openssl argument to configure.
191
192v2.8.17:
193* Use non-deprecated LDAP API functions if the LDAP SDK is new enough to
194  comply with draft-ietf-ldapext-ldap-c-api-04.
195
196v2.8.16:
197* Add 'LDAPAliasDereference never|search|find|always' directive, which
198  defaults to never. This default is compatible with previous versions,
199  which did not support alias dereferencing.
200* Fix LDAPAttr support when more than one LDAPAttr directive is used.
201* Sync with ProFTPD API: set session.auth_mech to indicate that we've
202  successfully authenticated the user.
203* Eliminate segfaults when group information for an LDAP user is available
204  from other sources (such as mod_auth_unix). Thanks to Erick Briere
205  <Erick.Briere@afp.com>.
206* Make sure to count %u escapes as well as %v escapes when determining
207  filter length.
208* Fix parenthesizing in connection code.
209
210v2.8.15:
211* Erroneous release; contained 2.8.14 by mistake.
212
213v2.8.14:
214* Fix authentication when LDAPAuthBinds is enabled, which broke in 2.8.13.
215* Fix a typo in the group-by-name filter.
216
217v2.8.13:
218* This release REQUIRES ProFTPD 1.2.11rc1 or later.
219* mod_ldap now uses ProFTPD's CreateHome to create home directories. Some
220  LDAPHomedirOnDemand directives have been removed in favor of CreateHome.
221  The directives that apply to home directory path name generation still
222  exist, but have been renamed to LDAPGenerateHomedir.
223* The LDAP protocol version now defaults to LDAPv3. If you need to use
224  LDAPv2, say 'LDAPProtocolVersion 2' in your proftpd.conf. (Bug #2443)
225* LDAP attribute names are now configurable via proftpd.conf. For example,
226  if you want to change the uid attribute name, say 'LDAPAttr uid myUidAttr'
227  in your proftpd.conf.
228* The define to enable TLS support has been renamed to USE_LDAP_TLS.
229* The '%u' escape is now supported in all cases where '%v' is.
230* ProFTPD's UserPassword directive now works with LDAPAuthBinds enabled.
231  (Bug #2482)
232* Changed ldap_quota_lookup CMD to a HOOK.
233* Fixed a few compiler type warnings.
234
235v2.8.12:
236* Group code memory manipulation fixes (Phil Oester (phil at theoesters dot
237  com))
238* Default quota support
239* LDAP connections created for authenticated binds now honor the LDAPUseTLS
240  directive.
241
242v2.8.11:
243* mod_quotatab limit support
244* Allow ATTR_* compiler defines to be overridden on the build command line,
245  e.g.: CFLAGS="-DUID_ATTR=foo" ./configure
246* The canonical username from the LDAP directory is now used in directory
247  creation.
248* LDAPForceHomedirOnDemand to force the use of the generated home directory
249  instead of the directory provided by the LDAP directory.
250* Support for permissions on LDAPHomedirOnDemand suffixes. You can say:
251
252  LDAPHomedirOnDemandSuffix foo:755 bar:700
253
254  in your proftpd.conf.
255* Support for %v escapes in LDAPDoAuth directive to allow fetching the
256  user's entry directly, without performing a search first. For example,
257
258  LDAPDoAuth on uid=%v,dc=example,dc=com
259
260  will fetch the entry uid=[username],dc=example,dc=com directly when a user
261  logs in, saving some effort on the part of the LDAP directory.
262* Leading directories are now checked for and creation is no longer
263  attempted if they already exist.
264* Miscellaneous pedanticism & cleanup in error messages and the code itself.
265
266v2.8.10:
267* Ditch ldap_build_filter() (non-portable and/or deprecated) in favor of
268  our own translation function. This should make mod_ldap build against
269  OpenLDAP 2.1.x and Novell eDirectory, among others.
270
271v2.8.9:
272* Added explicit OpenSSL link exception to the license.
273
274v2.8.8:
275* ProFTPD Bug 1659 - LDAP config handlers should use c->pool instead of
276  permanent_pool
277
278v2.8.7:
279* Properly drop root privs in the LDAPHomedirOnDemand code if we're
280  returning prematurely due to an error condition.
281* Small cleanup of the LDAPHomedirOnDemand directory creation code.
282
283v2.8.6:
284* Fix to the user-caching code that now prevents the cache from
285  returning an empty password struct in certain situations.
286
287v2.8.5:
288* Small fix in the group handlers - group lookups would sometimes be
289  attempted even if they were disabled.
290
291v2.8.4:
292* Fix for segfaults when optional arguments are omitted from
293  LDAPDoGIDLookups directive
294
295v2.8.3:
296* Secondary group support (thanks to Andreas Strodl for providing patches)
297* LDAPHomedirOnDemand modes are now absolute; they are no longer subject
298  to ProFTPD's umask.
299* LDAPDefault[UG]ID directives should now support the full range of
300  32-bit UIDs.
301* Sanity checking is now done on LDAPDefault[UG]ID arguments to ensure
302  they're numeric.
303* LDAPDoGIDLookups now takes an extra argument. Its arguments are now:
304
305  LDAPDoGIDLookups on|off group-base-dn by-name-filter by-uid-filter
306
307  by-name-filter defaults to (&(cn=%v)(objectclass=posixGroup)) and
308  by-uid-filter defaults to (&(gidNumber=%v)(objectclass=posixGroup)).
309
310v2.8.2:
311* Fixed a privilege escalation bug. If LDAPHomedirOnDemand is enabled and
312  creation of the user's home directory fails, the server does not
313  relinquish root privileges. There shouldn't be exploitable, but all
314  users with LDAPHomedirOnDemand enabled are encouraged to upgrade.
315
316v2.8.1:
317* Fixed a bug that prevented proper permissions being applied to home
318  directories created on demand.
319* Fixed an issue that would prevent per-VirtualHost configuration directives
320  from being properly recognized.
321
322v2.8:
323* The username escape sequence in search filter templates has changed.
324  You must now use %v instead of %u as the escape for the username. For
325  example, if you had:
326
327    LDAPDoAuth on dc=example,dc=com (uid=%u)
328
329  in your proftpd.conf with a previous version of mod_ldap, you will need
330  to change this to:
331
332    LDAPDoAuth on dc=example,dc=com (uid=%v)
333
334* LDAPAuthBinds is now enabled by default. I'm sick of hearing "Your
335  mod_ldap is broken; it won't talk to my LDAP server and I've ignored the
336  convenient error message about userPassword that mod_ldap logs."
337
338* The full path to user home directories is now created. Directories leading
339  up to the user's home directory are created root-owned and mode 755 (i.e.,
340  they are not subject to the mode argument to LDAPHomedirOnDemand). Home
341  directory creation now works for all users, not just users with the same
342  UID/GID as the main ProFTPD server. Lastly, the mode argument to
343  LDAPHomedirOnDemand is no longer subject to ProFTPD's Umask.
344
345* TLS support (You'll need to edit mod_ldap.c to define USE_LDAPV3_TLS and
346  recompile proftpd, then say 'LDAPUseTLS on' in your proftpd.conf). This
347  may or may not work with non-OpenLDAP SDKs; I'd love to hear if anyone has
348  it working with the Mozilla LDAP SDK or any others.
349
350* The LDAP search sizelimit is now set to prevent LDAP server thrashing with
351  wildcarded usernames.
352
353* Basic caching support has been added. This should cut down on the number
354  of queries made to the directory server. In addition, negative caching
355  is now enabled by default.
356
357* LDAPHomedirOnDemandSuffix can now take multiple arguments (multiple
358  directories to create) and can be activated independently of
359  LDAPHomedirOnDemand.
360
361* With the addition of LDAPHomedirOnDemandPrefix, home directories can now
362  be completely autogenerated, removing the need for a homeDirectory
363  attribute in each user's LDAP entry. Say:
364
365    LDAPHomedirOnDemandPrefix /home
366
367  in your proftpd.conf to give users a home directory with the format
368  /home/username. In this example, the user joe would be given the home
369  directory /home/joe.
370
371* Attribute names are now #defines at the top of mod_ldap.c. You can now
372  change attribute names by editing mod_ldap.c and recompiling.
373
374* The LDAPDefaultUID and LDAPDefaultGID directives can now be forced;
375  enabling LDAPForceDefaultUID or LDAPForceDefaultGID will apply the
376  default UID or GID (respectively) even if a user has a different UID/GID
377  in his uidNumber or gidNumber attribute.
378
379* Fairly extensive code cleanup and comment syncing.
380
381v2.7.6:
382* Fixing the OpenLDAP 2 fixes.
383
384v2.7.5:
385* Fixes for OpenLDAP 2 support.
386* Fix LDAP authentication filter use; previously, the user-specified search
387  filter would not be used in the second stage of authenticating a user.
388
389v2.7.4:
390* The LDAPDefaultAuthScheme directive should function properly now.
391
392v2.7.3:
393* Removed some old, useless code.
394
395v2.7.2:
396* LDAPQueryTimeout fix. In mod_ldap v2.7.1, in some situations, the query
397  timeout could be set to -1, which would cause all LDAP lookups to fail.
398
399v2.7.1:
400* Ported MacGyver's portable UID/GID code to mod_ldap
401* The value passed to LDAPQueryTimeout is now honored (the timeout isn't
402  simply set to 1 second)
403
404v2.7:
405* Added a fix for picky LDAP servers like Sun Directory Services; using
406  AuthBinds with those LDAP servers would break in previous mod_ldap
407  versions.  See the comments in the code for more details (search for "Sun
408  Directory Services").
409* You can now pass a file mode to LDAPHomedirOnDemand to create home
410  directories with that mode.
411* Improved group support; mod_ldap now supports multiple memberUid
412  attributes for a group object.
413* Miscellaneous neatening/tightening of high-level auth/lookup handler
414  functions.
415* You can now specify custom LDAP search filters at runtime. See the
416  configuration guide (doc/Configuration.html) entries for LDAPDo* for more
417  details.
418* Objectclass is now enforced. You *must* have an objectclass attribute for
419  each of your LDAP objects. This attribute must have a value of
420  'posixAccount' ("objectclass: posixAccount"). For groups, this attribute
421  must have the value 'posixGroup' ("objectclass: posixGroup"). If you wish
422  to disable this objectclass enforcement, use the the LDAP filter
423  "(uid=%u)" for Auth and UID lookups (see doc/Configuration.html for how to
424  specify a custom LDAP search filter).
425* Removed allowedServices code. The functionality that allowedServices
426  provided can now be duplicated with a modified LDAP search filter.
427
428  For example, to replicate basic allowedServices checking, pass this LDAP
429  search filter to LDAPDoAuth:
430  (&(uid=%u)(|(allowedServices=*FTP*)(!(allowedService=*))))
431
432  To emulate deniedServices checking, use this search filter:
433  (&(uid=%u)(!(deniedServices=*FTP*)))
434
435  To emulate *both* allowedServices and deniedServices checking, use this
436  filter (beware line wrap):
437  (&(uid=%u)(|(allowedServices=*FTP*)(!(allowedService=*)))(!(deniedServices=*FTP*)))
438
439v2.6.1:
440* Fixed a bug that would prevent proper search scope selection.
441
442v2.6:
443* HomedirOnDemandSuffix - create an additional subdirectory in a user's home
444  directory (/home/user/anotherdirectory) on demand
445* Minor group fixes/cleanups - supplementary groups now work properly
446* Password {scheme}s are now treated in a case-insensitive manner.
447* Password-hash support for any crypto method OpenSSL supports
448  To enable extended OpenSSL password hash support, edit mod_ldap.c and
449  uncomment #define HAVE_OPENSSL. You'll also need to edit Make.rules to
450  link against OpenSSL. Further details are provided in mod_ldap.c.
451* Runtime search scope selection; one-level or subtree searches can be
452  selected from proftpd.conf.
453
454v2.5.2:
455* Fixed a bug that would allow unauthorized users to log in when mod_ldap
456  is used with other authentication modules and LDAPAuthBinds is set to on.
457
458v2.5.1:
459* Fixed a one-line bug that broke password authentication when AuthBinds
460  weren't being used.
461
462v2.5:
463* Authenticated bind support added. mod_ldap now fetches all user information
464  except for userPassword as the DN specified in LDAPDNInfo and then re-binds
465  to the LDAP server as the connecting user with the user-supplied password.
466  If the bind succeeds, the user is allowed to log in. This also has the
467  added advantage of allowing mod_ldap to support any password encryption
468  scheme that your LDAP server supports. Also, a privileged DN is no longer
469  needed to read the userPassword attribute from the LDAP server.
470* Realized I wasn't checking the return value of find_config() for NULL
471  values, this would cause ProFTPD to segfault if certain config file
472  entries were not present.
473* Removed debugging code that might contain NULL values; passing a NULL
474  value to printf() and friends under Solaris causes a segfault.
475* Miscellaneous cleanups, code neatening.
476
477v2.0:
478* Config file syntax revamped:
479   LDAPServer            localhost
480   LDAPDNInfo            cn=your-dn,dc=horde,dc=net dnpass
481   LDAPQueryTimeout      5
482   LDAPDoAuth            on "dc=users,dc=horde,dc=net"
483   LDAPDoUIDLookups      on "dc=users,dc=horde,dc=net"
484   LDAPDoGIDLookups      on "dc=groups,dc=horde,dc=net"
485   LDAPDefaultUID        35000
486   LDAPDefaultGID        1000
487   LDAPNegativeCache     on
488   LDAPHomedirOnDemand   on
489   LDAPDefaultAuthScheme clear
490* Configurable LDAP query timeout [Peter Deacon <peterd@iea-software.com>]
491* Cleartext password "encryption" scheme ("{clear}mypass")
492* UID-to-name and GID-to-name lookups in directory listings
493* Separate prefixes for user and group lookups
494* Can turn on/off UID-to-name and GID-to-name lookups independently
495* Default [UG]IDs. Say you want to have a web-toaster type of deal, with
496  all users having the same [UG]IDs. Just don't put [ug]idNumber attrs in
497  your LDAP database for those users, and set these configuration
498  directives. Any user that doesn't have a [UG]ID in the LDAP database will
499  have that info filled in with the default [UG]ID.
500* mod_ldap is now able to function in a pure virtual-user environment;
501  please note, however, that the loginShell LDAP attr still must be a
502  valid shell. You can turn this check off by saying RequireValidShell off
503  in your proftpd.conf
504* allowedServices attr: (I broke with objectclass here, couldn't find
505  something that seemed to fit this.) This attribute contains a
506  comma-deliminated list of services to allow this particular user.  The
507  string "FTP" corresponds to FTP service. If no allowedServices attr is
508  present, all services will be allowed.
509* You can have alternate LDAP servers; just specify LDAPServer "host1
510  host2"; [Peter Deacon <peterd@iea-software.com>]
511* LDAPHomedirOnDemand to automatically create home directories in a
512  virtual-user environment. [patch: Bert Vermeulen <bert@be.easynet.net>]
513* LDAPDefaultAuthScheme to select the authentication scheme to use when
514  no {prefix} is present in a user's userPassword LDAP attr.
515  [patch: Bert Vermeulen <bert@be.easynet.net>]
516* Virtual hosting support may or may not work okay; theoretically, I think
517  adding LDAP configuration directives to a <VirtualHost> block will work,
518  but this hasn't been tested.
519
520New Tested Platforms:
521
522* Solaris 2.6 with Netscape Directory Server and the Mozilla LDAP C SDK,
523  available at http://www.mozilla.org/directory/csdk.html.
524  Peter Fabian <fabian@staff.matavnet.hu>
525* Solaris 7 with gcc 2.95.1 and OpenLDAP 1.2.7
526  Ralf Kruedewagen <Ralf.Kruedewagen@meocom.de>
527
528v1.2:
529* made the variables for the config entries static
530* moved the meat of the ldap querying code to a separate function, this
531  gets the individual getpw*() handlers down to about 15-20 lines each.
532  also paves the way for easy LDAP group lookups too.
533* explicitly set ld = NULL in p_endpwent(), looks like ldap_unbind()
534  doesn't always set it to NULL, and bad things happen later.
535* fixed a showstopper: if there's a user/group directive in proftpd.conf,
536  mod_ldap:getpwnam() will be called to look up the user. since the
537  LDAP config variables aren't initialized yet, the LDAP libraries crash
538  and burn upon encountering a NULL ldap_prefix. put some checks in
539  p_setpwent() to check for this and disable LDAP lookups before the
540  parent forks and the config is initialized. thanks to Sean Murphy
541  <smurphy@berbee.com> for sending me on this path.
542* modified pw_auth() so that it will assume crypt() if there's no leading
543  {scheme} in the password returned by the LDAP query.
544* pw_auth() turned off logging of unidentifiable password encryption
545  schemes; this would syslog the encrypted password returned by the ldap
546  server. many people have their logs tightened, but not all.
547* a few miscellaneous changes & cleanups
548
549v1.1:
550* Added $Libraries$ directive to mod_ldap so the module is now entirely
551  self-contained.
552* Changed one reference to sprintf() to snprintf() and changed uidstr
553  in p_getpwuid() to have a length of BUFSIZ.
554* Added config option (LDAPNegativeCache) to turn LDAP negative caching
555  on and off. The default is off (don't do LDAP negative caching).
556* Added entries to doc/Configuration.html for all the LDAP configuration
557  directives.
558* MacGyver added mod_ldap to the ProFTPD CVS tree; proftpd-ldap-1.1
559  is now in sync with ProFTPD CVS.
560
561v1.0:
562* Initial release of proftpd-ldap
563
564
565=========
5664. Thanks
567=========
568
569* Everyone listed in mod_ldap.c for contributing code.
570
571* James (james at wwnet dot net) for a copy of his LDAP module that he never
572  released
573* Krzysztof Dabrowski (brush at pol dot pl) for some big virtual-user ideas
574* Peter Deacon (peterd at iea-software dot com) for ideas
575* Peter Fabian (fabian at staff dot matavnet dot hu) for ideas and a tested
576  platform
577* Justin Hahn (jeh at profitlogic dot com) for good ideas and debate
578* Ralf Kruedewagen (Ralf dot Kruedewagen at meocom dot de) for a tested
579  platform
580* Steve Luzynski (steve at uniteone dot net) for extra help/testing/feedback
581* Scott Murphy (smurphy at berbee dot com) for a trouble report
582* Marcin Obara for lots of testing
583* Miguel Barreiro Paz (mbpaz at edu dot aytolacoruna dot es) for a supported
584  platform and new supported LDAP server
585* Everyone else who has sent feedback, bug reports, feature requests,
586  and ideas.
587

README.Solaris2.5x

1Using ProFTPD with Solaris 2.5.1 (possibly even other versions):
2
3[Ed: Note, in Solaris 2.6 this is no longer necessary]
4
5Solaris 2.5.1 has an odd problem involving tcp sockets inside of a
6chroot()  [as used w/ DefaultRoot and Anonymous logins].  Apparently, due
7to the Solaris xti code, socket operations initially attempt to open a few
8devices, including /dev/tcp, /dev/udp, /dev/zero and /dev/ticotsord.  This
9is most likely caused by the networking libraries, and is completely out
10of the control and/or scope of ProFTPD.
11
12Solaris 2.5.1 users wishing to use ProFTPD will have to do something like
13the following in their anonymous or otherwise chroot'ed directories:
14
15[ !!NOTE!!  Do not use the major/minor device numbers below verbatim.
16  Solaris on different archs will use different major/minors.  Check
17  your OS documentation first before doing this. ]
18
19mkdir dev
20mknod dev/tcp c 11 42
21mknod dev/udp c 11 41
22mknod dev/zero c 13 12
23mknod dev/ticotsord c 105 1
24
25Solaris 2.5 (and possibly 2.5.1) requires these additional device
26nodes to be created in order to avoid a system panic when the
27loopback interface is used:
28
29mknod dev/ticlts c 105 2
30mknod dev/ticots c 105 0
31
32# the following is necessary to allow proftpd to create a socket
33# when in non-low-port mode (such as during passive transfers)
34chmod 0666 dev/tcp
35
36Failure to create these files will result in "socket() failed in
37inet_create_connection(): No such file or directory" when a user logs in
38anonymously and attempts to transfer data of any type (including a simple
39directory listing).
40
41If you receive errors such as "socket() failed in
42inet_create_connection(): Permission denied", you need to chmod 0666 your
43dev/tcp device.
44

README.Unixware

1Using ProFTPD with UnixWare 7.1
2
3UnixWare 7.x has an odd problem involving tcp sockets inside of a
4chroot()  [as used w/ DefaultRoot and Anonymous logins].  Apparently, due
5to the UnixWare xti code, socket operations initially attempt to open a few
6devices, including /dev/tcp, /dev/udp, /dev/zero and /dev/ticotsord.  This
7is most likely caused by the networking libraries, and is completely out
8of the control and/or scope of ProFTPD.
9
10UnixWare 7.1 users wishing to use ProFTP will have to do something like
11the following in their anonymous or otherwise chroot'ed directories:
12
13[ !!NOTE!!  Do not use the major/minor device numbers below verbatim.
14  Solaris on different archs will use different major/minors.  Check
15  your OS documentation first before doing this. ]
16
17mkdir dev
18mknod dev/tcp c 7 37
19mknod dev/zero c 39 1
20
21# the following is necessary to allow proftpd to create a socket
22# when in non-low-port mode (such as during passive transfers)
23chmod 0666 dev/tcp
24
25Failure to create these files will result in "socket() failed in
26inet_create_connection(): No such file or directory" when a user logs in
27anonymously and attempts to transfer data of any type (including a simple
28directory listing).
29
30If you receive errors such as "socket() failed in
31inet_create_connection(): Permission denied", you need to chmod 0666 your
32dev/tcp device.
33
34Additionally you will need to create the file etc/netconfig or you'll
35get the following error message: _s_match: setnetconfig failed
36
37mkdir etc
38cp /etc/netconfig etc/netconfig
39

README.cygwin

1                      ProFTPD README.Cygwin
2                      =====================
3
4Introduction
5------------
6
7Cygwin is a UNIX-like environment framework for Microsoft Windows
898/NT/2000/XP operating systems. Most programs that you are used to using
9can compile and behave exacttly the same way as on your favorite Unix
10system. However, there are some minor differences and compatibility issues.
11
12
13Configuring and Compiling
14-------------------------
15
16In standard Cygwin setup, there's no such username as 'root'. By default,
17the configure script assigns 'Administrator' as the installation username.
18Should you want to change this, then specify a username in the
19'install_user' environment variable.
20
21The rest of the installation process is as usual:
22
23    ./configure
24    make
25    make install
26
27Note: Cygwin does not currently support large files (e.g. files larger than
282 GB).  Also, Cygwin 1.3.22 or later should be installed. Earlier versions
29of Cygwin would result in error messages like:
30
31  426 Transfer aborted.  Socket operation on non-socket
32
33Installing as Windows service
34-----------------------------
35
36Create a shell script and put it somewhere, with the following contents:
37
38--8<--Cut here--
39#!/bin/sh
40# File: proftpd-config.sh
41# Purpose: Installs proftpd daemon as a Windows service
42
43cygrunsrv --install proftpd \
44          --path /usr/local/sbin/proftpd.exe \
45          --args "--nodaemon" \
46          --type manual \
47          --disp "Cygwin proftpd" \
48          --desc "ProFTPD FTP daemon"
49--8<--Cut here--
50
51The --nodaemon option is important. It prevents the process from detaching.
52Thus you can always shut it down with "net stop proftpd" command.
53
54After running this script, you may run the daemon with "net start proftpd"
55command. Or, change the type from "manual" to "auto", and it will run on the
56system startup.
57
58You can remove the service with the command:
59    cygrunsrv --remove proftpd
60
61Installing as inetd service
62-----------------------------
63Edit the corresponding line in /etc/inetd.conf:
64
65    ftp stream tcp nowait root /usr/local/sbin/in.proftpd in.proftpd
66
67You can specify an alternative configuration file with -c option.
68
69Configuration File
70------------------
71
72The default configuration file resides in /usr/local/etc/proftpd.conf.
73However, the default version of the proftpd.conf created by the installation
74script is unusable within the Cygwin environment.
75
76Some configuration directives need to be changed as follows:
77
78    ServerType standalone|inetd
79
80        Needs to be set correctly. Having standalone when running from inetd
81        produces daemon processes which are difficult or impossible to kill.
82
83    User   System
84    Group  Administrators
85
86        By default, a Windows service runs as the SYSTEM user, and if User
87        directive specifies some other user, ProFTPD fails to change to that
88        user.  Also, if no User directive given, the daemon tries to change
89        the uid to the SYSTEM user ID.
90
91        Using a less privileged user and/or group will result in errors
92        when users attempt to login.
93
94    <Anonymous directory_name>
95
96        The user specified in User directive should exist as a Windows
97        account. In Windows User Manager, this login can be even disabled.
98        As usual, make sure you have this entry in the Cygwin /etc/passwd
99        file (produced by mkpasswd.exe).
100
101    UserPassword username encrypted_passwd
102
103        The encrypted password can be produced with the "openssl passwd"
104        command.
105
106When a user logs in, the following non-fatal warnings will appear in the
107proftpd logs:
108
109    error setting write fd IP_TOS: Invalid argument
110    error setting read fd IP_TOS: Invalid argument
111    error setting write fd TCP_NOPUSH: Protocol not available
112    error setting read fd TCP_NOPUSH: Protocol not available
113
114Author:
115Stanislav Sinyagin
116CCIE #5478
117ssinyagin@yahoo.com
118
119

README.md

1# ProFTPD 1.3.x README
2
3## Status
4
5[![TravisCI Build Status](https://travis-ci.org/proftpd/proftpd.svg?branch=master)](https://travis-ci.org/proftpd/proftpd)
6[![CirrusCI Build Status](https://api.cirrus-ci.com/github/proftpd/proftpd.svg?branch=master)](https://cirrus-ci.com/github/proftpd/proftpd)
7[![Coverage Status](https://coveralls.io/repos/proftpd/proftpd/badge.svg?branch=master&service=github)](https://coveralls.io/github/proftpd/proftpd?branch=master)
8[![Coverity Scan Status](https://scan.coverity.com/projects/198/badge.svg)](https://scan.coverity.com/projects/198)
9[![C/C++ Language Grade](https://img.shields.io/lgtm/grade/cpp/g/proftpd/proftpd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/proftpd/proftpd/context:cpp)
10[![Release](https://img.shields.io/badge/release-1.3.7b-brightgreen)](https://github.com/proftpd/proftpd/releases/latest)
11[![License](https://img.shields.io/badge/license-GPL-brightgreen.svg)](https://img.shields.io/badge/license-GPL-brightgreen.svg)
12
13## Introduction
14
15ProFTPD is a highly configurable FTP daemon for Unix and Unix-like
16operating systems.  See the _**README.ports**_ file for more details about
17the platforms on which ProFTPD in known or thought to build and run.
18
19ProFTPD grew from a desire for a secure and configurable FTP server.
20It was inspired by a significant admiration of the Apache web server.
21Unlike most other Unix FTP servers, it has not been derived from the old
22BSD `ftpd` code base, but is a completely new design and implementation.
23
24ProFTPD's extensive configurability provides systems administrators great
25flexibility in user authentication and access controls, including virtual
26users and easy `chroot()` FTP sessions for individual users.
27
28ProFTPD is popular with many service providers for delivering update
29access to user web pages, without resorting to Unix shell accounts.
30
31## Latest Release
32
33- [ftp://ftp.proftpd.org/distrib/source/](ftp://ftp.proftpd.org/distrib/source/)
34- [http://www.proftpd.org/](http://www.proftpd.org/)
35
36> see _**RELEASE_NOTES**_ for an overview of the changes in this release.
37
38## Major Features
39
40- A single main configuration file, with directives and directive groups patterned after those of the Apache web server.
41- Per directory ".ftpaccess" configuration similar to Apache's ".htaccess".
42- Designed to run either as a stand-alone server or from `inetd`/`xinetd`.
43- Multiple virtual FTP servers and anonymous FTP services.
44- Multiple password files.
45- Shadow password support, including support for expired accounts.
46- Multiple authentication methods, including PAM, LDAP, SQL, and RADIUS.
47- Virtual users.
48- ProFTPD never executes any external program at any time. There is no `SITE EXEC` command, and all file and directory listings are generated internally, without using an external ls command.
49- Anonymous FTP and other chroot directories do not require any specific directory structure, executable programs or other system files.
50- Modular architecture with an API that facilitates well structured extensions to meet user needs.
51- Visibility of directories or files controlled based on Unix style permissions or user/group ownership.
52- Logging and `utmp`/`wtmp` support.  Extensible, customizable logging is available.
53- If supported by the capabilities the host system, it can run as a non-privileged user in stand-alone mode, thwarting attacks aimed at exploiting "root" privileges.
54- GPLv2 source license.  The source code is available to audit.
55
56## Documentation
57
58- The [doc/](doc/) directory
59- [http://www.proftpd.org/docs/](http://www.proftpd.org/docs/)
60
61## Installation Overview
62
63For detailed installation instructions, see the _**INSTALL**_ file in the root
64directory of the source distribution.
65
66The ProFTPD source distribution is designed to be configured using the GNU
67autotools, so compiling and installing follows the familiar command sequence of
68```bash
69./configure
70make
71make install
72```
73
74However, a significant portion of ProFTPD's configurability is done at compile
75time, so it is highly recommended that you read _**INSTALL**_ and all of the
76_**README.***_ files that pertain to your platform and desired features before
77building the sources.
78
79ProFTPD uses a single configuration file.  A few examples are included in the
80[sample-configurations/](sample-configurations/) subdirectory of the source
81distribution.
82
83On most systems, the `inetd` or `xinetd` configuration must be changed, either
84to remove the current ftpd entry to run ProFTPD standalone, or to change the
85current ftpd entry to use the proftpd daemon.
86
87## Questions
88
89If you have questions, please ask them on the appropriate [mailing lists](http://www.proftpd.org/lists.html).
90
91If you don't understand the documentation, please tell us, so we can explain it
92better.  The general idea is: if you need to ask for help, then something needs
93to be fixed so you (and others) don't need to ask for help.  Asking questions
94helps us to know what needs to be documented, described, and/or fixed.
95

README.modules

1
2                        ProFTPD 1.3 README.modules
3                        ==========================
4
5
6Core ProFTPD Modules (modules subdirectory)
7-------------------------------------------
8
9Modules always included:
10
11    mod_auth
12        Implements FTP authentication commands (USER, PASS, ACCT, REIN).
13
14    mod_core
15        Implements core configuration directives and most RFC-959 FTP
16        commands (CWD, CDUP, MKD, PWD, RMD, DELE, RNTO, RNFR, PASV, PORT,
17        SYST, HELP, QUIT, NOOP), and the MDTM and SIZE extensions.
18
19    mod_delay
20        Implements algorithms to protect against information leaks
21        via timing attacks.
22
23    mod_log
24        Interface to Unix message logging (syslog or file).
25
26    mod_ls
27        Implements the FTP LIST, NLST and STAT commands.
28
29    mod_facts
30        Implements the FTP MFF, MFMT, MLSD, and MLST commands.
31
32    mod_site
33        Implements the FTP SITE command, and the HELP, CHGRP, CHMOD
34        subcommands.
35
36    mod_auth_file
37        Interface to file-based authentication (AuthUserFile, AuthGroupFile)
38
39    mod_auth_unix
40        Interface to the native Unix password system.
41
42    mod_xfer
43        Implements FTP file transfer commands (STOR, RETR, APPE, REST,
44        ABOR, TYPE, STRU, MODE, ALLO, SMNT, STOU).
45
46    mod_ident
47        Implements RFC1413 identity lookups (IdentLookups).
48
49Modules automatically included when supported by the OS:
50
51    mod_auth_pam
52        PAM (Pluggable Authentication Modules) authentication.
53        See README.PAM.
54        Originally contributed by MacGyver <macgyver@tos.net>.
55
56    mod_cap, libcap
57        POSIX 1e (IEEE 1003.1e draft) security model enhancements
58        (capabilities and capability sets), available for Linux kernels
59        2.1.104 and later. See README.capabilities.
60
61
62Modules included upon request:
63
64    mod_ctrls
65        Provides the server-side listener for control requests
66        (see README.controls)
67
68    mod_dso
69        Handles loading and unloading of DSO modules (see README.DSO)
70
71    mod_facl
72        Handles checking of POSIX ACLs (see README.facl)
73
74    mod_lang
75        Handles the LANG command (see README.NLS)
76
77    mod_memcache
78        Handles Memcache support
79
80Contributed ProFTPD Modules (contrib/ subdirectory)
81--------------------------------------------------
82
83Also, see contrib/README.
84
85Security/encryption modules:
86
87    mod_sftp, mod_sftp_pam, mod_sftp_sql
88        SSH2, SFTP, SCP protocol implementation
89        See doc/contrib/mod_sftp.html
90        Contributed by TJ Saunders <tj@castaglia.org>
91
92    mod_tls, mod_tls_memcache, mod_tls_shmcache
93        SSL/TLS authentication/encryption
94        See doc/contrib/mod_tls.html
95        Originally by Peter Runestig
96        Contributed by TJ Saunders <tj@castaglia.org>
97
98Authentication modules:
99
100    mod_ldap
101        LDAP (Light-weight Directory Access Protocol) authentication.
102        See README.LDAP.
103        Contributed by John Morrissey <jwm@horde.net>.
104
105    mod_sql, mod_sql_mysql, mod_sql_postgres, mod_sql_odbc, mod_sql_sqlite
106        SQL (Structured Query Language) database authentication and
107        other functions, with backends for MySQL, PostgreSQL, ODBC, and SQLite.
108        See doc/contrib/mod_sql.html
109        Contributed by Johnie Ingram <johnie@netgod.net>.
110
111    mod_radius
112       RADIUS (RFC2865) authentication and accounting
113       See doc/contrib/mod_radius.html
114       Contributed by TJ Saunders <tj@castaglia.org>.
115
116Feature modules:
117
118    mod_ban
119        Dynamic blacklisting.
120        See doc/contrib/mod_ban.html
121        Contributed by TJ Saunders <tj@castaglia.org>.
122
123    mod_ctrls_admin
124        Common administrative control actions
125        See doc/contrib/mod_ctrls_admin.html
126        Contributed by TJ Saunders <tj@castaglia.org>
127
128    mod_dynmasq
129        Automatic refreshing of IP address for MasqueradeAddress DNS name,
130        for sites that use DynDNS-type services
131        See doc/contrib/mod_dynmasq.html
132        Contributed by TJ Saunders <tj@castaglia.org>
133
134    mod_exec
135        Execute custom external scripts based on session actions/events.
136        See doc/contrib/mod_exec.html
137        Contributed by TJ Saunders <tj@castaglia.org>
138
139    mod_geoip
140        Look up geographic information based on the client IP address.
141        See doc/contrib/mod_geoip.html
142        Contributed by TJ Saunders <tj@castaglia.org>
143
144    mod_ifsession
145        Conditional per-user, per-group, per-class configurations
146        See doc/contrib/mod_ifsession.html
147        Contributed by TJ Saunders <tj@castaglia.org>
148
149    mod_load
150        Reject connections based on system load
151        See doc/contrib/mod_load.html
152        Contributed by TJ Saunders <tj@castaglia.org>
153
154    mod_log_forensic
155        Only write log information when criteria are met.
156        See doc/contrib/mod_log_forensic.html
157        Contributed by TJ Saunders <tj@castaglia.org>
158
159    mod_qos
160        Tweak the network TCP QoS bits for better routing
161        See doc/contrib/mod_qos.html
162        Contributed by Philip Prindeville
163
164    mod_quotatab, mod_quotatab_file, mod_quotatab_ldap, mod_quotatab_radius,
165      mod_quotatab_sql
166        User/group/class quotas.
167        See doc/contrib/mod_quotatab.html
168        Contributed by TJ Saunders <tj@castaglia.org>
169
170    mod_ratio
171        User upload/download ratios.
172        See contrib/README.ratio and the comments in mod_ratio.c.
173        Contributed by Johnie Ingram <johnie@netgod.net>
174        and Jim Dogopoulos <jd@dynw.com>/<jd@downcity.net>.
175
176    mod_readme
177        Display "readme" files, controlled by the "DisplayReadme" directive.
178        Originally contributed by <jan.menzel@gmx.de>.
179
180    mod_rewrite
181        Powerful regular expression-based command parameter rewrite engine
182        See doc/contrib/mod_rewrite.html
183        Contributed by TJ Saunders <tj@castaglia.org>
184
185    mod_shaper
186        Throttling of data transfers across the entire server.
187        See doc/contrib/mod_shaper.html
188
189    mod_site_misc
190        Miscellaneous SITE commands (e.g. SITE SYLINK, SITE UTIME)
191        See doc/contrib/mod_site_misc.html
192
193    mod_unique_id
194        Provides a unique ID for each FTP session, useful for session
195        tracking in log files and databases
196        See doc/contrib/mod_unique_id.html
197        Contributed by TJ Saunders <tj@castaglia.org>
198
199    mod_wrap
200        TCP Wrappers.
201        See contrib/README.mod_wrap and doc/contrib/mod_wrap.html.
202        Contributed by TJ Saunders <tj@castaglia.org>.
203
204    mod_wrap2, mod_wrap2_file, mod_wrap2_sql
205        TCP wrappers functionality, extended to include SQL tables
206        See doc/contrib/mod_wrap2.html
207        Contributed by TJ Saunders <tj@castaglia.org>.
208
209
210Other ProFTPD modules (not included in the source distribution)
211---------------------------------------------------------------
212
213Please see
214
215    http://www.proftpd.org/module_news.html
216
217for a current third-party module list. These modules (and patches) are
218neither evaluated nor sanctioned in any way.
219

README.ports

1
2                        ProFTPD 1.2 README.ports
3                        ========================
4
5
6See the web site for a more complete and current list:
7
8        http://www.proftpd.org/platforms.html
9
10If you have successfully built and run ProFTPD on a platform not listed,
11you are invited to share your experience.  Please include your platform
12name and version (e.g. `uname -a`), compiler and version, the proftpd
13version (e.g `./proftpd -v`), any optional modules that you are using
14(e.g. `./proftpd -l`), and any special instructions or comments.
15
16        proftpd-devel@proftpd.org
17        http://www.proftpd.org/platforms.html
18
19
20The Linux compilation environment largely depends on the kernel,
21glibc, gcc, and libpam.  So, please either report the versions of
22these components, or the distribution name, version and any patches
23affecting the compilation environment.
24
25
26ProFTPD has been reported to build on the following:
27
28    OS                 Compiler     Comments
29    -----------------  -----------  ----------------------------------------
30    AIX 3.2                         native compiler
31    AIX 4.2                         tested
32    AIX 4.2.1          gcc 2.95.2   see README.AIX
33    AIX 4.2.1          cc 4.4       see README.AIX
34    AIX 4.3.3          cc 4.4       see README.AIX
35
36    BSDI 2.x                        possibly
37    BSDI 3.1                        tested; use gmake instead of make
38    BSDI 4.0
39
40   ?BSD/OS 4.1
41   ?BSD/OS 4.2
42
43    Compaq Tru64 5.0A
44    Compaq Tru64 5.0B
45    Compaq Tru64 5.1B
46
47    DEC OFS/1                    native compiler
48    Digital UNIX 4.0A
49
50    FreeBSD 2.2.7                   tested, see README.FreeBSD
51    FreeBSD 3.3                     see README.FreeBSD
52    FreeBSD 3.5        gcc          see README.FreeBSD
53    FreeBSD 4.1        gcc
54    FreeBSD 4.2        gcc
55    FreeBSD 4.3        gcc
56    FreeBSD 4.4        gcc
57    FreeBSD 4.5        gcc
58    FreeBSD 4.6        gcc
59    FreeBSD 4.7        gcc
60    FreeBSD 4.8        gcc
61    FreeBSD 4.9-PRERELEASE
62    FreeBSD 5.0        gcc
63
64    HP/UX 10.x
65    HP/UX 11.x                      native compiler or gcc
66
67    IRIX 6.2
68    IRIX 6.3                        native compiler or gcc
69    IRIX 6.4                        tested
70    IRIX 6.5           cc 7.30
71
72    Linux              gcc          kernel 2.0.x, 2.2.x or 2.4.x
73                                    glibc2 (libc6) required
74    MacOS X
75
76    NetBSD 1.4         gcc
77   ?NetBSD 1.5         gcc
78    NetBSD 1.6.1       gcc
79
80    OpenBSD 2.2
81    OpenBSD 2.3
82    OpenBSD 2.6        gcc
83    OpenBSD 2.7        gcc
84    OpenBSD 2.8        gcc
85
86    Solaris 2.5        gcc 2.91.66  see README.Solaris2.5x
87    Solaris 2.5.1      gcc          see README.Solaris2.5x
88    Solaris 2.6
89    Solaris 7
90    Solaris 8          cc 5.0
91    Solaris 8          gcc 2.95.2
92    Solaris 9          gcc 2.95.3
93
94    UnixWare 7                      see README.Unixware
95
96Linux distributions:
97   ?Caldera 2.3        gcc
98    Conectiva 5.0      gcc          bundled
99    Debian 2.2         gcc
100   ?Immunix 6.2        gcc
101    Mandrake 7.2       gcc
102    Red Hat 6.2        gcc
103    Red Hat 7.0        gcc
104    Slackware 7        gcc
105    SuSE 6.4           gcc
106    Trustix 1.2        gcc 2.95.2   bundled
107   ?TurboLinux 6.0     gcc
108