2019-07-15 / Folus Wen

Actions:
1. Add pure-ftpd-1.0.49 GPL software.

Files:
1. As follow commit history.

Image version: XXXXXXXX
Image checksum: XXXXXXXX

Hardware PWB P/N: XXXXXXXX
Hardware Version: XXXXXXXX

EVSE/GPL/Makefile

@@ -152,5 +152,11 @@ binutils:
 	make -C binutils-2.29.1 CC=$(CROSS_COMPILE)gcc
 	make -C binutils-2.29.1 CC=$(CROSS_COMPILE)gcc install
 
-
+pure-ftpd:
+	echo "pure-ftpd-1.0.49"
+	cd pure-ftpd-1.0.49/;./configure  --host=arm-linux-gnueabihf --prefix=$(shell pwd)/pure-ftpd-1.0.49/release CC=$(CROSS_COMPILE)gcc AR=$(CROSS_COMPILE)ar RANLIB=$(CROSS_COMPILE)ranlib STRIP=$(CROSS_COMPILE)strip CXX=$(CROSS_COMPILE)g++ ;cd ../	
+	make -C pure-ftpd-1.0.49 CC=$(CROSS_COMPILE)gcc clean
+	make -C pure-ftpd-1.0.49 CC=$(CROSS_COMPILE)gcc
+	make -C pure-ftpd-1.0.49 CC=$(CROSS_COMPILE)gcc install
+	cp -f -r pure-ftpd-1.0.49/release/* ../rootfs/
 

EVSE/GPL/pure-ftpd-1.0.49/.gitignore

@@ -0,0 +1,41 @@
+*.a
+*.log
+*.o
+*.plist
+*.status
+*.tmp
+*~
+.deps
+INSTALL
+Makefile
+Makefile.in
+Vagrantfile
+aclocal.m4
+autom4te.cache
+clang_output_*
+compile
+config.h
+config.h.in
+configuration-file/pure-config.pl
+configuration-file/pure-config.py
+configuration-file/pure-ftpd.conf
+configure
+depcomp
+install-sh
+man/*.8
+missing
+puredb/src/example_read
+puredb/src/example_write
+puredb/src/regression
+src/ptracetest
+src/pure-authd
+src/pure-certd
+src/pure-ftpd
+src/pure-ftpwho
+src/pure-mrtginfo
+src/pure-pw
+src/pure-pwconvert
+src/pure-quotacheck
+src/pure-statsdecode
+src/pure-uploadscript
+stamp-h1

EVSE/GPL/pure-ftpd-1.0.49/.travis-libsodium.sh

@@ -0,0 +1,10 @@
+#! /bin/sh
+
+set -e
+
+git clone https://github.com/jedisct1/libsodium.git --branch=stable
+cd libsodium
+./configure --disable-dependency-tracking --enable-minimal --prefix=/usr
+make -j$(nproc)
+sudo make install
+/sbin/ldconfig ||:

EVSE/GPL/pure-ftpd-1.0.49/.travis.yml

@@ -0,0 +1,30 @@
+dist: trusty
+sudo: required
+
+language: c
+
+compiler:
+ - clang
+ - gcc
+
+before_script:
+ - sudo apt-get install libldap2-dev libmysqlclient-dev libpq-dev libssl-dev
+ - ./.travis-libsodium.sh
+ - ./autogen.sh
+
+script:
+ - ./configure --disable-dependency-tracking --with-everything --with-ldap --with-mysql --with-pgsql --with-tls
+ - make -j$(nproc) distcheck
+ - make distclean
+ - ./configure --disable-dependency-tracking --with-everything --with-ldap --with-mysql --with-pgsql --with-tls --without-privsep
+ - make -j$(nproc) distcheck
+ - make distclean
+ - ./configure --disable-dependency-tracking --with-tls
+ - make -j$(nproc) distcheck
+ - make distclean
+ - ./configure --disable-dependency-tracking --with-minimal
+ - make -j$(nproc) distcheck
+ - make distclean
+ - ./configure --disable-dependency-tracking --with-minimal --without-privsep
+ - make -j$(nproc) distcheck
+ - make distclean

EVSE/GPL/pure-ftpd-1.0.49/AUTHORS

@@ -0,0 +1,342 @@
+Credits for Troll-FTPd are going to the following dudes.
+
+* Original Troll-FTPd authors :
+
+    Arnt Gulbrandsen <agulbra <at> troll.no>
+    Troll Tech AS    <http://www.troll.no/>
+    
+* Original Troll-FTPd contributors :
+
+    Janos Farkas
+    <cmj <at> localnet.com>
+    August Fullford
+    Ximenes Zalteca
+    Patrick Michael Kane <modus <at> asimov.net>
+
+
+Credits for Pure-FTPd are going to the following ones.
+
+* Michal Moskal <malekith <at> pld-linux.org>
+* Arkadiusz Miskiewicz <misiek <at> pld-linux.org> :
+
+    IPv6 support.
+    Polish translation.
+    
+* Michael K. Johnson <johnsonm <at> redhat.com>
+* Kelley Lingerfelt <redhat <at> cococo.net> :
+  
+    PAM support.
+    
+* Sebastian Andersson <bofh <at> diegeekdie.com> :
+
+    ASCII transfers.
+    sendfile() usage.
+    Capability drop.
+
+* Andreas Westin <andwes-8 <at> student.luth.se> :
+
+    FXP support.
+    ftpwho design and reference implementation.
+
+* The OpenBSD team (http://www.openbsd.org/)
+  The NetBSD team (http://www.netbsd.org/)
+  The Regents of the University of California :
+
+    Most of the glob() function, getopt_long() and realpath() replacements.
+
+* The sh-utils team (ftp://alpha.gnu.org/gnu/fetish/)
+
+    getloadavg.c derivative.
+
+* Jason Lunz <j <at> falooley.org> :
+
+    Daemonization (-B).
+    Get rid of -D in favor of <config.h> (thanks to Arkadiusz, too).
+    Fix XML output.
+    Official ninja warrior.
+    First Debian package maintainer.  
+    
+* Mathias Gumz <gumz <at> cs.uni-magdeburg.de>
+
+    German translation.
+
+* Claudiu Costin <claudiuc <at> kde.org>
+
+    Romanian translation.
+    KcmPureftpd author.
+
+* Ping <ping <at> root42.net>
+
+    French translation.
+    
+* Paul Lasarev <paul <at> itk.ru>
+
+    Initial Debian packages.
+    
+* Jean-Mathieux Schaffhauser <jeanmatthieu <at> free.fr>
+
+    Web page logo.
+    GTK configuration interface.
+    Rendez-vous support on MacOS X.
+    Plist output in pure-ftpwho.
+
+* Emmanuel Hocdet <man <at> t-online.fr>
+
+    Nice bug fixes (config file parsers, replycmd) and suggestions.
+
+* Peter Pentchev <roam <at> orbitel.bg>
+
+    Integration to the FreeBSD port collection and FreeBSD improvements.
+    build.sh improvements.
+    
+* Luis Llorente Campo <luisllorente <at> luisllorente.com>
+
+    Spanish translation.
+
+* Sami Koskinen <tossu <at> cc.hut.fi>
+
+    Open a session when using PAM.
+
+* Matthias Andree <matthias.andree <at> stud.uni-dortmund.de>
+
+    -1 option.
+    A lot of code cleanups and robustness fixes.
+    Documentation cleanups.
+    Solaris < 8 portI
+    Fixed Solaris large file support.
+
+* Trilucid (http://www.trilucid.com/)
+
+    Web design of pureftpd.org .
+
+* Isak Lyberth <lyberth <at> users.sf.net>
+
+    Danish translation.
+
+* Bernhard Weisshuhn <bernie <at> weisshuhn.de>
+
+    Spec file fixes.
+    Fixes to the german translation.
+
+* Steve Reid <steve <at> edmweb.com>
+
+    Original SHA1 implementation.
+
+* RSA Data Security, Inc. (http://www.rsa.com/)
+
+    Original MD5 implementation.
+
+* Dmitry Lebkov
+
+    MD5/SHA1 LDAP authentication.
+
+* Sami Farin <safari <at> iki.fi>
+
+    A lot of code cleanups.
+
+* Johan Huisman <sietze.jan.huisman <at> 12move.nl>
+* Jan van Veen <jveen <at> triple-p.nl>
+
+    Dutch translation.
+
+* Thorsten Kukuk <kukuk <at> suse.de>
+
+    LFS fixes.
+    RPM fixes.
+
+* Stefano F. <fs <at> sp.unipi.it> :
+* Alex Dupre <sysadmin <at> alexdupre.com> :
+
+    Italian translation.
+
+* Roger Constantin Demetrescu <roger.demetrescu <at> gmail.com>
+
+    Brazilian Portuguese translation.
+
+* Freeman <freeman <at> ozac.org> :
+
+    "Powered by Pure-FTPd" web button.
+
+* Robert Varga <nite <at> hq.alert.sk> :
+
+    Slovak translation.
+
+* James Metcalf <james <at> asset-ict.com> :
+
+    Complete review of the english doc.
+
+* Im Eunjea <eunjea <at> kldp.org> :
+
+    Korean translation.
+
+* Philip Gladstone <philip <at> okena.com> :
+
+    PureDB speedups.
+
+* Kenneth Stailey <kstailey <at> yahoo.com> :
+
+    Support for load average checks on Solaris.
+    Directory aliases.
+    HPUX support.
+    sendfile() support on HPUX and Solaris.
+
+* Brad Smith <brad <at> openbsd.org> :
+
+    Maintainer of the OpenBSD port.
+
+* Cindy Marasco <cindy <at> getaclue.org> :
+
+    PostgreSQL support.
+
+* Ulrik Sartipy <ulrik <at> raj-raj.net> :
+
+    Swedish translation.
+
+* Nicolas Doye :
+
+    Support for MD5 hashed passwords in MySQL.
+
+* Thomas Briggs <tom <at> sane.com> :
+
+    Implementation of the W3C logfile format.
+    Helped with Tru64 portability.
+
+* Stanton Gallegos
+
+    MacOS X maintainer (see http://fink.sourceforge.net/) .
+
+* Florin Andrei <florin <at> sgi.com> 
+  Chan Wilson <cwilson <at> sgi.com>
+  
+    Implemented load average check on Irix systems.
+
+* Bjoern Metzdorf <bm <at> turtle-entertainment.de>
+
+    Merged MD5/any hash functions for passwords in the PgSQL backend.
+
+* Ben Gertzfield <che <at> debian.org>
+
+    Implemented the extended LDAP schema to support quotas, throttling and
+ratios.
+
+* Akhilesch Mritunjai <mritun <at> me.iitb.ac.in>
+
+    Maintainer of the QNX port.
+
+* Dawid Szymanski <dawszy <at> arhea.net>
+
+    Maintainer of the NetBSD port.
+
+* Kurt Inge Smådal / EasyISP.org <kurt <at> easyisp.org>
+* Brynjar Eide <post <at> mislykket.no>
+
+    Norwegian translation.    
+
+* Gabriele Vinci <gabriele <at> pronto.it>
+
+    Official logo artwork.
+
+* Andrey Ulanov <drey <at> rt.mipt.ru>
+
+    Russian translation.
+
+* Fygul Hether <fzchou <at> mail.nhu.edu.tw>
+
+    Traditional and simplified Chinese translations.
+
+* Jeffrey Lim <jf_____ <at> fastmail.fm>
+
+    A lot of excellent documentation improvements.
+
+* Ying-Chieh Liao <ijliao <at> csie.nctu.edu.tw>
+
+    FreeBSD fixes for pure-mrtginfo.
+
+* Johannes Erdfelt <johannes <at> erdfelt.com>
+
+    Fix error when deleting files with an absolute directory when quotas are
+enabled.
+    RPM spec file improvements.
+
+* Martin Sarfy <xsarfy <at> informatics.muni.cz>
+
+    Czech translation.
+
+* Clive Goodhead <clive <at> swnet.net>
+
+    Implement MYSQLDefaultGID and MYSQLDefaultUID.
+
+* Aristoteles Pagaltzis <pagaltzis <at> gmx.de>
+
+    pure-config.pl rewrite.
+
+* Stefan Hornburg <racke <at> linuxia.de>
+
+    Debian maintainer.
+
+* Mehmet Cokcevik <dns <at> netline.com.tr>
+
+    Turkish translation.
+
+* Torgny Wernersson <torgny <at> ewp.nu>
+
+    Maintainer of the PDF documentation - http://www.pureftpd.org/readme.pdf
+
+* Bánhalmi Csaba <banhalmi <at> enternet.hu>
+
+    Hungarian translation.
+
+* Oriol Magrané <omagrane <at> mediapro.es>
+
+    Catalan translation.
+
+* Volodin D <dv-ml-1 <at> dv.net.ru>
+
+    URL encoding for CLF and W3C log files.
+
+* Jui-Nan Lin
+
+    RFC2640 Support.
+
+* Old Sparty
+
+    --pidfile= option for pure-authd and pure-uploadscript.
+
+* Patrick Gosling
+
+    Fix for file uploads
+
+* Marc Balmer <marc <at> msys.ch>
+
+    TLS support for LDAP.
+
+* Rajat Upadhyaya / Novell
+* Christian Cier-Zniewski <c.cier <at> gmx.de>
+
+    Support for TLS encryption on the data channel.
+
+* Wilco Baan Hofman
+
+    LDAP authentication through binding.
+
+* Todd E Rinaldino / Cpanel
+
+    -J option (set allowed ciphers for SSL/TLS).
+
+* Clement Chauplannaz
+
+    Added support for URI schemes other than LDAP (namely LDAPS) in
+    the LDAP backend.
+
+* Frank DENIS aka Jedi/Sector One <j <at> pureftpd.org> :
+
+    Pure-FTPd project initiator and maintainer.
+    Almost everything else :)
+    
+    
+
+Original license :
+
+Copyright 1995-2000 Trolltech AS. Copyright 2001-2002 Arnt Gulbrandsen.
+Use, modification and distribution is allowed without limitation,
+warranty, or liability of any kind.

EVSE/GPL/pure-ftpd-1.0.49/COPYING

@@ -0,0 +1,29 @@
+
+Pure-FTPd is covered by the following license :
+
+/*
+ * Copyright (c) 2001 - 2019
+ * Frank Denis <j at pureftpd dot org> with help of contributors.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+                  ------------------------------------------
+
+
+  The bsd-glob.c, bsd-glob.h, bsd-realpath.c, bsd-getopt_long.c,
+bsd-getopt_long.h and alt_arc4random.c source files are based on the
+OpenBSD and NetBSD projects and they are covered by the BSD license.
+
+  The original license is enclosed at the beginning of the related files.

EVSE/GPL/pure-ftpd-1.0.49/ChangeLog

@@ -0,0 +1,1864 @@
+
+* Version 1.0.49:
+ - This version fixes a regression introduced in version 1.0.48 that broke
+the external authentication feature. Reported by Peter Hudec, thanks!
+ - Sockets from `pure-authd` and `pure-extauth` are now always owned by
+`root` in order to cope with the absence of `CAP_DAC_OVERRIDE` on Linux.
+Suggested by Arkadiusz Miśkiewicz, thanks!
+
+* Version 1.0.48:
+ - SNI support has been added. A new service, `pure-certd`, can run
+external code written in any language in order to map SNI names to TLS certificates.
+ - External authentication handlers get a new
+`AUTHD_CLIENT_SNI_NAME` environment variable set when the client uses SNI.
+ - TLS certificates and keys can now be in different files.
+ - `make install` does not overwrite existing configuration files any
+more. The example files layout has changed.
+ - TLS 1.3 is enabled when using OpenSSL 1.1.x.
+ - TLS < 1.2 is disabled by default.
+ - Quirks for obsolete OpenSSL versions have been removed.
+ - Username _ftp can be used as an alternative to ftp everywhere.
+ - Password hashing parameters are now chosen according to locally
+available resources. The `pure-pw` command gets to new switches: `-C` (as
+a hint regarding the number of simultaneous login attempts) and `-M`
+(total memory, in MB, to reserve for password hashing).
+ - New translation: Albanian, thanks to Moisi Xhaferaj.
+ - The `PRET` command has been added. It can avoid opening useless data
+connections for nonexistent content.
+ - Dot-files are always displayed. We don't lie any more in some
+commands while not lying in other commands to respect the protocol.
+ - Support for RFC 2640 has been removed from the free version, as it
+was early, experimental, slow, mostly broken and unmaintained code.
+ - The `NLST` command doesn't perform globbing any more.
+ - The `MLSD` command now prepends the path to file names.
+
+* Version 1.0.47:
+ - Unlike other directory listing commands, the STAT command should
+use TLS on the control channel even if TLS has been disabled on the data
+channel. It wasn't the case; this has been fixed. Thanks to Carlo
+Cannas.
+ - Return a 451 error code instead of 226 on aborted uploads.
+ - The system user "_ftp" can be used as an alternative to "ftp" for
+anonymous sessions.
+ - Compatibility with libsodium > 1.0.12 was added (including minimal
+mode).
+
+* Version 1.0.46:
+ - The server can now be linked against OpenSSL 1.1.x with the strict API.
+ - Unmaintained contributions have been removed.
+ - Globbing: the number of * in an expression has been limited to 3.
+
+* Version 1.0.45:
+ - TLS v1.0 sessions are now refused.
+ - Version 1.0.44 didn't properly parse the TLSCipherSuite directive.
+This has been fixed.
+
+* Version 1.0.44:
+ - The Perl and Python wrappers are gone. The daemon can now use a
+configuration file without requiring external dependencies.
+ - Pure-FTPd can now be linked against OpenSSL 1.1.x
+ - The QUIT command didn't work properly when the server was compiled
+without support for RFC2640. This has been fixed.
+ - 3DES was removed from the default cipher suite.
+
+* Version 1.0.43:
+ - Passwords can now be hashed using Argon2.
+ - The -J switch didn't work any more in 1.0.42. This has been fixed.
+ - The default cipher suite was simplified.
+ - Authentication against system accounts is compatible with OpenBSD 6.0.
+ - Fixed: protocol conformance when TLS sessions are refused.
+ - Altlog records can now be sent to `stdout`/`stderr`.
+
+* Version 1.0.42:
+ - Compilation fix for OpenBSD and Bitrig when Pure-FTPd is not
+compiled with libsodium.
+ - The connection is now dropped if HTTP commands are received.
+ - LDAP force_default_gid and force_default_uid now work as documented.
+ - The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
+1.0.22 circa 2009, but disabled back then due to client compatibility
+concerns) is now on by default, except in broken clients compatibility mode.
+
+* Version 1.0.41:
+ - libmariadb is looked for in addition to libmysqlclient
+ - MySQL: my_make_scrambled_password() is not always an exported
+symbol any more, so pure-ftpd now ships a reimplementation.
+ - openssl/ec.h is not available on some Linux distributions that
+disable EC in OpenSSL. This is being tested by autoconf.
+ - New command-line switch: -2/--certfile= to set the path to the
+certificate file when using TLS.
+
+* Version 1.0.40:
+ - Support for TCP_FASTOPEN added on Linux
+ - The LDAP configuration file didn't allow a default gid without also
+defining a default uid. This is no longer the case.
+ - OpenBSD's glob() left the glob_t structure uninitialized if the
+pattern was larger than PATH_MAX, causing globfree() to free() an
+unwanted pointer. The bug was introduced in Pure-FTPd 1.0.34.
+
+* Version 1.0.39:
+ - Explicitly include openssl/ec.h for OpenSSL 0.9.8 (CentOS 5)
+ - Retry if SSL_shutdown() returns -1 and SSL_ERROR_WANT_(READ|WRITE)
+
+* Version 1.0.38:
+ - The default cipher suite is now ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SH
+ - TLS forward secrecy support was added. DH parameters are loaded from
+TLS_DHPARAMS_FILE, if present. ECDH is also supported - Default curve
+is prime256v1 (TLS_DEFAULT_ECDH_CURVE). The best curve is automatically
+selected when using LibreSSL.
+ - scrypt hashed passwords can be used in the MySQL, PostgreSQL and
+LDAP backends.
+
+* Version 1.0.37:
+ - The -C: prefix can be added to the cipher suite in order to make valid
+client certificates mandatory. This is no longer a compile-time option.
+ - The Clear Command Channel (CCC) command is now supported.
+ - pure-config.py is compatible with Python 3.
+ - SSL (v2, v3) is refused by default.
+ - The PureDB backend supports the scrypt function in order to hash
+passwords. This is the preferred algorithm, but requires the presence
+of libsodium.
+ - DES-hashed passwords are not supported any more.
+ - LDAP uid and gid values can over overridden in the LDAP configuration file.
+ - New LDAPUseTLS directive for LDAP.
+ - RC4 was killed.
+
+* Version 1.0.36:
+ - The safe_write()/safe_read() factorization broke extauth. Using
+safe_read_partial() to read from the extauth pipe wasn't enough.
+Bug reported by Rasmus Fauske.
+ - Improved autoconf detection of -fstack-protector and -fPIE
+ - If 10 digits are not enough to print the size of a file in an
+ls-like output, bump the max number of digits to 18. This adds support for
+files up to 1 exabyte.
+ - Pure-FTPd can be compiled with Cygwin, ASLR/DEP is enabled by
+default on Windows, and ASCII downloads on Windows have been fixed.
+ - A new undocumented macro, ALLOW_EVERYTHING_IN_FILE_NAMES, allows
+any characters in a file name. Disabled by default.
+ - Don't display dot files (except . and ..) if dot_read_ok is 0 in
+donlist() - but not in sglob() yet. This change is purely cosmetic. There are
+many ways to figure out if a file exists.
+
+* Version 1.0.35:
+ - Improve compatibility with the Intel and Ekopath compilers.
+ - Use more paranoid compiler options whenever possible, and preliminary
+uncluttering of the autoconf script.
+ - Try to cache locale-related data at startup after tzset(), rather
+than during a session.
+ - Fix quota computation after rename() overwrites an existing file.
+Reported by Hiramoto Koujo, thanks!
+
+* Version 1.0.34:
+ - Fix safe_write() inverted checks that broke uploads.
+
+* Version 1.0.33:
+ - Sync built-in glob(3) code with OpenBSD-current, and remove code we
+don't use instead of ifdef'ing it.
+ - Repair checkproc() on Linux when support for capabitilies is
+compiled in. Reported by Eric Gouyer.
+ - Don't read /dev/*random every time we need a value. Just use
+arc4random() everywhere and seed it before we possibly chroot().
+ - Add support for MFMT, with the same code as SITE UTIME.
+ - Support 2-arguments SITE UTIME.
+ - LDAP: Add LDAPDefaultHomeDirectory, suggested by Landry Breuil.
+ - Add SSL_OP_NO_SSLv3 to SSL options if the list of ciphers is
+prefixed by -S: , needed by Brad.
+ - Remove the various safe_read() / safe_write() instances and
+factorize them in safe_rw.c
+ - Call OpenSSL_add_all_algorithms(), suggested by Brad.
+ - Mention that WinSCP works fine with Pure-FTPd.
+ - On Linux, opening a named pipe that nobody reads with O_WRONLY yields ENXIO.
+The workaround is to opens it O_RDWR. So, just do that.
+
+* Version 1.0.32:
+ - Support SHA1 password hashing in MySQL and PostgreSQL backends
+ - Support for braces expansion in directory listings has been
+disabled - Cf. CVE-2011-0418
+
+* Version 1.0.31:
+ - Introduce --tlsciphersuite (-J) to set the list of allowed ciphers,
+thanks to Todd Rinaldo.
+ - The -F switch has been documented in the built-in help.
+ - Shell-like escaping is now partially handled when emulating the "ls"
+command.
+ - Use my_make_scrambled_password() instead of make_scrambled_password().
+Suggested by Arkadiusz Miskiewicz.
+
+* Version 1.0.30:
+ - Use malloc() instead of an ever-growing stack in pure-quotacheck.
+Fixes quota computation on a large number of files. Problem initially
+reported by jeff at cpanel dot net.
+ - Treat OPTS UTF-8 like OPTS UTF8. Suggested by yjfan at longtop dot
+com.
+ - Empty the command-line buffer after switching to TLS. Fixes a flaw
+similar to Postfix's CVE-2011-0411.
+ - Provide ANSI-compliant MySQL configuration example.
+ - Fix some issues with man pages.
+
+* Version 1.0.29:
+ - max_dlmap_size was size_t instead off_t, causing misalignment while
+downloading > 4 Gb files on a 32-bits arch. Reported by Viktor Butskih.
+ - pread() vs lseek()+read() was a useless optimization, since pread()
+doesn't change the file position and further reads weren't going through
+plain read() calls.
+ - iconv_fd_* should be initialized by (iconv_t) -1 as we test them upon
+exit. Fixes segfaults on glibc.
+ - pure-uploadscript tries to reach the pipe during 30 seconds instead of 10.
+
+* Version 1.0.28:
+ - FTPD_PAM_SERVICE_NAME can be defined in order to change the PAM service
+name.
+ - When an upload gets renamed (--autorename), send the new name to the
+uploadscript instead of the original one.
+ - The ALLO command now checks for the actual disk space in addition to the
+virtal quota.
+ - Work around OSX broken poll()
+ - After an atomic resumed upload, don't append the previous file size to the 
+quota.
+ - Always accept OPTS UTF8 ON, but refuse OPTS UTF8 OFF if client_charset is 
+ UTF8.
+ - Fix AUTHD_ENCRYPTED 
+ - Reset the CWD failures counter after a successful directory has been
+created. It avoids spurious disconnections with ncftp.
+ - Support for iPhone has been moved to another branch.
+ - Fix crash with PostgreSQL.
+
+* Version 1.0.27:
+ - Have pureftpd_shutdown() shut the server down even if a client is
+connected on iPhone.
+ - Allow users with no quota to delete .pureftpd-upload-* files.
+ - Unbreak ipv6 support, reported by Brad Smith.
+ - Disable SSLv3 renegotiation if an old SSL library is used. If you really
+want to re-enable SSLv3 renegotiation, even with a recent library, you can
+always define ACCEPT_SSL_RENEGOTIATION.
+
+* Version 1.0.26:
+ - Fix incompatibilities with Cyberduck when TLS is enabled.
+ - Don't TLS_accept() immediately after accept(). Reply on the connection
+socket first, so that clients don't have to wait before knowing that they
+can actually use TLS. It avoids lags with LFTP and hangs with Cyberduck.
+ - Properly change the process name on Linux when the -S option is used, by
+Margus Kaidja.
+ - Unbreak authentication of non-chrooted users. Thanks to Juergen Daubert
+for the bug report.
+
+* Version 1.0.25:
+ - Show symlinks as symlinks in MLSD, except when the broken client
+compatibility mode is turned on and links are not dangling (just like the
+old LIST and NLIST commands). Reported by Mime Cuvalo.
+ - More gcc 2 compatibility, thanks to Todd Rinaldo.
+ - Properly handle custom paths in man pages. Thanks to Scott Haneda and
+Mathieu Parisot.
+ - Have $localstatedir default to /var as it used to be unless
+--localstatedir=... is explicitly passed to ./configure
+ - Use @VERSION@ in man pages.
+ - --without-pam disables PAM on OSX and iPhone.
+ - Allow cross-compilation.
+ - Experimental iPhone target.
+ - Change the way it links, building a library first.
+ - Don't use mmap() any more for downloads. It's too slow.
+ - Don't use hard-coded paths in order to find MySQL and PostgreSQL
+libraries and header files. Use mysql_config and pg_config instead.
+Suggested by John Alberts.
+ - Log the DELE command similar to the RETR and STOR commands. Suggested by
+Martin Fuxa.
+ - The primary group gets cached so that it's always displayed in directory
+listings.
+ - Avoid a client process to burn CPU in an infinite loop if the command
+channel gets disconnected before the data channel. Reported by Thomas Min
+and Margus Kaidja.
+ - Restore the traditional behavior of a download restarting at the end of a
+file. For some weird reasons, some clients still insist on doing that. Don't
+send a 55x return code, just let them download... nothing.
+ - Documentation updates.
+
+* Version 1.0.24:
+ - Refuse empty passwords in LDAP bind mode. Reported by Henning Brauer.
+ - The package can now be compiled with gcc 2.
+
+* Version 1.0.23:
+ - LDAP: accept "enabled" as a correct value for FTPStatus as it used
+to be.
+ - More useful error logging for OpenSSL errors.
+ - Don't read certificates twice.
+ - Fix compilation on Solaris with privsep, thanks to Ritesh Patel.
+ - Don't replace : (as in IPv6 addresses) in host names. Thanks to Tero
+Pelander.
+ - Add SUP top AUXILIARY to LDAP schema, suggested by Zhang Huangbin.
+ - Don't ignore dot files even if -D is not supplied with the MLSD command.
+ - Deinline code
+ - Throttling more reliable
+ - STAT is now working over TLS
+ - DH keys for ephemeral key exchange are now handled
+ - Fix libiconv checking
+ - The column was missing in the PassivePortRange comment (thanks to Igor
+Alexadrov)
+ - LDAP authentication through binding is now possible in addition to
+passwords. This allows for the FTP server to run with an unprivileged LDAP
+account. It also adds a warning if auth method password is used and doesn't find
+a userPassword attribute. This usually indicates that the LDAP bind DN
+cannot read the attributes, because it doesn't have sufficient privileges.
+Contributed by Wilco Baan Hofman.
+ - Perform charset conversions on directory names. Issue spotted by Xianghu
+Zhao.
+ - Almost a complete rewrite of the upload, download and TLS code for more
+reliability
+ - Seemlessly handle ABOR without any SIGURG
+ - Try to immediately handle any kind of disconnection
+ - Use poll() rather than select() as much as possible
+ - Distinguish aborted (even the hard way) and completed download and upload
+operations in log files
+ - Minor corrections to he French messages
+ - Don't use atomic uploads unless --notruncate or --autorename have been
+enabled
+ - Take care of removing .pureftpd-upload-* files in every possible case
+ - List up to 10000 files per directory per default instead of 2000
+ - Don't mess with TCP_NOPUSH, as it interferes with OpenSSL
+ - New compile-time option: --with-implicittls in order to build a FTPS-only
+server
+ - ./configure --localstatedir can now be used in order to avoid storing the
+scoreboard and other dynamic files in /var/run/
+ - Quota handling reworked (easier, and way more reliable)
+ - RNTO support even when quota are enabled.
+ - A bunch of return codes were fixed to be more RFC-conformant.
+ - ALLO command is now actually checking if an upload can occur without
+blowing the quota.
+ - Don't change the TCP window size. Admins should do this as part of their
+system configuration.
+ - Privsep is now enabled by default. Use --without-privsep to disable.
+ - --without-banner is gone. If you have a cookie file (-F), the default
+banner won't be displayed.
+ - Compile with PAM by default on OSX.
+ - Switch the privsep process to _pure-ftpd or pure-ftpd when no privileged
+call is actually necessary. Since only the effective uid chances, it's not
+brutally useful yet, but it paves the way for forthcoming changes.
+ - Install man pages with local paths instead of hard-coded ones.
+
+* Version 1.0.22:
+ - New catalan translation, by Taik0.
+ - TLS support for LDAP, contributed by Marc Balmer.
+ - pureftpd.schema contained two errors. Reported by Ulrich Zehl.
+ - Fix usage of MySQL 5 stored procedures, by Bernhard Fischer.
+ - Don't issue a warning in ./configure when the certfile does exist.
+Reported by Michael Bowe.
+ - Have LDAP FTPStatus work since the schema changed. Thanks to David Majorel.
+ - Compatibility with newer OpenLDAP versions. Thanks to Johan Ström.
+ - Don't hang up during uploads if we get any other command than QUIT and
+ABORT.
+ - SITE UTIME reads UTC time
+ - A space is needed for inline content in response to the MLST command.
+ - Time zone issues should be fixed for good. We have to redefine TZ,
+tzset() is not enough on Linux when we are in a chroot environment.
+ - Correctly respond to FEAT without removing extra features when passive
+mode is disabled. Thanks to upb.
+ - Better process name change setup for Linux.
+ - Auto-created home directories are now created with mode 0777 (and
+directory umask is applied), per common request. It's very important to
+double check your umask.
+ - Extend gid / uid to 10 digits in ls output. Extend file size as well.
+ - Brazilian portuguese translation was updated.
+ - Support new MySQL password scrambling, thanks to Jan Hudoba.
+ - Larger mmap() chunks: downloads needs less CPU usage on platforms with
+slow mmap() like OpenBSD.
+ - Fix SecureFX compatibility.
+ - Use PQescapeStringConn() for PostgreSQL instead of hand-made escaping.
+ - messages_check.pl had to leave the package as it was GPL-licenced.
+ - Don't respond to server that an upload succeeded before the temporary
+file has been renamed.
+ - TLS support on data channels, contributed by Rajat Upadhyaya from Novell
+and Christian Cier-Zniewski.
+ - Use sendfile() on recent Solaris versions in place of sendfilev().
+ - Don't use a deprecated interface for Bonjour registration.
+ - Tell authentication handlers if the connection is encrypted or not,
+through a new AUTHD_ENCRYPTED environment variable. Suggested by Koczka
+Ferenc.
+ - README.Netfilter has been removed.
+ - Create all directories, not only the basement when on-demand directory
+creation is enabled and the user's home directory looks like /basement/./user.
+Suggested by Frederico Gendorf.
+ - Fixed error reporting when TLS support was compiled in, but TLS wasn't
+enabled on the current session. Thanks to Arkadiusz Miskiewicz.
+ - Log full path on file deletion. Thanks to Arkadiusz Miskiewicz.
+ - Handle "ftp" and "anonymous" like normal accounts (with passwords) if -E
+(no anonymous logins) is specified. Thanks to Arkadiusz Miskiewicz.
+ - Sleep before answering a password failure, not the other way round. From
+PLD Linux.
+ - Fix gcc warning in puredb.
+ - In broken mode, show symlinks as their real target. It can have side
+effects, don't forget that broken mode is... broken mode.
+ - Respect aliasing rules for sockaddr_storage usage.
+ - Privsep is enabled by default in the installation GUI.
+ - --with-everything now includes privsep.
+ - update: fix compilation with gcc 2.x, reported by John Lightsey.
+
+* Version 1.0.21:
+    When SHA1HANDSOFF is defined, we shouldn't cast a pointer to a large union
+to a char buffer, because of alignment required by some architectures.
+    WITH_THROTTLING should actually be THROTTLING in src/log_extauth.c . It
+fixes throttling with extauth. Reported and fixed by Marcus Merighi
+<mcmer at tor.at> through Brad our beloved OpenBSD maintainer.
+    Rendezvous has been renamed Bonjour.
+    A double-close in the CHMOD command has been fixed, reported by Christer
+Mjellem Strand.
+    The old PAM sample has been removed.
+    -F option added to pure-pw.
+    MAX_USER_LENGTH has been bumped to 127 due to popular demand.
+    pam/* can now be used if security/* doesn't exist. Fixes PAM
+detection on MacOS X.
+    Call tzset() in chrooted apps in order to get correct time zones in
+syslog messages.
+    simplify() simplifies paths ending by /. and /..
+    MySQL's hash_password() needs 3 arguments since mySQL 4.1.
+    Experimental support for RFC2640 (UTF-8 filename encoding) has been
+added, derived from code by Jui-Nan Lin.
+    The LDAP schema has been changed: FTPStatus should be a boolean.
+    New switch: -p (--pidfile=) for pure-authd and pure-uploadscript, by Old
+Sparky.
+    By popular request, even non-chrooted users are now denied access if their
+home directory is not mounted.
+    If die() is called during a TLS-enabled session, encrypt the death
+message. Contributed by Cynix.
+    Don't wrongly abort transfer during file upload. Fix by Patrick Gosling.
+    WITH_LARGE_FILES is now defined by default.
+    sendfile64() support on Linux.
+    privsep and main processes were swapped out so that pure-ftpwho displays
+the right pid.
+    OPTS MLST has been implemented.
+    SITE UTIME has been implemented.
+    TCP_CORK is on by default again. A new configure switch, --without-cork,
+can disable it.
+    Correctly format %c and %% in fakesprintf().
+    The connection socket is now created with the Nagle algorithm disabled.
+It was the trick to dramatically improve performance when transferring a lot
+of small files.
+    Updated getopt_long() and realpath() substitutes.
+    Allow logging to named pipes (thanks to Steve Marple).
+    Use CLIENT_MULTI_STATEMENTS while connecting to a MySQL server.
+    Documentation updates.
+    MySQL errors are now logged.
+
+* Version 1.0.20:
+    MacOS X Panther and Tiger sometimes returns EAI_SYSTEM (errno=ENOENT)
+when a host is not found.
+    The BSD getopt() update has been partly reverted.
+
+* Version 1.0.19:
+    Until OpenBSD has UBC, we need to explicitly call msync() to
+synchronize data written by mmap() and read by read().
+    Real disk space is no more shown unless SHOW_REAL_DISK_SPACE is defined.
+    Fygul's email address has changed.
+    Don't try to catch SIGKILL any more, it's uncatchable.
+    PureUserAdmin was added to the contribs.
+    getopt_long() was resynced with the OpenBSD version.
+    The client socket switches to non-blocking mode before forking in
+accept_client() - reported by Agri <agri at desnol.ru>.
+
+* Version 1.0.18:
+    Autoconf was bumped to 2.59, automake to 1.8.
+    The sample source code in README.Authentication-Modules was bogus
+because of a missing 'echo end' statement. Thanks to Peter Ahlert
+<petera at gmx.net> for reporting this.
+    New translation : hungarian. Contributed by Bánhalmi Csaba
+<banhalmi at enternet.hu>.
+    New translation : catalan. Contributed by Oriol Magrané
+<omagrane at mediapro.es>.
+    Max CPU time was bumped to 60 min.
+    Disable hash_password() function call on MySQL 4.1.x and later.
+    We now use two listening sockets (listenfd / listenfd6), one for IPv4, one
+for IPv6. The standalone_server() function has been reworked and split.
+    New urlencode() function to escape characters in W3C and CLF altlog files.
+Based upon a suggestion and a patch by Volodin D.
+    The xferlog format was also implemented by the way.
+    New global : no_ipv4 to only listen to IPv6 in standalone mode.
+    Use closefrom() if available to close all descriptors.
+    Support for Rendezvous on MacOS X by Jean-Matthieu Schaffhauser.
+    Support for Apple / GNUSTEP plist data output in pure-ftpwho, also by
+Jean-Matthieu Schaffhauser.
+    The FileInfo structure was renamed PureFileInfo to avoid a name clash on
+Darwin.
+    A lot of compile-time default values like GLOB_TIMEOUT, MAX_CPU_TIME and
+MAX_USER_LENGTH, are now overridable without any change to src/ftpd.h
+    ENABLE_UNICODE_CONTROL_CHARS has been replaced with
+DISABLE_UNICODE_CONTROL_CHARS and a new switch, --without-unicode, defines
+that macro.
+    Unlink the right pid files in pure-authd and pure-uploadscript. Reported
+and fixed by Oscar Sundbon <moose at djuren.org>.
+
+* Version 1.0.17a:
+    FD_SET(-1, ...) is invalid, but it could happen on aborted transfers,
+causing Pure-FTPd to exit without removing ftpwho entries nor atomic files.
+    safe_fd_set() has been introduced to solve this, it just works like
+safe_fd_isset() and ignores descriptor -1 and it has been placed on the same
+places.
+
+* Version 1.0.17:
+    Some fixes were made to the traditional Chinese translation by Flaw Zero
+<flawzero at eyou.com>.
+    Autoconf was upgraded to 2.58.
+    TLS_CERTIFICATE_PATH has been renamed TLS_CERTIFICATE_FILE.
+    --with-certfile has been added to ./configure to set up a value for
+TLS_CERTIFICATE_FILE. The default value has been reverted to
+/etc/ssl/private/pure-ftpd.pem.
+    Solaris NIS accounts can now be converted using pure-pwconvert.
+    Don't drop capabilities too early, or even chroot will be prohibited.
+Thanks to Arkadiusz Patyk, Li-Ren and Philipp Kern for their report.
+    Negative return codes are not used any more - reported by Andrew Victor
+<andrew at sanpeople.com>
+    System users whose password is '********' are now imported by
+pure-pwconvert (for newer MacOS X).
+    New file : README.MacOS-X.
+    Use SO_REUSEPORT in place of SO_REUSEADDR to bind the ftp-data port on
+FreeBSD. Suggested by Henri Virtanen <hvirtanen at daous.com>.
+    Big change in the way upload are handled. We now maintain a per-process
+unique file name in an "atomic_prefix" global. This is the name of a temporary
+file that is actually used for upload, through the get_atomic_file() function
+that adds the basename if needed. Once the upload is completed or aborted, the
+temporary file is renamed. Or hard links are created when autorename is asked
+for (autorename happens after the upload now, not before). It changes a lot of
+stuff in dostor(), but it makes the whole thing easier and atomic uploads are
+really nice for the end user. --no-truncate (and the global no_truncate) can
+keep the old file when a new version of a file is being uploaded.
+    Redundant calls to get_usec_time() were removed.
+    Julien Andrieux's parser has been added to contribs.
+    Errors when SSL certificates are missing are more explicit.
+    The SITE TIME command was implemented. Suggested by Mark.
+    A new sample of a PAM configuration file has been written. The previous
+one is still available as pure-ftpd.old.
+
+* Version 1.0.16c:
+    We should disable the raw mode and send full HTML headers in CGI mode.
+Reported by Bernard Lheureux <bernard.lheureux at bbsoft4.org>
+    Spelling errors were fixed in the .no translation by Brynjar Eide
+<post at mislykket.no>
+    Always try to include sys/param.h before sys/mount.h in the autoconf
+script. Patch by Brad Smith <brad at openbsd.org>.
+    FAQ addition regarding the STOU command. Written by C. Jon Larsen
+<jlarsen at richweb.com>
+    PAM was broken in 1.0.16b due to PAM_SUCCESS not being copied to the right
+slot. It has been fixed.
+    Automake has been updated to 1.7.8.
+    configure.ac has been cleaned up a bit regarding the conditionnal inclusion
+of stdlib.h/unistd.h .
+    RPMs are now built with largefile support, privsep and sysquotas by
+default.
+
+* Version 1.0.16b:
+    PAM fixes.
+    TLS should now compile on RedHat 9 that moved Kerberos headers to
+a specific directory.
+    free(NULL) is ok => all code like "if (<value> != NULL) free(<value>);" 
+has been simplified.
+    Automake has been upgraded to 1.7.7, Autoconf to 2.57a.
+    The sysconf prefix is now used for SSL certificates as well.
+    We break'ed too early when trying to resolve host names in
+pure-ftpwho and the local host name couldn't even be resolved. The problem was
+introduced in 1.0.16 when the MacOS X Panther workarounds were implemented.
+    Thanks to JG <jg at cms.ac> for his bug report.
+    /usr/local/include, /usr/kerberos/include and /usr/local/lib are only
+added to CPPFLAGS/LDFLAGS if they actually exist.
+    pure-ftpwho now outputs XHTML 1.1 conformant code in CGI mode.
+    pure-ftpwho now properly escapes XHTML special characters.
+    pure-ftpwho now announces the ISO-8859-15 character set in XML mode.
+    Disable IPV6_V6ONLY by popular request by people lost with the need of the
+-4 switch on some operating systems.
+
+* Version 1.0.16a:
+    Fix typo (sizeof_resolved instead of sizeof resolved) in
+src/bsd-realpath.c . Not a vulnerability because it happens in the good way,
+but it sometimes used to break uploadscript.
+
+* Version 1.0.16:
+    An obsolete comment in pure-ftpd.conf was fixed : RPMs don't parse
+/etc/sysconf/pure-ftpd any more.
+    Recognize the '##' prefix as a shadowed password - make
+authentication work on Solaris with shadow/NIS.
+    Add back some random sleep() between authentication failures in
+addition to the exponential sleep. Zzzzz... sleeping is good in summer...
+    Upgrade to automake 1.7.5.
+    The list of options in the pure-ftpd(8) man page was reordered -
+Thanks to our beloved Claudiu Costin.
+    SSL/TLS support was added (bits in src/{ftpd.c,ftp_parser.c,tls.c,tls.h,
+configure.ac}, new doc: README.TLS, new globals: tls_ctx, tls_cnx). New
+related commands were introduced : AUTH, PBSZ and PROT.
+    Uploaded files are now removed when realpath() fails and
+bsd_realpath() was modified to fall back to getcwd()/chdir() if we
+can't get a descriptor on the current directory because it is not
+readable. It fixes pure-uploadscript on some platforms like MacOS X.
+    HAVE_BROKEN_REALPATH is gone. USE_BUILTIN_REALPATH is born.
+    A typo in the Python configuration file wrapper was fixed : -t was used in
+place of -y.
+    MacOS X Panther has a lousy getnameinfo() implementation that doesn't fill
+the buffer when no DNS entry is found for a host and a numerical result wasn't
+explicitly asked. As a result, Pure-FTPd didn't even start on Panther (saying
+"bad IP address") . We now check for EAI_NONAME if available and we retry with
+NI_NUMERICHOST if this is what getnameinfo() returns. Thanks to Yann Bizeul
+for his valuable help on this issue.
+    Implement a working strdup() replacement in puredb for systems lacking it.
+    Some MAXPATHLEN / MAXPATHLEN + 1 cleanups. Basically when paths are
+generated by our own functions, we use MAXPATHLEN for the complete
+zero-terminated string. When a buffer is passed to a libc function, we reserve
+a MAXPATHLEN + 1 buffer and give a MAXPATHLEN size, just to avoid bad
+surprises if an off-by-one ever occurs in a getcwd() like function.
+    Don't use make_scrambled_password() in the MySQL backend because the API
+changed since MySQL 4.1.
+    Removed fixed-size constant arrays in src/crypto.c because of MacOS X
+linker bugs (grrr...) .
+
+* Version 1.0.15:
+    New translation : Turkish, contributed by Mehmet Cokcevik
+<dns at netline.com.tr> .
+    PostgreSQL documentation templates have been fixed - At least User
+is a reserved keyword that needs quotes. Thanks to Henrik Edlund
+<henrik at edlund.org> .
+    The maximal length of an account has been bumped a bit (42 chars),
+and that size is now consistent across functions through the
+MAX_USER_LENGTH macro. Thanks to Darth Vader (freddyke) for suggesting
+this.
+    The comment about the location of the config file in the RedHat
+init script was synced with the new location.
+    Tokens in the configuration file are now case independent.
+    Automatic creation of home directories was fixed. Thanks to 
+Anthony DeRobertis for the fix.
+    A typo in quota handling was fixed.
+    Cable & Wireless NL is now WideXS and their mirror seems to be
+working again.
+    Always fill descriptors 0/1 in order to make pure-uploadscript
+actually work when daemonizing. Thanks to Joerg Pulz
+<Joerg.Pulz at frm2.tum.de> for pointing this out.
+    Don't open pipes with O_NDELAY, some systems don't like it at all.
+As a side effect, the server will now wait until pure-uploadscript is
+actually started before accepting connections and this is a _good_ thing.
+    The server load is not displayed any more, by popular request.
+    The version number isn't displayed any more as well.
+    GNU's getopt_long() has been replaced by an OpenBSD derivative.
+    --without-longoptions has been removed. We keep the old macros and
+#ifdef though, just in case we want to improve the minimal mode later.
+    New unofficial macro : DISPLAY_FILES_IN_UTC_TIME to display directory
+listings with UTC times.
+    The danish translation was updated - Lyberth.
+    pure-pw now returns error codes.
+    WIN32_ANON_DIR can override the default anonymous FTP directory on
+Win32.
+    Fix "pure-pw usermod -y" by introducing has_per_user_max.
+    New subcommand : "pure-pw list", that summarizes available
+accounts in a puredb.
+    Enlarge TCP window as it was a long time ago. It brings better
+performances on BSD systems. Define NO_TCP_LARGE_WINDOW to disable.
+    Try to early detect timeouts by checking whether select() returns 0.
+    Don't try to reduce capabilities if we obviously can't because the
+server has not been started by root.
+    Pure-FTPd is now 100% covered by the BSD license.
+
+* Version 1.0.14:
+    Use random() if available, not rand() for fortune cookies.
+    Remove broken lseek(fd, -1, 0).
+    When writing to clients data sockets fails, the client probably
+hung up. IE, for instance, doesn't seem to properly abort transfers
+and say "QUIT" when a transfer is canceled by the user. So, log
+MSG_ABORTED instead of MSG_DATA_WRITE_FAILED.
+    Check whether we are inside a Virtuozzo virtual environment and
+disable sendfile() if this is the case. Thanks to Kittiwat Manosuthi
+for his help on this issue.
+    Automake has been upgraded to version 1.7, autoconf to version 2.57.
+    Introduce privsep.h, privsep_p.h, privsep.c and --with-privsep.
+    Drop capabilities after the call to nice() because we need
+CAP_SYS_NICE.
+    Don't waste time with in dopasv() to get the name of the socket we
+just created.
+    Add "ptracetest".
+    Enable __EXTENSIONS__ and _XPG4_2 on Solaris in ./configure.ac
+    Also check whether a client has gone away by testing xferfd and
+introduce safe_fd_isset() that just works like FD_ISSET() but doesn't
+choke when the descriptor is -1. It fixes bus errors on FreeBSD.
+    Add force_passive_ip_s in order to store the argument of -P.
+Passive IP addresses are now resolved in doit() for every new
+connection, by popular request. It means that "-P ftp.example.com" now
+works, even for dynamic addresses.
+    Split the function that creates an active data socket into two
+parts : doport2() and doport3(). doport3() actually creates it,
+doport2() does other gadgets like checking for FXP, etc.
+    Carefully check whether we have OpenBSD/MicroBSD-like MD5/SHA1
+functions in libc and not an incompatible variant like Cyrus SASL.
+    The "Welcome to Pure-FTPd" decorations were replaced with
+something more neutral.
+    Introduce ISCTRLCODE() instead of doing it by hand every time and
+properly reject Unicode control chars while we are at it.
+    New contrib : Webmin module, by La Shampoo.
+
+* Version 1.0.13a:
+    Fix pure-config.pl with old versions of the Perl interpreter.
+    Fix compilation with PostgreSQL, thanks to Sakari Tanhua 
+<stanhua at cc.hut.fi> .
+    
+* Version 1.0.13 :
+    Swap simplified and traditional chinese settings. Reported by Ying-Chieh
+Liao <ijliao at csie.nctu.edu.tw> .
+    Ignore ESTA if a passive IP is forced or the NAT mode is enabled, because
+the private address is probably meaningless.
+    README documentation improvements, contributed by Jeffrey Lim
+<jf_____ at fastmail.fm>
+    Avoid NGROUPS_MAX when possible - Idea from tuxfamily.org CVS tree.
+    LDAP schema changed to work with newer OpenLDAP releases.
+    New LDAP directives : LDAPFilter, LDAPHomeDir and LDAPVersion.
+    Be a bit more heavy when creating home directories, it should solve
+troubles users had with path containing extra slashes.
+    Try again when the pipe can't be opened in pure-uploadscript.
+    New --with-boring switch (BORING_MODE macro) .
+    Fix sendfile() support on Solaris, thanks to Emmanuel Hocdet
+<man at t-online.fr>
+    Add uptime support for pure-mrtginfo on FreeBSD. Contributed by
+Ying-Chieh Liao <ijliao at csie.nctu.edu.tw> .
+    Fix error when deleting files with an absolute directory when quotas are
+enabled. Contributed by Johannes Erdfelt <johannes at erdfelt.com> .
+    dobanner() rewritten. It's now the same code to display .message and
+.banner files and the content is sent line by line. We can't afford to load
+everything and simply call addreply_noformat(), because if a banner starts
+with a digit, it would be complicated to insert spaces to be RFC conformant.
+    Fix typo in the example configuration file (pureftp -> pureftpd) .
+Reported by Kyle Herbert (http://www.firstnetimpressions.com/) .
+    Spanish translation updated (Lluis) .
+    Chinese translation updated (Fygul) .
+    There's now an unique official spelling : "Pure-FTPd".
+    Autoconf 2.54, Automake 1.6.3.
+    Move getloadavg() and similar functions to getloadavg.{h,c}.
+    Get the 5-min load average, not the instant load.
+    Raise the default maxdiskpct from 90% to 99%, as many people don't figure
+out why they can't upload an ISO image when there's 700Mb free on a
+7Gb partition.
+    Relax permissions enforcement in dochmod() when quotas are enabled
+- Thanks to Claudiu.
+    Introduce checkprintable() function in ls.c : don't display files
+whose name contains characters < 32.
+    Contributed sfv-crc-check has been removed (people reported that it simply
+doesn't work) .
+    PAM sample fixed : ftplockout should really be ftpusers. Add some
+common system accounts by the way.
+    More flexible RPM spec file, contributed by Johannes Erdfelt
+<johannes at erdfelt.com> .
+    New translation : Czech, contributed by Martin Sarfy
+<xsarfy at informatics.muni.cz> .
+    Merge Clive Goodhead's patch to implement MYSQLDefaultGID and
+MYSQLDefaultUID and port it to PostgreSQL.
+    pure-config.pl has been completely rewritten in a clean way by
+Aristoteles Pagaltzis <pagaltzis at gmx.de> .
+    New contrib : pure-vpopauth.pl .
+    Remove backtitle in gui/build.sh, it breaks radio lists on some
+dialog versions.
+    Enable --without-ascii by default on Win32. It means that text
+files must be in Windows format (CR+LF) on the server, no more in an
+Unix fashion, or clients will get bare LFs (and intelligent clients
+will switch to binary mode, so files sent in Unix format will be
+retrieved in Unix format - great) .
+    redhat.init now uses pure-config.pl as different configuration
+files was confusing people.
+
+* Version 1.0.12 :
+    Style : opt_l_ is now an argument of donlist() - no more need to set
+up the global variable before calling the function.
+    A (fake for now) ACCT command has been added. Maybe it will solve a
+conflict with some versions of Fetch for Macintosh.
+    NLST and MLSD should be able to handle only one file. Don't split file
+names, don't parse options. Reported by Martin Hedenfalk.
+    Support for sendfile() on HPUX and sendfilev() on Solaris. Contributed
+by Kenneth Stailey.
+    Don't display "you are user number 0".
+    Check whether we have pread() in configure.ac .
+    Remove dead scoreboard files in pure-ftpwho, even those whose status
+isn't marked as free.
+    New translation : Russian. Contributed by Andrey Ulanov
+<drey at rt.mipt.ru> .
+    New translations : simplified and traditional Chinese. Contributed
+by Fygul Hether <fygul at fgs.org.tw> .
+    New IPv6_OK message to tell people when a server also accepts IPv6
+connections if DISPLAY_IPV6_OK is defined.
+    In extauth, there's no more need to fill fields except auth_ok
+when authentication is refused (auth_ok = {0,-1}) . uid/gid/dir are only
+checked with auth_ok = 1. It's then easier to chain other authentication
+modules.
+    Linux binaries will now be linked against GlibC 2.2.x .
+    Use the non-root mode for the Windows port.
+    Don't forget to retrieve LDAP_FTPUID and LDAP_FTPGID when fetching
+LDAP info.
+    Introduce closedata() to close the data socket. It avoids
+duplicate code. opendata() now returns void : the result is in the
+xferfd global.
+    fakesnprintf() now supports %c.
+    Implement FTP Data Connection Assurance
+(http://www.ietf.org/internet-drafts/draft-ietf-ftpext-data-connection-assurance-00.txt)
+    Buglets fixed in the PostgreSQL documentation.
+    Pure-FTPd User Manager added to the contribs.
+    Add exponential delay after a 'cd' failure. Suggested by Jim.
+
+* Version 1.0.11 :
+    New translation : Norwegian. Contributed by Kurt Inge Smådal /
+EasyISP.org <kurt at easyisp.org> .
+    Fix typo (RATIO->RATIOS) in log_extauth.c and ratios are now working
+with the extauth module :)
+    Autoconf upgraded to 2.53 .
+    PAGE_SIZE can be non constant. So we try to get it with getpagesize() or
+sysconf() . PAGE_SIZE and MAP_SIZE have become page_size and map_size.
+Thanks to brad at openbsd.org .
+    Dutch translation updated - Johan Huisman <sietze.jan.huisman at 12move.nl>
+    Typo in log_extauth.h (bandwidth -> bandwidth) . Fixes throttling with
+extauth. Reported by iTooo <itooo at itooo.com> .
+    Italian translation updates (Alex Dupre) .
+    Workaround against Solaris streams bugs - Kenneth Stailey.
+    getspnam() is now probed in addition to <shadow.h> in order to find
+whether shadow passwords are available - Kenneth.
+    Check for setreuid/setresuid/setregid/setresgid is seteuid/setegid
+aren't available. Use them in place of seteuid/setegid if necessary - Kenneth.
+    Fixed a typo in the previous line - Brad :)
+    Use pstat_getdynamic() to get the load average if available. It works on
+HPUX - Kenneth.
+    Use pstat() to change the process title on HPUX - Kenneth.
+    Cosmetic cleanups (tabs instead of spaces, etc) .
+    The good'ol poweredby.jpg logo has been replaced by pure-ftpd.png, the
+new official logo contributed by Gabriele Vinci <gabriele at pronto.it> .
+    We now have plenty of FTP mirrors, see the end the README file.
+
+* Version 1.0.10 :
+    GCC updated to 3.0.4.
+    Automake updated to 1.6. configure.ac has zapped deprecated
+constructions.
+    Autoconf updated to 2.52i. Autoconf doesn't like conditional *_LDFLAGS
+in Makefiles any more.
+    Probe for *postgresql* in addition to *pgsql* to find include/lib paths
+for PostgreSQL (configure.ac) .
+    *reply() functions rewritten from scratch: simpler code, no more
+recursivity (makes Solaris happy) and faster processing.
+    Accept '..' in file names in fakexlate() .
+    Use addreply_noformat() whenever possible (speedup).
+    New switch : -Z (--customerproof) . Right now, it adds | 0600 or | 0700
+to chmod commands to avoid users locking their own files. Additionnaly, we
+now try a traditional chmod() call if fchmod() fails. There's a race here,
+but no security trouble to fear. Reported by Mark Reidel <mr at domainfactory.de>
+    Spec file fixes, contributed by Jose Pedro Oliveira <jpo at di.uminho.pt>
+    PureDB binary search could fail with -1 as a slot number - fixed.
+
+* Version 1.0.9 :
+    Korean translation updated.
+    Spanish translation updated.
+    Slovak translation updated.
+    Load average is now checked on Irix - Contributed by Florin Andrei
+<florin at sgi.com> and Chan Wilson <cwilson at sgi.com> .
+    Make the PAM example more generic. -Thorsten.
+    External authentication modules can now be compiled in even when
+ratio/quotas/throttling aren't enabled. -reported by pierre at epinetworx.com .
+    /dev/*random devices can now be probed at run-time when
+PROBE_RANDOM_AT_RUNTIME is defined. Suggested by Kenneth Stailey.
+    Remove loop alignment in minimal mode - GCC doesn't like it on Solaris.
+    Enabling the non-root mode now implies virtual chroot. - Some big
+improvements to the non-root mode. Almost all features of the root mode are
+now working.
+    SITE ALIAS buglet fixed - Kenneth.
+    Parse a.b.c.d IP addresses (without /netmask) and blah.blah.blah
+(hostnames) in log_puredb access/deny rules. Suggested by Maxnerd.
+    Autoconf updated to 2.52h.
+    Don't drop CAP_CHOWN before login completion, so that on-demand
+directories are chown()ed to the right user when capabilities are enabled.
+    fake* files are now under a BSD license.
+    The PgSQL backend now accepts 'any' and 'md5' keywords for the password
+hashing - Contributed by Bjoern.
+    External authentication modules are now working on non-Linux systems :
+we were sending every line from log_extauth to pure-authd in separate
+packets to the local unix socket, but we were only reading a single packet
+then. Now, we also group everything to a single packet before sending the
+data.
+    Merge Ben Gertzfield's extended LDAP schema.
+    AtheOS is unfortuntely gone from the list of supported OS because it
+lacks mmap().
+    Invalid SQL queries are now logged in order to help debugging.
+
+* Version 1.0.8 :
+    Set errno in fake functions.
+    Get rid of rd_len, rename rd -> root_directory, always ensure that it
+has a trailing '/' to simplify further code.
+    Recognize the /./ hack for anonymous users ('ftp' account). Contributed
+by Teo de Hesselle <teo.dehesselle at uts.edu.au> .
+    Strip leading / in fakechroot (just to be coherent with the trailing /
+now in root_directory) .
+    Have the non root mode work with virtual chroot. People are restricted
+to the directory pure-ftpd was started in.
+    Fix compilation on AtheOS.
+    Allow pure-quotacheck to run as a non-root user (suggested by Philip Mak
+<pmak at aaanime.net>) .
+    Merge realpath() replacements from OpenBSD-current, because some Solaris
+libC have a broken realpath() implementation.
+    Support for MD5 hashed passwords in log_mysql. Contributed by Nicolas
+Doye.
+    Force a minimum of 64k i/o buffers.
+    Get rid of the ugly daemons.c inclusion in pure-mrtginfo.c .
+    Merge the W3C log format - contributed by Thomas Briggs <tom at sane.com> .
+    Add initsupgroups() function and always call initgroups() *BEFORE*
+chroot. An important fix pointed out by Adam Kruszewski (Fantomik) and
+Wojtek "elluin" Kaniewski.
+    Add CAP_SETUID if we're on a system with Linux capabilities, but no
+setfsuid() call. Who knows, there are maybe very strange GlibC.
+    New switch : -G (--norename), new global : disallow_rename .
+    sizeof(FTPWhoEntry_.filename) increased in ftpwho-update.h .
+    Reply with 530, not 550 when user isn't logged in. Reported by Philip
+Mak <pmak at animeglobe.com> .
+    Follow symlinks in pure-quotacheck. We need this to support virtual
+chroot.
+    Remove extra "." in "Entering passive mode" message to please some very
+old BSD kernel proxies. Reported by BigAndy.
+    Open descriptors 0,1,2 (->/dev/null) in forked uploadscripts, just to
+please some programs that are crashing when they can't write to stderr
+(example : Unison) .
+    Add a fakechroot version of realpath() so that altlog works with
+absolute file names.
+    New FAKECHROOT_EXCEPTION macro to avoid I/O wrappers. -Used in
+bsd-realpath() .
+    Cygwin doesn't have a working initgroups() call (always returns -1) =>
+don't abort if the call doesn't succeed. Also, have getpwnam() and getpwuid()
+always return the same fake values on win32.
+    Speedup : chroot("/") means no chroot at all, no need to wrap I/O
+functions in that case.
+    mode_t is an unsigned short on MacOS X, so it's promoted to unsigned
+int - take care of that for fakeopen() mode.
+    Fix throttling in ASCII mode - the nowait condition is o >= st.st_size,
+not left > skip.
+    Log passwords when the server is compiled with DEBUG.
+    Remove TVFS conformance announcement (FEAT command) when virtual chroot
+is enabled.
+    Fix bashisms/zshmisms in configure.ac and links OpenSSL if needed with
+OpenLDAP. Contributed by Ben Gertzfield (che_fox) .
+    Merge pure-authd and the 'extauth' external authentication handler.
+Relevant files are man/pure-authd.8, src/log_extauth* src/pure-authd* .
+    Undefine fakechroot macros before their definition, it shuts the
+compiler up on Solaris.
+
+* Version 1.0.7 :
+    Use /dev/arandom and random() instead of /dev/urandom and rand() when
+possible. Suggested by Brad Smith <brad at openbsd.org>.
+    Korean translation updated (Im).
+    GCC upgraded to 3.0.3 for binary packages.
+    Don't chroot to /etc/pure-ftpd/<ip>/. , but to /etc/pure-ftpd/<ip> for
+virtual users. Virtual chroot didn't like it.
+    RPM packages can now be built with LDAP, Mysql and PostgreSQL.
+Contributed by Ben <ben at zaeon.com> .
+    Directory aliases (DIRALIASES macro, diraliases.{c,h}, minor tweaks to
+ftpd.c (docwd) and ftp_parser.c (site alias)) . Contributed by Kenneth
+Stailey <kstailey at yahoo.com> .
+    Cindy has moved.
+    Add a fake chroot wrapper for stat[v]fs[64]() and rm/mkdir.
+    Check directory, not file for stat[v]fs[64]() - Option -k should really
+work now.
+    Don't count .ftpquota in pure-quotacheck. Reported by Jan Pavlik.
+
+* Version 1.0.6 :
+    New fakechroot.{c,h} files. They contain wrappers for most I/O functions
+to emulate chroot and follow symbolic links.
+    PostgreSQL support, based upon log_mysql.
+    Known issue with virtual chroot (FIXME) : files with ".." in their names
+are denied.
+    Danish and Korean translations updated.
+    Typos were fixed in the Polish translation (contributed by Mariusz
+Pekala <skoot at poczta.onet.pl>).
+    Check for libelf before libkvm in Autoconf (Kenneth)
+    Don't enable TCP_NODELAY any more on the connection socket. FTP Explorer
+doesn't like it.
+    Don't assume that crypt() always returns non-NULL pointers. Thanks to
+Paul <paul at chipmunkweb.yi.org> for his help on that issue.
+    New translation : Swedish (messages_sv.h).
+    Don't clear dot_{read,write}_ok when quotas are enabled. Instead, check
+for enabled quotas in checknamesanity() and refuse everything with
+".ftpquota" in it => ok because only 'ls' performs globbing.
+
+* Version 1.0.5 :
+    Rename and delete operations are now syslogged.
+    Strange characters are now stripped from .banner/.message files.
+    Unofficial macros to give more power to anon users :
+ANON_CAN_CHANGE_PERMS, ANON_CAN_DELETE, ANON_CAN_RESUME and ANON_CAN_RENAME.
+    Return 550 when an upload excess quota.
+    New unofficial macro : LOG_ANON_EMAIL .
+    File deletion and rename are now logged.
+    [v]snprintf() replacements have been totally rewritten.
+    Accept multiple ip/mask filtering rules in the puredb backend.
+    The load average can now be read on Solaris < 2.6 (where getloadavg()
+isn't implemented) . Contributed by Keneth Stailey.
+    Documentation updates (FAQ and pure-ftpd man page), translation updates.
+    Autoconf updated to 2.52g, Automake to 1.5b.
+
+* Version 1.0.4 :
+    Clean up pure-config.pl and use Perl's exec with an array, circumventing
+the system shell. (Gives less surprises with strange characters in the config
+file, is also more efficient.) (Matthias)
+    Clean up pure-config.py and use os.execv, work done by Joshua Rodman.
+Thanks a lot. Autoconf adjustments to pure-config.py by Matthias.
+    Fix configure.ac to use ":" in the path to AC_PATH_PROG rather than " ",
+add PYTHON search, declare PERL and PYTHON precious, if not found, default to
+/usr/bin/env <program>, add pure-config.py to AC_CONFIG_FILES. (Matthias)
+    Close descriptors in pure-ftpwho (paranoia. I wasn't able to change any
+ftpwho file even without this -j.)
+    New ADD_EXTRA_GROUPS_TO_ANON unofficial macro to enable supplementary
+groups for anonymous users (disabled by default) .
+    Accept 2000 chars long .message files even on systems where MAXPATHLEN
+is very low (e.g. Irix and FreeBSD) . Contributed by Michael Glad
+<glad at daimi.au.dk> .
+    Recognize "p@sw" as a synonym for "pasv" to bypass SMC Barricade mangling.
+    Fixed compilation on Corel Netwinder devices (Gareth Woolridge).
+    Allow EPSV when IPv6, regardless of the broken compatibility flag.
+    A workaround for buggy Autoconf versions was added in configure.ac
+(AC_PATH_PROG didn't work when the path wasn't a variable : IFS was set but
+it wasn't effective without any substitution) .
+    Have dodele() handle unlink() errors even when virtual quotas are
+enabled. Also, the stat() (that was changed to lstat())/rename() race was
+fixed by an additional lstat() on the destination file.
+    simplify() has been moved to ftpd.c . We call it for mkd/rnto/stor file
+names before stripping spaces, just to be a bit more annoying with warez
+players.
+    VUSERS stuff was removed. It has been obsoleted by the puredb backend.
+    New FAQ file.
+    The ML address has changed to pureftpd.org/ml instead of a direct link
+to SF, just in case we move to something more reliable.
+
+* Version 1.0.3 :
+    New ASCII conversion function (doasciiwrite()), faster, easier and less
+buggy than the original one. And it fixes a funny compatibility issue with
+Homesite.
+    Look for perl in /usr/bin before /usr/local/bin (better to build RPM
+packages) .
+    Don't forget to remove libsafe before building binary packages :)
+    New unofficial macros : DISABLE_MKD_RMD and DEFAULT_TO_BINARY_TYPE.
+
+* Version 1.0.2 :
+    Upgraded to Autoconf 2.52f.
+    Disallow rnto to existing files when quotas are enabled. Not for
+nonexistent files.
+    Don't use setfsuid() when system quotas are enabled -> undef
+HAVE_SETFSUID_H in ftpd.h if SYSTEM_QUOTAS if defined.
+    Always restrict the size of chunks for downloads when ftpwho is enabled.
+    Parse every component of the path in create_home_and_chdir().
+    Include some more (v)snprintf() implementations, using vfprintf() and
+_doprnt() . Needed for Tru64.
+    The upload pipe now receives upload info as follows :
+\002username\001filename\000 . That way, virtual user names can be read.
+    PureDB is now covered by a BSD license and it was upgraded to version
+2.0 .
+    Don't forget the -k option in Perl/Python parsers.
+
+* Version 1.0.1 :
+    Enable keepalive on data sockets, disable ndelay.
+    Downgrade to autoconf 2.52.
+    Fix 'left' value when throttling is enabled in doretr() with sendfile() .
+    Add --without-nonalnum / PARANOID_FILE_NAMES.
+    New funny french messages.
+    Quota fixes when uploads are aborted. New dostor_quota_update_close_f()
+function. Yeah, what a nice and long name :)
+
+* Version 1.0.0 :
+    Remove the last dynamic array in dostor(), use ALLOCA instead.
+    Solaris considers mmap()ed region as char * instead of void *. Add
+explicit casts to shut up the compiler.
+    Add CallUploadScript in pureftpd.conf sample.
+    Support Base64-encoded MD5/SHA and salted MD5 (SMD5) and SHA (SSHA) 
+LDAP passwords.
+    Updated danish translation - Lyberth.
+    Updated polish translation - Arkadiusz.
+    New messages_sk.h and messages_kr.h translation files.
+    Renamed messages_sp.h -> messages_es.h .
+    Separate {bandwidth,quota,ratio} changed pairs in AuthResult.
+    Accept @ for LDAP logins.
+    Have pure-uploadscript write a /var/run/pure-uploadscript.pid file.
+    Irix portability fixes, thanks to Florin Andrei <elf_too at yahoo.com>.
+    MLST/FEAT conformance fixes.
+    PAM fixes (Thorsten).
+    Get rid of the dot_ok global.
+    Have the main server delete ftpwho files.
+    Check for statvfs64().
+    Spec file improvements (Bernie).
+    keepallfiles = 0 when users belong to the trusted group.
+    Disable quota for anonymous users.
+    Fix various compiler warnings (Matthias).
+    Have pure-pw support puredb files even when the server hasn't been
+compiled --with-puredb. Suggested by Arkadiusz.
+    New --with-sysconfdir configure switch. Suggested by Arkadiusz and
+Matthias.
+    Don't strip spaces in commands, unless SKIP_TRAILING_SPACES is defined.
+It was an historical behavior but it breaks spaces before and after file
+names, passwords beginning with spaces, etc. Thanks to Andreas Piening
+<Andreas.Piening at ePost.de> for helping to solve that issue.
+    Replace extra spaces around uploaded file names (and rnto) with '_' to
+avoid stupid practices of warez folks.
+    New message files format checker (messages_check.pl) provided by
+Matthias Andree.
+    Add mysnprintf.{c,h} wrapper for brain damaged snprintf() implementations.
+    Refuse rename() with --keepallfiles.
+    Upgraded autoconf to 2.52d. Get rid of acconfig.h .
+    Changed configure.ac trailer - Contributed by CmdrTaco of Slashdot (only
+two people know why... this is the mystery of pureftpd :)
+    Misc. nice cleanups everywhere (Matthias, Bernhard, Jason, Arkadiusz).
+    Upgraded to gcc 3.0.2 for binaries.
+    Don't increase size quota when overwriting existing files - Reported by
+Eric <ericnew at pacific.net.sg> .
+
+* Version 0.99.9 :
+    Complete rewrite of src/*ftpwho*. We now use a scoreboard directory
+(/var/run/pure-ftpd) with mmap()ed structures instead of SysV IPC. It might
+be a bit slower than IPC, but it's definitely more reliable, it doesn't need
+any OS tweaking, it's simpler code, etc.
+    Support the service part in getnameinfo() emulation code for pure-ftpwho.
+    Ansified bsd-glob* and gnu-getopt* .
+    Avoid a clash for struct statfs between sys/vfs.h and sys/capability.h .
+    Consider negative filedescriptors as valid (prepare for O_DIRECT).
+    -H is now a synonym for -n in pure-ftpwho.
+    Use safe_write() when possible instead of plain write().
+    Much efficient buffering code in ls.c .
+    New -m switch in pure-pw. New environment variables for the default path.
+    Refuse atomic replacement of files when quotas are enabled.
+    Accept pure-pw mkdb without any further argument.
+    New pid_file glob.
+    Documentation fixups. Contributed by James Metcalf <james at asset-ict.com>
+and http://www.php4hosting.com/ .
+
+* Version 0.99.4 :
+    Change uploaded and downloaded to unsigned long long. Display file
+sizes as unsigned long long in src/ls.c. (Thorsten/Matthias)
+    RPM improvements. (Thorsten)
+    Chroot everyone by default in pure-pwconvert.
+    Refuse 0Kb bandwidth for throttling in pure-pw. Reported by Ben Weir.
+
+* Version 0.99.3 :
+    Don't include users that don't have a valid directory in pure-pwconvert.
+    Old versions of MySQL (<= 3.22.x) are now supported.
+mysql_real_escape_string() wasn't implemented. We now just check this in
+configure and fallback to mysql_escape_string() if necessary.
+    Fixed RPM building with PAM, thanks to Sergey Mihailov.
+    Add PureDB to configuration file wrappers, thanks to Sergey Mihailov.
+    Include sysconfig sample in RPMs.
+    Support MySQL's password() hashing function. Contributed by Robin Ericsson.
+    Dutch translation updated (Johan Huisman <sietze.jan.huisman at 12move.nl>) .
+    New keyword in mysql config : MySQLTransactions.
+    Reject new uploads if user_quota_files/size > quota->files/size .
+    dynamic.c rewritten in a simpler way.
+    Allow @ and : in MySQL login names (Contributed by Arkadiusz).
+    Add ratios and bandwidth to the MySQL backend.
+    Accept the "any" keyword for MySQL auth. Don't if...else if
+crypto schemes. Try them all in order instead. (src/log_mysql.c)
+    Duplicate the content of environ instead of nullizing it. Longer, but it
+helps pure-ftpd work on older C libraries (libc5).
+    Individually check IPv6-specific functions and macros. Some systems e.g.
+MacOS X have a partial implementation (getaddrinfo() without getnameinfo()) .
+    Check for SysV semaphores and don't enable ftpwho on operating systems
+they are missing on.
+    Really support extended DES hashing.
+    Cleanups to german messages, more informative message for PASV usage
+with IPv6. (Matthias Andree) .
+    Strip extra info in gecos (src/pure-pwconvert.c) .
+    Add IP filtering and time restrictions to log_puredb/pure-pw.
+    New SQL digraph : \D.
+
+* Version 0.99.2a :
+    When quotas were enabled, but no quota was specified, uploads were
+always truncated to 0 bytes. It has been fixed.
+
+* Version 0.99.2 :
+    Upgraded Automake to 1.5.
+    New translation : dutch.
+    Fix --createhome option, reported by Lan Yufeng.
+    New quotas.{c,h} files.
+    Fix compilation when MySQL stuff is installed in /usr .
+    Remove host name in the minimal banner.
+    Add [NOTICE] and [DEBUG] qualifiers to logfile().
+    New DONT_LOG_IP macro, force '?' into host global.    
+    Some operating systems (at least Solaris > 2.7 and FreeBSD < 4.3) have
+strange troubles with reusing TCP ports, even when SO_REUSEADDR is enabled.
+Although it is an OS issue, we try several unassigned privileged ports as a
+workaround for active connections. The last ressort is to let the OS assign
+a port. But you can filter everything >1023 on your firewall if you feel
+paranoid (and fix the server OS) .
+    New unofficial macro : ANON_CAN_RESUME, to authorize anonymous users to
+resume transfers.
+    New -n / --quota option.
+    New program : pure-quotacheck.
+    Merged the PureDB package.
+    RPM can now be build with PAM support, thanks to a new variable called
+con_pam. Contributed by Juan Pablo Gimenez <jpg at rcom.com.ar>
+    Add a "password" attributes to the PAM sample.
+    Stat the / directory and compare it with what we are chmod()ing. If it's
+the same inode/device pair, enforce read+exec+write rights for the user.
+    Use AF_UNSPEC as a family instead of AF_INET/AF_INET6 when getaddrinfo()
+is called with AI_PASSIVE.
+    All authentication stuff has been moved in src/log_*.c files, including
+what's needed to parse/allocate/free related structures. All modules have the
+same hooks, grouped in a new structure : Authentication .
+    Semantic change for AuthResult.auth_ok : 0 means a soft error (user not
+found, or server temporarely down), -1 means hard error (bad password), 1
+means ok. To be secure, we fall back to the next authentication method only
+on soft errors. Also, AuthResult objects are now passed by address to
+authentication handlers.
+    New --with-puredb switch in the autoconf script.
+    New files : src/pure-pw.{c,h} man/pure-pw.8
+    Disable TCP_CORK, some Linux users reported strange behavior because of
+this.
+    Disallow crazy chunk sizes for uploads, to save our beloved stack,
+especially when throttling is enabled. Thanks to Daniel Tschan.
+    Made zrand() returns an unsigned int, so that zrand() % xxx is always
+positive.
+    New files : src/log_puredb.{c,h}
+    Scan several common paths for pure-ftpd in pure-config.pl.
+    New pure-pwconvert tool, suggested by <olle at xmms.org> .
+
+* Version 0.99.1b :
+    Fix access problems to remote MySQL servers. - Thanks to John Hart.
+    New program : "pure-statsdecode" to convert timestamps into human-
+readable dates in "stats" logfiles.
+    Add peer info to authentication (pw_*_check()) functions.
+    When MySQL or LDAP are enabled, add additional groups of the system uid.
+    Made LDAP attributes more configurable (macroized strings in log_ldap.h) .
+    New digraph for SQL substitions : \R (remote IP) .
+    New fields for the LDAP configuration file parser : LDAPDefaultUID and
+LDAPDefaultGID.
+    Updated the LDAP documentation.
+    Check that programs linked against mysqlclient can run in configure.ac .
+Because some people forgot to add libmysqlclient.so in the configuration of
+the dynamic linker.
+    New create_home global, new --createhomedir/-j switch, new
+create_home_and_chdir() function.
+
+* Version 0.99.1a :
+    New alternative logging format : "stats", designed for the ftpStats
+application.
+    Cosmetic fix with ratios.
+    New -K / --keepallfiles directive.
+    Workaround for broken clients that don't properly end up their command
+lines.
+
+* Version 0.99.1 :
+    Don't call uploadscript on downloaded files when CLF logs are enabled.
+    New SNCHECK macro to check snprintf() return values. Older
+implementations return -1 for overflows, while C99 dictates that the number
+of chars that would have normally be written should be returned. So, we
+check the implementation in configure.ac and define this macro to do the
+right thing.
+    Don't try to read /dev/urandom when chrooted.
+    CORK and NODELAY can't be used together.
+    Support pipelining (fixes lftp async mode).
+    Changes of process names are now properly handled on Linux - Thanks to
+Juergen Henge-Ernst.
+    Split Unix auth stuff into log_unix.{c,h}, new AuthResult structure.
+    Properly report download progression and speed in pure-ftpwho. The
+problem was in sendfile() downloads, when both FTPWHO and THROTTLING were
+defined (&& instead of || in the test... stupid failed optimization) .
+    Fix getnameinfo() emulation by passing a valid IP address to
+gethostbyaddr() .
+    Allow LDAP path override.
+    Disallow root uid/gid in LDAP.
+    Document that adding "shadow" to PAM sample rules can fix some hardened
+distributions, suggested by Joe Silva.
+    Use statvfs, not statvfs64 for large files on Linux when __REDIRECT is
+defined.
+    Externalize zrand().
+    Merge MySQL authentication.
+    Fix throttling + large files.
+
+* Version 0.99b :
+    Check socket/resolver libs in configure.ac before socket-related tests.
+It fixes LDAP compilation on Solaris.
+    Pad the day to two characters in CLF.
+    Downloaded/uploaded files are now logged with LOG_NOTICE priority.
+    Add --without-sendfile configure switch - sets DISABLE_SENDFILE macro.
+Disabling sendfile is useful on some OS with some filesystems that don't
+support zero-copy transfers like SMBFS on FreeBSD 4.3 .
+    Merge hash functions : crypto.{c,h}, crypto-sha1.{c,h} and crypto-md5.{c,h}
+    Renamed pam_ftp_check() to pw_pam_check() .
+    Don't display group list in minimal mode.
+    Fill in the uid/name cache after an authenticated login.
+    Minor RPMs improvements. -Still not a relocatable package, though-
+    Fix non-root mode : don't dereference pw in dopass() if NULL.
+    Include the BSD license in COPYING.
+
+* Version 0.99a :
+    Always display the local IP and port with pure-ftpwho -v.
+    Don't log an extra \001 is CLF output, properly report negative time
+zones, zerofill hour/min/sec to 2 digits.
+
+* Version 0.99 :
+    New README.Debian file.
+    Fix ls -C arithmetic error with long file names. Reported by Old Mole.
+    Corrected the german translation for grammatical/spelling errors,
+translated missing messages. -Contributed by Bernhard Weisshuhn.
+    Danish translation. -Contributed by Isak Lyberth.
+    Log login attempts with disabled accounts. Admin can still check what's
+wrong even --with-paranoidmsg . The new message is MSG_DISABLED_ACCOUNT.
+    Improved pure-config.pl.in : extra parameters can be added in command
+line.
+    Fix throttling on FreeBSD : BSD sendfile() returns -1/0 , not the
+number of transmitted bytes.
+    Show s/S/t/T flags in ls -l - Suggested by Bernie.
+    Removed --without-chmod, added -R options.
+
+* Version 0.99pre2 :
+    Fixes to make pureftpd compile on Solaris 7 and 8. Warning:
+untested. Large file support may be broken.
+    Minor robustness/warning fixes.
+    "ftp" can be used as a fake shell, no need to add it to /etc/shells.
+    Documented that anonymous FTP needs an "ftp" account in an LDAP
+directory - Thanks to Adrian Zurek.
+    Fixed a typo in pure-config.pl : UserBandwidth handled $2 not $1 -
+Thanks to Vincent the Herisson
+    Upgraded Automake to 1.4p5 and Autoconf 2.52.
+    Renamed deprecated configure.in to configure.ac .
+    RPM fixes - Contributed by Oliver Soell <oliver at fusionit.com>
+    More accurate throttling, don't only check seconds, but also usec 
+- Contributed by Frank de Bot.
+    Don't log client crashes as timeouts - Reported by Matthias Andree.
+    Stop if --with-pam was specified, but PAM headers are missing.
+    Add %s in die() - Thanks to Matthias Andree.
+    New logpid global - Matthias.
+    Added PARANOID_MESSAGES macro (see src/messages.h)
+    Have RNTO work when the target file name already exists - Reported by
+Bernhard Weisshuhn.
+    Allow transfers through sendfile() longer than <idletime> , needed for
+very large files transferred over slow links (odd idea, but why not) .
+    Changed the trustedgid behavior when the /./ trick is used : members of
+the trusted group *are* chrooted, but they have no ratio and dot-files are
+allowed.
+    Added --with-paranoidmsg compile-time option to enable PARANOID_MESSAGES.
+    Implemented alternative IPv6 functions for backward compatibility with
+old IPv4 only stacks. Check out src/ipv4stack.* and the new OLD_IP_STACK
+macro. We assume the stack is IPv4-only if getaddrinfo() doesn't exist.
+    Display version number in '-h'.
+    New files : altlog.{c,h}
+    New option : -O / --altlog , new macro WITH_ALTLOG, new globals altlog_*,
+new autoconf switch --with-altlog .    
+    Try to use ALLOCA in internal statement blocks instead of local
+fixed-size arrays. The result is the same and the source code is a bit more
+complex, but it saves stack space especially on path names.
+    Minor code cosmetic cleanups (I really hate if/loops without braces) .
+    Improvements to the FreeBSD port : LDAP can be compiled in.
+    List KcmPureftpd in README.Contrib .
+    New --with-bloat^H^H^H^H^Heverything autoconf switch.
+    Added NO_PROCNAME_CHANGE macro just in case people don't want processes
+to change name (workaround for a bug on older glibc) .
+    Return 550 instead of 530 when CWD fails. Silly broken clients like
+AbsoluteFTP choked on this.
+    Don't assume that no sendfile() implies support for large files.
+
+* Version 0.99pre1 :
+    Have MSIE open an authentication dialog when anonymous users are
+forbidden (-E) in compatibility mode (-b) .
+    Don't CORK_OFF a bad file descriptor in error() - Reported by Sami Farin.
+    Don't reply with PASV/SPSV/EPSV when -N is enabled.
+    Don't forget to initialize gl_pathc and gl_pathv in glob_() - OpenBSD
+didn't like it.
+    Fixed typos in documentation.
+
+* Version 0.98.7 :
+    gui/build.sh improvements by Peter Pentchev.
+    Correct typo in the pure-uploadscript man page.
+    Always parse the last element in upload ASCII conversion.
+    Reduce the random tapping delay, some users find it annoying.
+    More parser cleanups and optimizations.
+    Don't glob any more for chmod and dele.
+    Follow symbolic links for downloads.
+    Made autorename an argument for dostor() for dostou() atomicity.
+    Minor optimizations for passive port computation (to be paranoid, we
+never rely on OS port assignment, so give up the old TrollFTP code)
+    Replace since -> xfer_since in pure-ftpwho to avoid FPE. Add even a
+signal handler, just in case.
+    Never forget to check that shm_data_cur is != NULL before dereferencing
+it.
+    Wait a bit when MAX_THROTTLING_DELAY is reached.
+    Don't make PAM sessions failures fatals. And don't even try to open a
+session when WITHOUT_PAM_SESSION is defined.
+
+* Version 0.98.6 :
+    Properly truncate uploaded files, even if restartat == 0.
+    Added MSG_NO_ASCII_RESUME.
+
+* Version 0.98.5 :
+    Recognize ADAT command for Kerberized Fetch 5 (Macintosh).
+    Added a contrib/ directory and README.Contrib.
+    Minor Autoconf and code cleanups.
+    Debian package updates - no more hang at end of the install procedure.
+    Open PAM session (patch by Sami Koskinen <tossu at cc.hut.fi>).
+    It looks like some OS/C libraries don't like to share syslog
+descriptors. To be safe, we have to reopen the syslog for each client, 
+grr!
+    Disable auto login (handy, but buggy clients sending fancy commands
+before authentication choked on this) .
+    Disable the 'man page segfault' humor :(
+    Fix largefile compilation on Linux (reported hy Andreas Westin).
+    Don't wait for throttling when download is completed.
+    Use statfs() and getloadavg() on *BSD.
+    Don't keepalive, don't linger.
+    Don't forget to parse the last element in pure-ftpwho (reported by
+Brandon Covert).
+    Merge the virtual host login code with the regular login code (suggested
+by Chris Mentjox <chris at widexs.nl>.
+    ftp_parser.c/sfgets() rewritten to optimize read() calls.
+    Use the same policy to forbit dot-files for cd and for other commands,
+for consistency and to ease migration from other servers.
+    Don't unlink() partially uploaded files unless user is anonymous.
+    Add fillenv() and newenv_*() in pure-uploadscript.c
+    Skip initial \n in banners.
+    Rewritten upload acceptation to avoid duplicate code and possible races.
+    Externalized some functions to save stack space.
+    Add non_noupload global and the -i flag.
+    Don't chmod 600 incomplete uploads. I will miss that feature, but some
+people don't like it and pure-uploadscript may be a better alternative for
+integrity checking.
+    New trustedip global, that contains the trusted IP address allowed
+to accept non-anonymous connections.
+    WITH_VIRTUAL_HOST macro to #ifdef the virtual hosting code.
+    Check for statvfs_t, security/pam_misc.h and sys/loadavg.h for Solaris.
+
+* Version 0.98.4 :
+    Slightly reduce the password delay if PAM and LDAP aren't enabled.
+    Open the syslog as soon as possible (before accepting client
+connections) . It solves the nasty long-standing syslog-output-in-client-fd
+bug.
+    Don't localtime(NULL), it crashes under FreeBSD.
+
+* Version 0.98.3 :
+    Close listenfd, but close(2) only if it's a tty (maybe it's an
+uploadscript descriptor) .
+    Save errno in signal handlers.
+    Paranoia : introduce a random delay after password entering.
+    Disable signals in die() and sigurg(). This is just paranoia, the signal
+handlers are *not* vulnerable to the problems described in the Razor paper.
+    Fix ls <link to directory> behavior, to list the content of the
+directory, not the directory name.
+
+* Version 0.98.2a :
+    Upgrade to Automake 1.4-p2 and Autoconf 2.50.
+    Accept "." in LDAP user names.
+    Fix --sysloghack for Debian users (DEBUG was defined)   
+
+* Version 0.98.2 :
+    Portability : check for __ss_len, not only ss_len.
+    New function for platforms without setfsuid() : usleep2(), blocking
+signals when we are sleeping.
+    long double usage in pure-ftpwho, to avoid floating point exceptions.
+    Upgraded to Automake 1.4-p1.
+    Define syslog names if libc hasn't them.
+    Check for nsl/socket/resolv requirements.
+    Use statvfs is statfs is not available.
+    Fix compilation against old OpenLDAP versions (1.x) .
+    Added --without-globbing (also defined in minimal mode) .
+    Check for sendfile() variants (Linux, FreeBSD or none) . FreeBSD (and
+possibly other OS with a similar implementation) can now use sendfile().
+    ABOR is now handled. We do this by intercepting SIGURG and by keeping
+the transfer file descriptor in xfer_fd (may be datafd or what accept()
+returned) .
+    Added a restartat field in the ftpwho structure.
+    Complete rewrite of sreaddir(). We're now using two distinct memory
+segments : one for metadata (struct FileInfo) and another one for file
+names. Also, stat()ing data is done when reading the directory content and
+kept in memory to avoid stat()ing again for displaying. And we have buffers
+grow instead of restarting. And we don't rely on the what st_size returns
+for the directory, that's useless and it eats memory for nothing. And ls -S
+works. To summarize, the new built-in ls rocks, it's way more efficient than
+the previous BSD horror. And it's portable. We stat() again for modern
+listing, though (MLST), because we need inode and device numbers and we
+have to deref links and MLST should be ready for extended attributes (like
+ACL), while sreaddir() shouldn't fill memory with extra info.
+    Log virtual domains logins.
+    Handle virtual domains in pure-uploadscript.
+    Fix XML output (Jason Lunz)
+    Solaris port and documentation.
+
+* Version 0.98.1 :
+    Fix display of group listing for group names with white spaces and very
+long group names.
+    Umask for dirs and umask for files are now different (umask & umask_d) .
+    New --with-sysloghack flag.
+
+* Version 0.98-final :
+    Added Spanish translation by Luis Llorente Campo
+<luisllorente at luisllorente.com> .
+    Added download_total_size, download_current_size, local_addr and
+xfer_date to the FTPWhoEntry structure.
+    New output targets : shell (-s) and verbose ASCII (-v) .
+    Paranoia : add more entropy to the zrand() function.
+    Changed u_mask default to 133, uploaded files are now 777.
+    bandwidth_throttling was split into bandwidth_throttling_ul and
+bandwidth_throttling_dl.
+    Syslog is now opened after forking. It fixes the nasty syslog-to-
+clientconn bug due to dup2() and/or syslog mutex internals.
+    Logging can be disabled with '-f none' .
+
+* Version 0.98pre2 :
+    Don't use a fancy directory separator for recursive 'ls' because NcFTP
+chokes on this when mirroring. It's a pity. The previous one looked great.
+But we have to keep clients happy.
+    Listen on IPv4+IPv6 by default even on OpenBSD.
+    Minor optimizations (don't test for optarg != NULL, trust getopt() and
+use switch instead of else if to parse command-line options) .
+    Renamed mrtginfo to pure-mrtginfo, because mrtginfo was too confusing
+and it could clash with other packages.
+    Added pure-uploadscript and its man page.
+    Added the '-o' option and the --with-uploadscript configuration flag.
+    Documentation : added forgotten NATmode example in the pure-ftpd.conf
+file.
+
+* Version 0.98pre1 :
+    Don't hardcode the pure-ftpd path in pure-config.pl (Peter Pentchev).
+    Actually include the polish translation.
+    Updated the Netfilter documentation. The EPSV/EPRT patch is no longer
+pertinent, because EPSV/EPRT support was merged in kernel 2.4.3ac14.
+    Fixed welcome.msg typo (Thanks to Togusa).
+    Increased the banner size to 2000.
+    Support long options even if getopt_long is unavailable (especially for
+BSD) .
+
+* Version 0.97.7 :
+    Upgraded to Autoconf 2.49e.
+    Semaphores/shared memory perms should be & 0777 for FreeBSD.
+    Merged polish translation (Arkadiusz) .
+    Cleaned up headers includes.
+    Added HTML and XML outputs to pure-ftpwho.
+    Added pure-ftpwho man page.
+
+* Version 0.97.7pre3 :
+    Changed 'killall -HUP xinetd' to 'killall -USR2 xinetd' in the README
+file (pointed out by Olivier Tharan <olive at zehc.net>) .
+    configure.in : fixed --without-ascii, add --with-welcomemsg.
+
+* Version 0.97.7pre2 :
+    pure-ftpwho marks a slot as free is there is no associated process. 
+    Possible fix for a realloc() problem reported by Emmanuel Hocdet.
+    Added dmalloc support.
+
+* Version 0.97.7pre1 :
+    Block SIGCHLD before calling iptrack_add() .
+    HAS_WAITPID is HAVE_WAITPID.
+    Check for setproctitle (*BSD) .
+    Reset restartat to 0 after a successful stor/retr (Jobush) .
+    Don't open with LOG_CONS.
+    Completed the romanian translation (Claudiu) .
+    Added WELCOME_MSG_COMPATIBILITY hack.
+    Optimization : only call setprogname if state_needs_update != 0.
+    maxusers defaults to 50 and maxip to (1 + maxusers / 10) .
+    ftpwho. Added --with-ftpwho.
+
+* Version 0.97.6 :
+    Merged docwd/ls bounds checking for ~ expansion.
+    Enable the '.banner' file for authenticated users.
+    Cleaned up the man page.
+    Added disallow_passive global.
+    Optimized bsd-glob.c.   
+
+* Version 0.97.5 :
+    Cleaned up bsd-glob, no need for alternate directory functions.
+    Replaced __ macro by _COMA_ to avoid conflicts on Tru64.
+    Replaced \s by \s+ in pure-config.pl.in and pure-config.py (Emmanuel
+Hocdet) .
+    Properly probe next ports if a random port can't be bound.
+    In dostor(), get the file size is in 'filesize', not in the initial
+stat() call.
+    Added the '-4' option.
+    Updated the 'Contributors' part in the man page.
+    Removed leading space in dosize() result.
+    Added u_mask global.
+
+* Version 0.97.4 :
+    getgroups() should always be called *after* seteuid()! The BSD port
+broke this.
+
+* Version 0.97.3 :
+    Always log the speed, whatever it is (suggested by William Kern(el panic)) .
+    Always display the current number of clients in the initial banner.
+    Always chdir() before chroot().
+    Use of <config.h> instead of -D for cleaner compilation (contributed by
+Jason Lunz).
+    Clear arguments, to avoid bloat in the 'ps auxw' table.
+    Recognize HELP SITE and SITE HELP.
+    Added addreply_noformat for multi-lines responses.
+    STAT command.
+    Support "modern" directory listings (modern_format() func) . Used to
+implement MLST and MLSD. Listings are "modern" or "traditional" according to
+the modern_listings global.
+    Added --with-minimal.
+    Added --with-nonroot to disable chroot()/setfsuid(), so that the server
+can work without root privileges.
+    Added --with-language.
+    Fixed largefile+throttling compilation.
+    Changed 'quota' to 'ratio' everywhere. Quotas will be something else.
+    Create /var/run/pure-ftpd.pid . Remove it when a signal is caught.
+    Added romanian translation from Claudiu Costin <claudiuc at kde.org>.
+    Added german translation from Mathias Gumz <gumz at cs.uni-magdeburg.de>.
+    Added french translation from Ping <ping at root42.net>.
+    Allow download of 0-byte files (reported by Louis Rouxel).
+    Include <netinet/in_systm.h> and <sys/mount.h> if presents.
+    Define STORAGE_LEN and STORAGE_FAMILY for BSD and Glibc compatibility.
+    Use seteuid() instead of setfsuid() on non-linux systems.
+    Non-pam, non-shadow passwords are working again.
+    Upgraded to automake 1.4d.
+    Latest unstable glibc for Debian define ss_family instead of
+__ss_family. A test in configure.in was added for this. A test for ss_len
+was added by the way.
+
+* Version 0.97.2 :
+    Added epsv_all.
+    Tell the client when per-IP limit is reached.
+    Daemonize if '-B' is given (daemonize global).
+    Don't assume that 0 isn't a valid file descriptor. Yes we use 0/1 for
+the command socket so 0 should never be reused again. But it's to be quiet
+in our mind and to prevent bad surprises if we ever change this in the
+future.
+    Add file size to speedstring (speedrate() function) .
+    Compare dataconn IP with *peer* IP, not cltrconn!!! It broke passive
+transfers in 0.97.1, grrr...
+    Corrected a bashiszm in configure.in (Arkadiusz Miskiewicz)
+
+* Version 0.97.1 :
+    Added more entropy for the port number of passive connections and
+refuse connections from hosts who doesn't own the control socket.
+    .message and .banner files couldn't contain only white spaces - fixed.
+    Disable HELP in broken mode because very old WSFTP clients send this.
+Donnu why. But they do.
+    Add a message to the syslog when the per-IP limit is reached.
+
+* Version 0.97-final :
+    Strip debugging mode (XDBG) unless compiled with -DDEBUG. Who needs this
+on production servers, anyway?
+    In standalone mode, close the listening socket when SIGTERM is received.
+    Catch maxusers in the standalone server code. If the server is busy,
+don't even try to fork (optimisation) .
+    The default syslog facility is now 'ftp' instead of 'local2'.
+    Paranoia : set the close-on-exec flag on the listening socket and close
+stdin/stdout/stderr.
+    Dynamically change process titles to reflect their activity (pure-ftpd
+[SERVER|IDLE|UPLOAD|DOWNLOAD]) .
+    Accept non-ascii (accents) file names (check if <32U in checknamesanity).
+    Added dynamic.c for IP tracking. Yes, the code could be optimized for
+speed with two hashed tables (ip->number pid->link to the previous table).
+But it's simple and fast enough if you don't have 500000000 simultaneous
+users (and if you do, you have a high end machine, don't you?) .
+    Added '-E' flag. anon_only = 0 (normal mode) -1 (no anon) or +1 (anon
+only) .
+
+* Version 0.97pre5 :
+    Added '-U' option to change the umask (Thanks to Guenter Bittner for the
+suggestion).
+    Standalone mode : updated configure.in (NO_STANDALONE, NO_INETD),
+standalone_server(), standalone global, daemons() is skipped if we are only
+standalone, ...
+    Added '-x' and '-X' options to prevent users from writing/reading
+dot-files, even though they are authenticated (add globals
+dot_write_forbidden and dot_read_forbidden) . Restricting access to
+directories starting with '.' added many lines of code for such a simple
+operation. However, it's done in a secure way : we don't get fooled by
+relative paths and links.
+    Bandwidth throttling in now in KB/s (throttling_bandwidth global) . We
+do it the long, but right way, with compensation_delay = (transmitted bytes
+/ throttling_bandwidth) - (tn - t0), recalculated between each
+received/transmitted chunk. A bit slow and bloated, however, but more
+efficient than a fixed approximation. To minimize bandwidth starvation with
+non-transfer commands, we impose a delay (throttling_delay) of 1sec/bandwidth.
+
+* Version 0.97pre4 :
+    Added '-D' option to force 'ls' display dot-files even when a client
+doesn't send the '-a' option (ls -la) .
+    Keep the previous permissions when overwriting a file. Thanks to Darren
+Casey for reporting this.
+    New '-I' option to change the maximum idle time (idletime global) .
+Also, a new function (antiidle()) is called for each dummy command (no
+login, no transfer) . Because many modern FTP client send "noop", "cwd" or
+"pwd" all the time to avoid timeouts. When we encounter something like this,
+we give it grace time (twice the normal timeout, because the client is
+active), but we disconnect him if this grace time expires anyway.
+
+* Version 0.97pre3 / 0.96.2 :
+    HELP is ignored if followed by an argument.
+    Made SITE commands work anew with subcommands in upper case.
+    Finally replaced the GNU globbing stuff by ported BSD code (NetBSD libc
+variant) . It's faster, it's cleaner, it's less buggy. The code was modified
+to accept recursion limits (rather than a maximum buffer size), match limits,
+and tilde expansion was disabled.
+    Limited the default maximum listed files to 2000 instead of 4242 and 5
+subdirectories for recursion.
+    Support for shadow passwords expiration dates.
+    New eye-candy delimiters for subdirectories in a directory listing.
+    Moved capabilities-related functions to caps{.c,.h,_p.h} .
+    Support for large (> 2 Gb) files.
+    Reduced the IPv6 EPRT code, we now call doport2() like IPv4 PORT/EPRT
+commands. That way, we now support IPv6 FXP as well.
+    Added the new logfile() function to customize the syslog output.
+
+* Version 0.97pre2 :
+    Fixed a memory leak/duplicate free problem in glib-glob().
+    Added memory usage limits.
+    Added missing messages from ls.c to the "messages.h" file for translation.
+    Reverted the cap_free() calls semantic.
+
+* Version 0.97pre1 :
+    Check for and convert 4-in-6 addresses (fourinsix() function). Also
+check for valid addresses (checkvalidaddr()) .
+    Also check /proc/net/tcp6 when IPv6 is enabled.
+    Code cleanups.
+    Added DIE and DIE_MEM macro to shrink the source code.
+    Commands are already in lower case, so don't call strcasecmp() anymore,
+strcmp() is faster.
+    Paranoia : refuse invalid IP addresses (multicast, null, broadcast).
+    Converted all strings to macros for localisation.
+    Ignore ~ if we use LDAP to avoid useless queries. But tilde expansion
+with LDAP is still implemented, just #undef IGNORE_TILDE if you want to use
+it.
+    Added overlapcpy() function in place of safe strcpy. This looks pointless
+under Linux, but we must follow the specs, anyway.
+    Upgraded to Autoconf 2.49d.
+
+* Version 0.96.1 :
+    Changed the ASCII restart message ("Okay, but your client violates RFC")
+to something more friendly.
+    New possibly more secure glob() implementation. It's a hack of GlibC
+2.2.2's glob() providing sglob(), able to limit recursion depth and the
+number or results. It's not perfect (is should return GLOB_NOSPACE in some
+situations instead of an empty list), but it should be a definitive solution
+against all possible globbing attacks.
+    Added a limit of 17 minutes of CPU time consumming. Yes, 17 minutes is a
+huge limit.
+
+* Version 0.96 :
+    When FXP is refused, send 500 as a reply. It helps broken NAT boxes deal
+with Pure-FTPd servers since the client thinks EPSV isn't supported and it
+tries PORT instead.
+    Added chdir() after listing a directory just in case we didn't get back
+where we started if we reached a limit.
+    Avoid loops in directory listings.
+
+* Version 0.96pre1 :
+    Added '-P' flag to explicitly set an IP address in reply to a PASV
+command.
+    Added '-A' flag to chroot() everyone. If '-A' is combined with '-a', the
+last option takes precedence.
+    Added '-H' flag to avoid DNS resolution.
+    Reverted the 0.95.1 change : 7 bits is always supported, even without
+'-b'.
+    Added FEAT command (rfc2389) .
+    Allow anonymous users to create directories if they have write access to
+the parent directory.
+    Fixed virtual hosts and updated man page/README.
+    Changed every sockaddr_in structure to sockaddr_storage. Added
+STORAGE_PORT, STORAGE_PORT6, STORAGE_SIN_ADDR, STORAGE_SIN_ADDR6 and
+STORAGE_FAMILY macros (ftpd_p.h) . Added addrcmp() to compare two
+sockaddr_storage addresses (is there a faster way to do this?) and
+generic_aton() to have an ipv4/ipv6 inet_aton() function. IPv6 support
+should be completed, yeah!
+    Added max_ls_depth and max_ls_files globals and changed listdir()
+prototype to abort if we went to deep into the directory tree. Added -L
+option.
+    Added allow_anon_mkdir global.
+    New function fortune() to display a random line of a text file. It
+uses mmap() and should be very fast. A new global fortunes_file stores NULL
+(no cookie) or the cookies file name. Added '-F' to set the file name.
+
+* Version 0.95.2 :
+    Changed 'ls' format to add one space to the size format and the size
+is now casted to unsigned long long.
+    Implemented STOU and ALLO.
+    Implemented APPE. The dostor() prototype was changed to accept an
+'append' parameter to 'restart' according to the current file size.
+    Added '-e' flag to only accept anonymous users (anon_only global,
+checked in douser()).
+    Reverted the previous capabilities change. CAP_SYS_CHROOT can be safely
+dropped, but we have to call drop_login_caps() later in dopass().
+    Updated man page (list of supported commands and minor typo fixes).
+
+* Version 0.95.1 :
+    Daemons.c : only counts sockets in CONNECTED state (1). So that
+listening sockets are implicetely ignored and closing sockets aren't
+creating false counts.
+    Capabilities : we need CAP_SYS_CHROOT even after login to properly
+handle the -a flag.
+    Removed 'md5' in the PAM example.
+    Ignore type (ASCII/8 bits) if broken == 0, always do 8 bits by default.
+
+* Version 0.95 (final) :
+    Changed the PAM sample file (pam_pwdb->pam_unix) to please more
+Linux distributions.
+    Fixed getpwnam() NULL pointer dereferencement when user didn't exist.
+    Changed passive mode acknowledgement to "227 Entering Passive Mode" to
+please Netfilter's ip_conntrack_ftp module.
+    Added SPSV command.
+    Added XCWD and XCUP aliases.
+    Disallow PORT commands to ports < 1024.
+    Various source code cleanups.
+    Really reset restart offset to 0 when offset is too large for a file size.
+    Paranoia : disallow '\' characters when dot-files aren't allowed.
+    Added quotas (quota_upload, quota_download, quota_for_non_anon, -Q/-q
+flags, autoconf QUOTAS macro) .
+    Paranoia : check every (v)snprintf() return value.
+    PAM is now disabled by default in autoconf. Spec file was updated to
+reflect the change.
+    LDAP support. Added the log_ldap* files and a wrapper for getpwnam.
+    Cleaned the doc format (tabs).
+    Disallow EPSV in broken compatibility mode (-b).
+    Added a generic basic parser (parser.*), currently only used for LDAP.
+    Disallow command-line options whose support isn't compiled-in.
+    Documented Xinetd configuration and the Netfilter troubles.
+    Added a check for the 'gauge' typo instead of 'gauge' on some old Dialog
+versions.
+
+* Version 0.95-pre4 :
+    Added a Dialog GUI for easy compilation.
+    Version number is now displayed in the main banner.
+    Added alarm signals to timeout everywhere.
+    Check if peer structure is filled after accept() system call.
+    Implemented SITE HELP.
+    Updated spec file.
+    Added dot_ok and checknamesanity() to forbid ".xxx" uploads to
+non-chrooted users and anonymous users.
+
+* Version 0.95-pre3 :
+    Changed error handling for restart (REST) command to please CuteFTP
+and LeechFTP.
+    Fixed a typo in the autoconf script (--with-throttling) .
+    Simplified dopass().
+    Added tapping delay in dopass() and MAX_PASSWD_TRIES macro.
+    Disabled IPv6. It will be enabled anew when full support will be
+implemented (not only 4-in-6).
+
+* Version 0.95-pre2 :
+    Upgraded to autoconf 2.49c and automake 1.4b .
+    Built binary packages : Debian, RPM and Slackware.
+    
+* Version 0.95-pre1 :
+    Added some paranoid bounds checking.
+    Support for bandwidth throttling. See throttling_delay (time we
+should usleep() for between each packet or command) and global 'throttling'.
+    Upload should not be limited to a 16k window : adjust receive to the
+size of 'window' (defaults to 51200. Should we have it default to
+CONF_TCP_SO_RCVBUF?) .
+
+* Version 0.94 :
+
+    Fixed cap_free() calls (needs a pointer).
+    Added CAP_DAC_READ_SEARCH (for initial user home directory chdir) to
+the startup capabilities. Also added CAP_NET_ADMIN (to allow setting TOS) to
+the login capabilities.
+    Added SITE CHMOD support.
+    
+* Version 0.93 :
+
+    Support for the FXP protocol.
+
+* Version 0.92 :
+
+    LeechFTP (a popular Zindoz client) does a "REST 1" in ASCII mode
+after logging in. Well, maybe this violates RFC, but let's add a workaround
+(see dorest() / STRICT_REST) . Thanks to _PinG_ <ping at enjoy-unix.org> for
+reporting that kludge.
+    Syslog identity changed to "pure-ftpd".
+    Added noopidle (time_t of the first NOOP) and idletime_noop (maximum
+idle time with nothing but NOOP from the client) . idletime_noop defaults to
+1.5 * idletime.
+    Shortened the default idle time to 900 seconds.
+    Idle time is now in minutes if >= 120 sec.
+
+* Version 0.91 :
+
+    Updated credits.
+    Use TCP_CORK.
+    Explicit super-server requirement notification. 
+    Changed daemons() prototype to accept a port number to look for.
+ftpd.c and mrtginfo.c were updated to reflect the change. Global
+server_port now stores the real port the connection socket was bound to.
+    Updated man pages.
+
+* Version 0.90 : 
+
+    Initial release.

EVSE/GPL/pure-ftpd-1.0.49/FAQ

@@ -0,0 +1,902 @@
+
+                         FREQUENTLY ASKED QUESTIONS
+                         
+             --------------------------------------------------
+
+
+* Users can delete root-owned files?
+
+-> I have a directory owned by 'john', but I've put some files owned by
+'root' (or another user) in it. However, I noticed that John can delete
+these files!
+
+Yes, this is the standard Unix behavior: the owner of a directory can do
+whatever he likes to do in his directory, regardless of who owns the file in
+it. If you want to have immutable files, check for such a feature in your
+operating system.
+
+For instance, on Linux filesystems, "chattr +i <file>" does the trick.
+On BSD systems, try "chflags schg <file>" .
+
+
+
+* Directories shared by multiple users.
+
+-> I have a "public" directory. All users can download and upload files
+from/to this directory. Permissions are 777 on it. But user 'john' can
+delete files owned by user 'joe'. How to prevent this?
+
+Put the sticky bit on that directory: chmod 1777 public. That way, the
+directory remains public (read/write), but people can only delete files they
+own.
+
+
+
+* Restricting directory visibility.
+
+-> I want that people only see their home directory and their own files. I
+don't want them to look at my systems files.
+
+This feature is called "chroot". You can enable this by running pure-ftpd
+with the "-A" switch to do this with ALL your users (but root) .
+
+You can alternatively use "-a <gid>" to have a "trusted group". Everyone
+will be caged, EXCEPT members of that group.
+
+Don't use -a <gid> and -A together.
+
+Another way is to selectively choose what users you want to chroot. This can
+be done with the /./ trick (see the README file about this) or with virtual
+users.
+
+
+
+* Shared directories and chroot.
+
+-> I have a directory, say /var/incoming, that I want to be shared by every
+user. But I want my users to be chrooted. So /var/incoming should be visible
+in 'joe' and 'john' accounts, but those are chrooted. So, how to have the
+content of /var/incoming visible in these accounts?
+
+Making a symbolic link won't work, because when you are chrooted, it means
+that everything outside a base directory (your user's home directory) won't
+be reachable, even though a symbolic link.
+
+But all modern operating systems can mount local directories to several
+locations. To have an exact duplicate of your /var/incoming directory
+available in /home/john/incoming and /home/joe/incoming, use one of these
+commands:
+
+* Linux   : mount --bind /var/incoming /home/john/incoming
+            mount --bind /var/incoming /home/joe/incoming
+
+* Solaris : mount -F lofs /var/incoming /home/john/incoming
+            mount -F lofs /var/incoming /home/joe/incoming
+
+* FreeBSD : mount_null /var/incoming /home/john/incoming
+            mount_null /var/incoming /home/joe/incoming
+
+Another alternative is to compile Pure-FTPd with --with-virtualchroot as a
+./configure option. With virtual chroot, symbolic links pointing outside a
+chroot jail *are* followed.
+
+Binary packages are compiled with this feature turned on.
+
+
+* Tar and/or gzip on the fly
+
+-> Is it possible to use a command like "get directory.tar" as with Wu-FTPd
+? (Sven Goldt)
+
+Unfortunately, no. Server-side gzip/tar creation is not a present nor a
+planned feature. It has been responsible of severe security flaws in Wu-ftpd
+and BSD ftpd, it can take a lot of server resource (denial-of-service) and
+it's a pain to set up (chrooted environment => need to add /etc /lib /bin
+directories, /dev on some platforms, etc) .
+
+
+
+* How to restrict access to dot files ?
+
+-> Is there an option to prevent people from accessing "." files/dirs (such
+as .bash_history, .profile, .ssh ...) EVEN if they are owned by the user ?
+(William Kern)
+
+Yes. '-x' (--prohibitdotfileswrite) denies write/delete/chmod/rename of
+dot-files, even if they are owned by the user. They can be listed, though,
+because security through obscurity is dumb and software shouldn't lie to
+you. But users can't change the content of these files.
+
+Alternatively, you can use '-X' (--prohibitdotfilesread) to also prevent
+users from READING these files and going into directories that begin with
+"." .
+
+
+
+* Log files
+
+-> Where does logging info go ? How to redirect it to a specific file ? How
+to suppress logging ?
+
+Log messages are sent to the syslog daemon. The syslog daemon is often
+called syslogd or syslog-ng. He's in charge of dispatching logging events
+from various programs to log files, according to a "facility" (category) and
+a "priority" (urgency: debug, info, warning, error, critical...) .
+
+Pure-FTPd logging messages are send with the "ftp" facility by default (or
+"local2" on some older systems without the "ftp" facility) . Unless you told
+the syslogd to redirect messages with the "ftp" facility to a specific file,
+the messages will be merged into /var/adm/messages, /var/log/messages,
+/var/adm/syslog or /var/log/syslog.
+
+Check /etc/syslogd.conf. You should have a line like:
+
+*.*;mail.none;news.none -/var/log/messages
+
+just add ftp.none:
+
+*.*;ftp.none;mail.none.news.none -/var/log/messages
+
+And if you want FTP info go in a specific file, just add:
+
+ftp.* /var/log/ftp
+
+and all FTP messages will go in /var/log/ftp . And only there.
+
+The facility can be changed if you add the -f <facility> option to pure-ftpd
+(or --facility=<facility>) .
+To completely disable logging, use -f none (or --facility=none) . If you
+don't read your log files, it's recommended: it will improve performance
+and reduce disk I/O.
+
+
+
+* How to prevent your partitions to be filled
+
+-> Is it possible to forbid new uploads when the disk is almost full ?
+(Cyberic)
+
+Use the "-k" (--maxdiskusagepct) flag. If you add -k 95 , no new upload can
+occur if your partition if more than 95% full.
+
+
+
+* Firewalling
+
+-> My FTP server is behind a firewall. What ports should I open?
+
+First, you have to open port 21 TO the FTP server. You also have to allow
+connections FROM (not to) ports <= 20 (of the FTP server) to everywhere.
+That's enough to handle the "active" mode. But that's not enough to handle all
+types of clients. Most clients will use another mode to transmit data called
+'passive' mode. It's a bit more secure than 'active' mode, but you need to
+open more ports on your firewall to have it work.
+
+So, open some ports TO the FTP server. These ports should be > 1023. It's
+recommended to use at least twice the max number of clients you are
+expecting. So, if you accept 200 concurrent sessions, opening ports 50000 to
+50400 is ok.
+
+Then, run pure-ftpd with the '-p' switch followed by the range configured in
+your firewall. Example: /usr/local/sbin/pure-ftpd -p 50000:50400 &
+
+Unlike some popular belief, the MORE opened ports you have for passive FTP,
+the MORE your FTP server will be secure, because the LESS you are vulnerable
+to data hijacking.
+
+If your firewall also does network translation (NAT), you have to enable
+port forwarding for all passive ports.
+
+On the client side, if a client if behind a firewall, that firewall must
+understand the FTP protocol. On Linux firewalls (iptables), just load
+the ip_conntrack_ftp and ip_nat_ftp modules. On OpenBSD, ISOS and
+FreeBSD 5 firewalls (PF), redirect all traffic to port 21, to ftp-proxy.
+
+
+
+* Unable to log in (unix authentication)
+
+-> I'm using simple Unix authentication. No PAM, no puredb, no MySQL, no
+LDAP. Anonymous FTP works, but I can't log in as any other user. It keeps
+saying "authentication failed".
+
+To log in, the shell assigned to your users must be listed in the
+/etc/shells file. The exact path should be there, even for fake shells like
+/etc or /bin/true.
+
+Also double check that you have a carriage return after the last line in
+/etc/shells.
+
+
+
+* Network filesystems.
+
+-> I have a strange problem on Linux or FreeBSD. Uploading a file works
+fine, but downloading a file only create 0-byte files. On the server, these
+files are on NFS/Novell shares/Appletalk shares/Coda/Intermezzo/SMB volumes.
+
+By default, pure-ftpd uses zero-copy networking in order to increase
+throughput and reduce the CPU load. But zero-copy doesn't work with all
+filesystems, especially network filesystems.
+
+You have to disable zero-copy if you want to serve files from a network FS
+or from a TMPFS virtual disk.
+
+To disable zero-copy, recompile pure-ftpd with ./configure --without-sendfile
+
+
+
+* Solaris and chroot.
+
+-> When I ftp to my Solaris server, I get this as an answer to 'ls':
+"425 Can't create the data socket: Bad file number."
+
+On Solaris, to get chroot to work with pure-ftpd you need a dev directory
+in your new rootdir with these:
+
+crw-rw-rw-   1 root     other     11, 42 Dec 10 15:02 tcp
+crw-rw-rw-   1 root     other    105,  1 Dec 10 15:02 ticotsord
+crw-rw-rw-   1 root     other     11, 41 Dec 10 15:03 udp
+crw-rw-rw-   1 root     other     13, 12 Dec 10 15:03 zero
+
+(Reported by Kenneth Stailey)
+
+
+
+* Upgrading.
+
+-> Can anyone explain how to update Pureftpd (from source), without having
+to change all my settings etc. (Simon H)
+
+1) get the source code and unpack it. 
+2) ./configure it with your favorite options 
+3) make 
+4) rm -f /usr/local/sbin/pure-ftpd 
+5) make install-strip 
+6) if you run pure-ftpd from inetd,tcpserver,xinetd, etc: nothing left to do. You have it upgraded. 
+7) if you run it standalone, stop the server: 
+                     kill $(cat /var/run/pure-ftpd.pid)
+then launch it again: 
+                         /usr/local/sbin/pure-ftpd &
+                         
+
+
+* FTP over SSH.
+
+-> How to run Pure-FTPd over SSH? I want to encrypt all connection data
+(including passwords) .
+
+FTP-over-SSH is a nice alternative over FTP-over-TLS (impossible to securely
+firewall) and SFTP (which is slower, but only uses one port) .
+
+Customers using Windows can use FTP-over-SSH with the excellent Van Dyke's
+SecureFX client (http://www.vandyke.com) . It doesn't require any special
+knowledge: just tell your customer to check "FTP-over-SSH2" in the
+"Protocol" listbox when creating an account for your FTP server.
+
+On the server side, here's how to manage FTP-over-SSH accounts:
+
+1) Add /usr/bin/false to your /etc/shells file (on some systems, it's
+/bin/false) .
+
+2) To create a FTP-over-SSH account, create a system account with /dev/null
+as a home directory and /usr/bin/false as a shell. You don't need a
+dedicated uid: the same uid can be reused for every FTP-over-SSH account.
+
+3) Create a virtual user account for that user (either with PureDB, SQL or
+LDAP) . Give that virtual user a real home directory and only allow
+connections coming from 127.0.0.1 (all FTP-over-SSH sessions will come from
+localhost, due to SSH tunneling) .
+
+People with no home directory (/dev/null) and no valid shell
+(/usr/bin/false) won't be able to get a shell nor to run any command on your
+server. But they will be granted FTP-over-SSH sessions.
+
+Here are examples (Linux/OpenBSD/ISOS commands, translate them if necessary) .
+
+1) Creating a regular FTP account:
+
+pure-pw useradd customer1 -m -d /home/customer1 -u ftpuser
+
+2) Creating a FTP-over-SSH account (non-encrypted sessions are denied):
+
+useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer2
+pure-pw useradd customer2 -m -d /home/customer2 -u ftpuser -r 127.0.0.1/32
+
+3) Creating an account who can use regular (unencrypted) FTP from the
+internal network (192.168.1.x), but who must use FTP-over-SSH when coming
+from an external network (internet):
+
+useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer3
+pure-pw useradd customer3 -m -d /home/customer3 -u ftpuser \
+        -r 127.0.0.1/32,192.168.1.0/24
+
+
+
+* Virtual users: /etc/pureftpd.pdb .
+
+-> I made changes to /etc/pureftpd.passwd but the server doesn't understand
+them: I can't access any account I just created.
+
+The server never reads /etc/pureftpd.passwd directly. Instead, it reads
+/etc/pureftpd.pdb (or whatever file name you gave after -lpuredb:...) .
+
+This file is a copy of /etc/pureftpd.passwd, but in a binary format,
+optimized for fast lookups.
+
+After having made a manual change to /etc/pureftpd.passwd, you must rebuild
+/etc/pureftpd.pdb with the following commands:
+
+pure-pw mkdb
+
+If you add/delete/modify user accounts with pure-pw useradd/usermod/userdel/
+passwd, don't forget the '-m' option to automatically rebuild
+/etc/pureftpd.pdb and not only update /etc/pureftpd.passwd .
+
+
+
+* Giving access to dot-files.
+
+-> I don't want my users to read files beginning with a dot. Except one file
+I'd like to give 'John' read (and maybe write) access to.
+
+Create a symbolic link in John's account, pointing to the dot-file. Example:
+
+ln -s .bashrc bashrc
+
+John will be able to access ".bashrc" through the symbolic link, "bashrc".
+
+
+
+* Initial banner.
+
+-> How do I display a customized message before the login prompt?
+
+Compile with --with-cookie and run the server with -F <file name> . In that
+file, put a nice customized banner message.
+
+
+
+* Internet Explorer.
+
+-> Internet Explorer doesn't show any login box.
+
+IE does a very strange trick to detect whether an FTP server does accept
+anonymous connections or not. Basically, it connects to the server and logs
+in as 'anonymous'. But if you say 'no' at this point, it drops the
+connections with an error. You have to say 'ok, anonymous users are
+allowed' and then, when a dummy password ('IE@') is sent, you say 'ah
+ehm... finally... no... anonymous users aren't allowed' . Silly. To play
+that game, you must run pure-ftpd with the -E (non-anonymous server) and -b
+(compatibility with broken clients) flags. Then, the magic popup will show
+up. But please note that IE (and browsers at large) are usually bad FTP
+clients.
+
+-> Internet Explorer doesn't want to log in. (Matthew Enger)
+
+Check that the max number of connections (either per user or per IP) is at
+least 2. IE needs two connections to connect to an FTP server.
+
+
+
+* Passwords and pure-pw scripting.
+
+-> I would like to create virtual users with a shell-script.  if i us
+pure-pw useradd ..... it always asks for the new password. is there any
+command-line option which tells pure-pw the password (like useradd ftp-user
+ftp-password -m) ? (at1ce) .
+
+Giving cleartext (and badly one-way hashed) passwords through command-line
+switches is a bad idea. Because users could issue a simple 'ps' command and
+discover these passwords.
+
+One way to enter a password (not from the keyboard) is to put the password
+twice in a temporary file, then redirect that file to stdin. Example:
+
+pure-pw useradd john -d /tmp/john -u ftpuser -m < ~/tmp/passfile
+
+And in ~/tmp/passfile, have something like:
+
+john's password
+john's password
+
+If you really need to avoid a temporary file and if nobody but you can log
+on the machine, you can always do this:
+
+(echo blahblah; echo blahblah) | pure-pw useradd john -d /tmp/john -u ftpuser
+
+
+
+* Altlog and pure-uploadscript don't work.
+
+-> pure-uploadscript doesn't run anything. Alternative logging methods (CLF,
+stats, W3C...) create a logfile, but it always stays empty.
+
+Maybe your operating system has a buggy realpath() implementation. Some
+old Solaris and Linux versions are known to have such a bug.
+Try to recompile pure-ftpd, but run ./configure with the --with-brokenrealpath
+switch first.
+
+
+
+* The server starts, but doesn't listen to any port?
+
+-> The server is properly running, I see it in the process list, but any try
+to connect to the configured port (or port 21 by default) fails. The socket
+isn't even open.
+
+Check two things :
+
+- If you are running a BSD system and you want to listen to IPv4 addresses,
+check that the "-4" switch ("IPV4Only" in config file) is enabled.
+
+- If you upload script are enabled ("-o", or "CallUploadScript"), make sure
+that the pure-uploadscript is started. Or the FTP server will actually wait
+until pure-uploadscript is actually ready to process new uploads. If you don't
+need the uploadscript facility, remove "-o".
+
+
+
+* Double slash.
+
+-> Why do I see double slashes in log files? For instance, the path of a
+downloaded file looks like /home/john//pictures/zok.jpg .
+
+'//' is a symbol for the limit of the chroot jail. In that example, it means
+that John is caged in /home/john/ .
+
+
+
+* ftpwho as a non-root user.
+
+-> How do I give access to the 'pure-ftpwho' command to non-root users?
+
+The 'pure-ftpwho' command is restricted to root by default, because users
+probably shouldn't be given the ability to spy what other users are doing on
+the same host. However, it's safe to put the setuid bit on that command, in
+order to have it work as any user:
+
+                   chmod 4711 /usr/local/sbin/pure-ftpwho
+
+
+
+* Changing bandwidth throttling on-the-fly.
+
+-> Is it possible to change the bandwidth allocated to a user during a
+transfer, so that the change takes place immediately?
+
+Unfortunately, no. Or at least not at pure-ftpd level. Doing so would need
+to re-read user's parameters all the time and it would be horribly slow.
+Other mechanisms would work, like signals to interrupt transfers, re-read
+parameters, then resume. But it would introduce a lot of complexity to the
+code.
+
+If you're using a modern operating system like OpenBSD, ISOS or Linux,
+your kernel already includes a fair TCP/IP traffic shaper. And because it
+works at kernel-level, you can easily change the bandwidth allowed to IPs or
+services on-the-fly. Have a look at pf.conf(5) OpenBSD, ISOS and FreeBSD 5,
+and at tc (or read the Linux networking HOWTO) on Linux.
+Also see the 'Global bandwidth limitation' section later in this document.
+
+
+
+* KERBEROS_V4 rejected as an authentication type.
+
+-> It works and I can log in, but I receive these strange error messages at
+log in, even in a non-chrooted environment: 
+
+220 FTP server ready. 
+502 Security extensions not implemented 
+502 Security extensions not implemented 
+KERBEROS_V4 rejected as an authentication type 
+
+Why and what do they mean?
+
+This is a Linux-specific instllation issue. It means that your command-line
+FTP client isn't a normal one, but a Kerberos FTP client. You probably
+installed RPMs for Kerberos, although you don't use it.  These messages are
+harmless as Kerberos clients will fallback to normal FTP (after these
+errors), but you just have to deinstall Kerberos on your client host to have
+'ftp' work without these messages.
+
+
+
+* Wrong group ownership.
+
+-> I have a user called 'john' whose group is 'johngroup'. When John
+uploads a file, that one belongs to 'john', but to another group like
+'wheel' (whose John isn't a member of). What's wrong?
+
+This is a BSD standard behavior (verified on OpenBSD, ISOS, DragonflyBSD and
+FreeBSD): when a new file is created, the group is inherited from the parent
+directory. On other systems (like GNU/Linux), files are owned by the primary
+group of the user, unless the directory has the setgid bit set.
+
+If you want new files uploaded in John's directory to belong to group
+'johngroup', have that directory (and probably also subdirectories) belong
+to 'johngroup':
+
+chgrp -R johngroup /home/john
+
+
+
+* Compilation with MySQL.
+
+-> I can't compile with MySQL. ./configure says that MySQL libraries aren't
+properly installed.
+
+The libmysqlclient.so file should be in a path known by your dynamic linker.
+For instance, on a GNU/Linux system, add the path to libmysqlclient.so file
+(only the path, not the file itself) to /etc/ld.so.conf . Then, run
+'ldconfig' .
+
+
+
+* "Sorry, I can't trust you".
+
+-> When a user tries to log in, he gets "Sorry, I can't trust you". But his
+login/password pair is right. What wrong?
+
+That message can means two things:
+
+- The user has a shell that isn't listed in /etc/shells. You must add it,
+even if it's a fake shell like /bin/false . Also make sure that you have a
+carriage return after the last entry in /etc/shells.
+
+- You are using the -u <uid> option to deny access to users whose uid is
+below <uid> . But the user you are trying to log in as, has an uid in the
+forbidden range.
+
+
+
+* Customer-friendly configuration.
+
+-> What switches do you recommend to start the server, for an hosting service?
+
+Here's a good start:
+
+--chrooteveryone \
+--maxclientsperip=5 \
+--displaydotfiles \
+--noanonymous \
+--minuid=100 \
+--umask=022:022 \
+--limitrecursion=10000:3 \
+--customerproof
+
+
+
+* Anonymous FTP with virtual users.
+
+-> I successfully created a virtual user called 'ftp' or 'anonymous', but
+anonymous FTP doesn't work.
+
+Pure-FTPd never fetch any info from the virtual users backends (puredb,
+MySQL, LDAP, etc) for anonymous sessions. There are three reasons not to do
+so: - Speed: do we need to query a database just to get the anonymous
+user's home directory? We don't need to retrieve any password for anonymous
+sessions.
+     - Consistency: with the virtual hosting mechanism.
+
+To run an anonymous FTP server you must have a *system* account called
+'ftp'. Don't give it any valid shell, just a home directory. That home
+directory is the anonymous area.
+
+
+
+* A basic setup.
+
+-> I'm trying to set up a ftp server just for me and my family so we can get
+and upload files when on the road. How can I make two users, say Jane and
+Joe, who share the directory /home/ftp and /home/ftp/incoming. In /home/ftp
+they only have read privs. and in /home/ftp/incoming they have read and
+write privs.
+
+Add a group for all FTP users (not mandatory, but more secure):
+
+groupadd ftpgroup
+
+Add an uid for all FTP users (idem, not mandatory, but better):
+
+useradd -g ftpgroup -d /dev/null -s /etc ftpuser
+
+Now, let's create /home/ftp and /home/ftp/incoming:
+
+mkdir -p /home/ftp/incoming
+chown -R root:ftpgroup /home/ftp/incoming
+chmod -R 755 /home/ftp
+chmod -R 1775 /home/ftp/incoming
+
+Let's add Jane:
+
+pure-pw useradd jane -m -u ftpuser -d /home/ftp
+
+Let's add Joe:
+
+pure-pw useradd joe -m -u ftpuser -d /home/ftp
+
+Let's start the FTP server:
+
+/usr/local/sbin/pure-ftpd -lpuredb:/etc/pureftpd.pdb -H -B
+
+Everything should be ok now.
+
+For more info about how to create new users, change passwords, etc.:
+http://www.pureftpd.org/README.Virtual-Users
+
+
+
+
+* Slow pure-ftpwho or slow login.
+
+-> Sometimes, pure-ftpwho is slow to show the result. And sometimes, when an
+user logs in, the session stucks a bit before he can get a directory listing.
+
+This is probably caused by a slow DNS resolver. In order to display full
+host names, pure-ftpd has indeed to make DNS queries that can be slow if you
+link is slow, or if the client link is slow.
+
+You can speed up pure-ftpwho and pure-ftpd with the -H switch. Names won't
+be resolved, you will see IP addresses instead.
+
+
+
+* Chrooted users can follow symlinks outside the chroot jail?
+
+-> People can create symbolic links to '/' and escape their home directory!
+
+There are two chroot implementations in pure-ftpd:
+
+  - The traditional one, based upon your kernel chroot() system call. This
+is the default. With that one, symbolic links can only point inside the
+chroot jail, or they won't be followed.
+
+  - The 'virtual chroot' implementation. With that feature, users *can*
+follow all symbolic links, even when they don't point inside the jail. This
+is very handy to set up directories shared by multiple users. Binary
+packages are compiled with virtual chroot by default.
+
+To enable the virtual chroot feature when you are compiling the server, use
+the --with-virtualchroot with ./configure . If you want a restricted chroot,
+don't include --with-virtualchroot.
+
+Please note that the FTP server will never let people create new symbolic
+links. Symbolic links have to be already there to be followed. Or if your
+users can create symbolic links through Perl or PHP scripts, your hosting
+platform is really badly configured. People can install any web file
+browser, they don't need FTP to look at your system files. Recompile PHP
+without POSIX functions and run all Perl scripts chrooted.
+
+
+
+* How to start Pure-FTPd in background.
+
+-> I start 'pure-ftpd' from an X terminal and the server properly
+answers. However, as soon as I close the terminal, the server stops.
+
+This is a shell dependent issue. Your shell is configured to close all
+background jobs when leaving. You can change your shell options
+(probably with a 'set' directive) or detach background jobs with the
+'disown' keyword. Alternatively, you can just start pure-ftpd with the
+-B switch in order to have it detach at startup time:
+
+/usr/local/sbin/pure-ftpd -B
+
+
+
+* Windows command-line FTP client and 'ls'.
+
+-> With the command-line Windows FTP client, 'ls -la' doesn't return
+any file.
+
+The 'ls' command of an FTP client has nothing to do with the 'ls' command
+started from an Unix shell.
+
+With the command-line Windows client, typing 'ls' really sends the FTP
+command 'NLST'. So when you type 'ls -la', it doesn't mean 'verbosely
+list all files'. According to RFCs, it means 'list the file called -la' .
+So you get what you asked for. If no file is called '-la', you get nothing.
+
+If you want to play with regular expressions and switches, you should
+type 'dir' (which is translated to 'LIST') instead. 'dir -la' is ok.
+
+This is a bit illogical and that brain damage is specific to
+Microsoft's command-line FTP client.
+
+If you really want 'ls' to parse options, you can start pure-ftpd with
+the -b (broken) switch.
+
+
+
+* Global bandwidth limitation.
+
+-> How do I limit the *total* bandwidth for FTP?
+
+Pure-FTPd can limit bandwidth usage of every session. But limiting the total
+bandwidth is intentionally not implemented, because most operating systems
+already have very efficient algorithms to handle bandwidth throttling.
+
+Here's an example with Linux.
+
+1) Have a look at /proc/sys/net/ipv4/ip_local_port_range. You will see two
+numbers: this is the interval of local ports your Linux kernel will use for
+regular outgoing connections. The FTP ports you have to reserve for passive
+FTP must *not* be in this range. So if:
+"cat /proc/sys/net/ipv4/ip_local_port_range" returns "32768-61000", you can
+reserve ports 10000 to 20000 for your FTP server, but not 30000 to 40000.
+(alternatively, you can change the local port range) .
+
+2) Change the first lines and save the following script:
+
+  ---------------------------- Cut here ----------------------------
+  
+#! /bin/sh
+# Simple bandwidth limiter - <j at pureftpd.org>
+
+# Change this to your link bandwidth
+# (for cable modem, DSL links, etc. put the maximal bandwidth you can
+# get, not the speed of a local Ethernet link)
+REAL_BW='10Mbit'
+
+# Change this to the bandwidth you want to allocate to FTP.
+# We're talking about megabits, not megabytes, so 80Kbit is
+# 10 Kilobytes/s
+FTP_BW='80Kbit'
+
+# Change this to your physical network device (or 'ppp0')
+NIC='eth0'
+
+# Change this to the ports you assigned for passive FTP
+FTP_PORT_LOW="10000"
+FTP_PORT_HIGH="20000"
+
+tc qdisc add dev "$NIC" root handle 1: cbq \
+bandwidth "$REAL_BW" avpkt 1000
+
+tc class add dev "$NIC" parent 1: classid 1:1 cbq bandwidth "$REAL_BW" \
+rate "$REAL_BW" maxburst 5 avpkt 1000
+
+tc class add dev "$NIC" parent 1:1 classid 1:10 cbq \
+bandwidth "$REAL_BW" rate "$FTP_BW" maxburst 5 avpkt 1000 bounded
+
+tc qdisc add dev "$NIC" parent 1:10 sfq quantum 1514b
+
+tc filter add dev "$NIC" parent 1: protocol ip handle 1 fw flowid 1:10
+
+iptables -t mangle -A OUTPUT -p tcp --sport 20:21 -j MARK --set-mark 1
+
+iptables -t mangle -A OUTPUT -p tcp \
+--sport "$FTP_PORT_LOW":"$FTP_PORT_HIGH" -j MARK --set-mark 1
+
+  ---------------------------- Cut here ----------------------------
+  
+3) Make sure that you have the 'tc' command installed. If your Linux distro
+doesn't ship 'ip' and 'tc' commands, it really sucks and you must install a
+package called 'iproute2' to get them.
+
+4) Start Pure-FTPd with the passive port range you assigned:
+
+/usr/local/sbin/pure-ftpd -p 10000:20000 -HBA
+
+5) Run the script you created in step 2. It it doesn't work, check that QOS
+support was compiled in your Linux kernel.
+
+6) Enjoy :)
+
+Also have a look at :
+http://www.docum.org
+http://www.shorewall.net/traffic_shaping.htm and
+http://talk.trekweb.com/~jasonb/articles/linux_tc_minihowto.shtml
+
+
+* Linux, NTFS and Pure-FTPd.
+
+-> On Linux, I can't transfer files from an NTFS partition.
+
+Keep in mind that the NTFS filesystem is still an experimental beast in
+Linux. Some basic operations are not implemented yet. Fortunately, a big
+effort is being made and Linux 2.5 has a new NTFS implementation that fully
+works with Pure-FTPd (try ./configure --without-sendfile, though) . And it
+is more reliable and really faster than the old one. And even more
+fortunately, the new NTFS implementation has been backported to recent 2.4.x
+kernels. Have a look at http://linux-ntfs.sf.net/ .
+
+
+
+* Slowdowns and lags.
+
+-> Some users complains that transferring large files doesn't work. Transfers
+are starting as expected, with a decent rate. But then, the speed dramatically
+decreases, there are some serious lags and they often must disconnect (or the
+client force them to do it, after a timeout) . The server is behind a firewall
+that filters incoming ICMP, but let FTP ports in.
+
+Don't, don't, don't filter ICMP. At least not blindly without understanding
+what you are filtering. ICMP is part of the TCP/IP specifications. Filtering
+it can have nasty side effects with no real win. If you even filter ICMP types
+3 and 4, your firewall is definitely broken and this is probably why you have
+such troubles with transfers of large files.
+
+Please read these documents about ICMP filtering :
+http://www.phildev.net/mss/index.html
+http://alive.znep.com/~marcs/mtu/
+http://www.freelabs.com/~whitis/isp_mistakes.html
+
+Also some hardware routers don't properly handle window scaling. Try
+to turn it off, for instance on Linux:
+sysctl -w net.ipv4.tcp_window_scaling=0
+sysctl -w net.ipv4.tcp_bic=0
+
+
+
+* Firewalls and TLS.
+
+-> My client is behind a stateful firewall doing applicative filtering (like
+IPTables with ip_conntrack_ftp or ip_nat_ftp) . Connections to an TLS
+enabled server doesn't work. Authentication works, but I'm unable to download
+files nor list directories.
+
+First, try to force your client to use the passive mode. In active mode, the
+server has to connect to the client (or the NAT gateway) on a dynamic port
+that is negotiated on the connection socket. But when TLS is used, that
+connection socket is encrypted, therefore no man-in-the middle can see what
+ports will be used to transfer data, including the firewall. There are some
+proposals to work around this problem, but neither popular clients nor common
+firewalls are aware of these tricks. Therefore, use the passive mode or switch
+to SSH.
+
+
+
+* TLS and error 00000000.
+
+-> My TLS-enabled client doesn't work. It outputs something like :
+"SSL connect: error:00000000:lib(0):func(0):reason(0)". What does it mean?
+
+This error is not very explicit. You get it from some Unix clients like LFTP.
+It actually means that there is a firewall or a NAT box between a TLS-enabled
+server and a TLS-enabled client, but that firewall is unable to handle
+encrypted FTP sessions. Unfortunately, there's no simple workaround against
+this. Try to switch your client to active mode and use 1:1 NAT, but TLS,
+firewalls and FTP don't mix very well.
+
+
+
+* Slow TLS operations.
+
+-> When clients connect with TLS encryption, listing directories and
+downloading files are slow operations. Nothing happens after a command is
+sent, things only start moving after a 5 secondes delay.
+
+Check the host name of your certificate. It should be a fully-qualified host
+name and if possible, it shouldn't be a CNAME entry.
+
+Also check your DNS cache servers.
+
+
+
+* Files getting renamed automatically
+(submitted by C. Jon Larsen)
+
+-> Sometimes when files get uploaded they are getting renamed to something
+like "pureftpd.3f3300d2.33.0001". What is causing this ?
+
+The ftp client that is being used to upload the files is using the STOU (Store
+Unique) FTP command instead of the STOR FTP command. If you check the ftp
+logfile you should see something like this in the logs:
+
+(user@a.b.c.d) [DEBUG] Command [stou] [file_name_from_the_client.ext]
+/var/ftp/ftpcustomer/pureftpd.3f3300d2.33.0001 uploaded (218168 bytes,
+127.79KB/sec)
+
+The STOU command tells the ftp client to begin the transmission of the file to
+the remote site; the remote filename picked by the ftp server will be unique
+within in the current directory that the ftp client is using. The response
+from the server will include the filename.
+
+The ftp client has an option like "create unique files" or "upload file with a
+temporary name" enabled. You should have the ftp user uncheck this option.
+
+Trying to disable the STOU command on the server side is not a good idea or
+solution as some ftp clients will use STOU to upload a file with the
+temporary, unique name, and then rename the file once the upload is complete.
+This helps prevent failed uploads from leaving partial files around.

EVSE/GPL/pure-ftpd-1.0.49/HISTORY

@@ -0,0 +1,48 @@
+Troll-FTPd is a nice FTP server coded by Arnt Gulbrandsen <agulbra at troll.no>
+from Troll Tech. Despite his lack of popularity, it has always been a very
+good project, coded with the following requirements in mind :
+
+- No useless bloat,
+- No external command calls (source of most security flaws)
+- RFC standards conformance,
+- Easy to set up,
+- User friendly,
+- Secure.
+
+The official repository for this piece of software is
+ftp://ftp.troll.no/freebies/ftpd/ .
+
+People who tried Troll-FTPd usually kept it and used it in production
+servers for years without any problem. Alternatively, WU-FTPd, ProFTPd,
+BeroFTPd and many others have had serious security and reliability issues,
+and system administrators had to always watch for patches and new releases
+to ensure a good nights sleep.
+
+Troll-FTPd was often considered for inclusion in secure distributions, but
+the project was't actively maintained. Release 1.25 is dated 03/1999 and has
+been made with help from Janos Farkas, cmj at localnet.com, August Fullford and
+Ximenes Zalteca. Troll-FTPd 1.26 was released two years after, just to fix
+minor bugs. Arnt said that there won't be any other release unless he ever
+moves to IPv6.
+
+This is why I started to collect various unofficial patches over the internet,
+merged them (and it wasn't painless), added my own ones, cleaned up the code,
+audited it, repackaged it, rewrote the documentation... and the Pure-FTPd
+project was born.
+
+The first released version of Pure-FTPd was labeled 0.90 because I wanted
+some margin before 1.00, just to add missing features that prevent people
+from moving from other FTP servers. Also the documentation was in need for
+a full update before version 1.00 . It was based on Troll-FTPd 1.25, and
+changes from 1.26 were backported.
+
+Troll-FTPd 1.26 and earlier are vulnerable to a local root exploit
+(Troll-FTPd 1.27 was released later to fix it) . Pure-FTPd is not vulnerable
+to this, and it has never been. The fix was already applied to the first
+version of Pure-FTPd before the flaw was discovered and fixed in Troll-FTPd.
+
+Thanks to Arnt for his excellent job. The Pure-FTPd project would never have
+been started without it.
+
+
+                       -Frank DENIS "Jedi/Sector One" <j at pureftpd dot org>

EVSE/GPL/pure-ftpd-1.0.49/Makefile.am

@@ -0,0 +1,66 @@
+    
+doc_DATA = \
+	FAQ \
+	README.LDAP \
+	README.MySQL \
+	README.PGSQL \
+	README.Configuration-File \
+	README.Virtual-Users \
+	README.Authentication-Modules \
+	README.TLS \
+	README.MacOS-X \
+	pure-ftpd.conf \
+	pureftpd.schema \
+	pureftpd-ldap.conf \
+	pureftpd-mysql.conf \
+	pureftpd-pgsql.conf
+
+EXTRA_DIST = \
+	FAQ \
+	HISTORY \
+	Makefile.gui \
+	README.Authentication-Modules \
+	README.Configuration-File \
+	README.Donations \
+	README.LDAP \
+	README.MacOS-X \
+	README.MySQL \
+	README.PGSQL \
+	README.TLS \
+	README.Virtual-Users \
+	README.Windows \
+	THANKS \
+	pure-ftpd.conf \
+	pure-ftpd.png \
+	pureftpd-ldap.conf \
+	pureftpd-mysql.conf \
+	pureftpd-pgsql.conf \
+	pureftpd.schema
+
+SUBDIRS = \
+	puredb \
+	src \
+	man \
+	pam \
+	gui \
+	m4
+
+install-data-local:
+	@$(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
+	if [ -f $(DESTDIR)$(sysconfdir)/pure-ftpd.conf ]; then \
+		if cmp -s $(srcdir)/pure-ftpd.conf $(docdir)/pure-ftpd.conf; then \
+			echo "Configuration file unchanged"; \
+		else \
+			echo "The example configuration file [$(docdir)/pure-ftpd.conf] has been updated."; \
+			echo "You may want to compare it with the one at [$(DESTDIR)$(sysconfdir)/pure-ftpd.conf]."; \
+		fi; \
+	else \
+		$(INSTALL_DATA) $(srcdir)/pure-ftpd.conf $(DESTDIR)$(sysconfdir)/pure-ftpd.conf; \
+	fi
+
+uninstall-local:
+	@if cmp -s $(srcdir)/pure-ftpd.conf $(DESTDIR)$(sysconfdir)/pure-ftpd.conf; then \
+		echo "$(DESTDIR)$(sysconfdir)/pure-ftpd.conf has not changed and will be removed."; \
+		rm -f $(DESTDIR)$(sysconfdir)/pure-ftpd.conf; \
+		rmdir $(DESTDIR)$(sysconfdir) 2> /dev/null ||:; \
+	fi

EVSE/GPL/pure-ftpd-1.0.49/Makefile.gui

@@ -0,0 +1,2 @@
+all:
+	gui/build.sh

EVSE/GPL/pure-ftpd-1.0.49/NEWS

@@ -0,0 +1 @@
+See the ChangeLog file.

EVSE/GPL/pure-ftpd-1.0.49/README

@@ -0,0 +1,1906 @@
+
+                              .:. PURE-FTPD .:.
+                      Documentation for version 1.0.48
+
+
+           ------------------------ BLURB ------------------------
+
+
+Pure-FTPd is a fast, production-quality, standard-conformant FTP server,
+based upon Troll-FTPd.
+
+The server has been designed to be secure in default configuration, it has no
+known vulnerability, it is really trivial to set up and it is especially
+designed for modern kernels. It was successfully ported to Linux, FreeBSD,
+Dragonfly BSD, NetBSD, OpenBSD, OSX, AIX and more.
+
+Features include chroot()ed and/or virtual chroot()ed home directories,
+virtual domains, built-in 'ls', anti-warez system, configurable ports for
+passive downloads, FXP protocol, bandwidth throttling, ratios,
+LDAP / MySQL / PostgreSQL-based authentication, fortune files, Apache-like
+log files, fast standalone mode, text / HTML / XML real-time status report,
+virtual users, virtual quotas, privilege separation, TLS and more.
+
+
+      ------------------------ WHO'S USING IT? ------------------------
+
+
+Many people new to Unix are running Pure-FTPd because they find it easy to
+install. But that software is also used on embedded systems and highly loaded
+production servers, especially for hosting services.
+
+For large sites with centralized user management, Pure-FTPd provides flexible
+authentication schemes including SQL and LDAP backends, plus the ability to
+easily write new custom handlers in any language.
+
+
+        ------------------------ COMPILATION ------------------------
+        
+
+In its current form, Pure-FTPd uses some OS-specific system calls. And although
+some portability work has been done in order to ease its port to other
+operating systems, only Linux FreeBSD, NetBSD, OpenBSD, ISOS, MirBSD, BSDi,
+DragonflyBSD, Darwin, Solaris, Tru64, Irix, AIX and HPUX are known to work,
+other operating systems may need some tweaks. With Linux, any modern
+distribution should be ok.
+
+* Step 1 (optional but recommended):
+
+Create a specific, unprivileged user and group called _pure-ftpd, without any
+valid shell. Don't use this for anything else, including FTP virtual users.
+
+groupadd _pure-ftpd
+useradd -g _pure-ftpd -d /var/empty -s /etc _pure-ftpd
+
+If having a user whose name begins with an underscore is a no-go for you,
+you can also call it pure-ftpd, without the underscore.
+
+* Step 2:
+
+If you have Cdialog or Xdialog installed on your system, try the following
+command to build and install Pure-FTPd:
+
+make -f Makefile.gui
+
+If you don't have Cdialog or if you prefer the conventional way, here it is:
+
+./configure
+make install-strip
+
+Et voila! The software is now installed in /usr/local/sbin/pure-ftpd
+
+* Step 3:
+
+To launch the server, just type the following command:
+
+/usr/local/sbin/pure-ftpd &
+
+If you installed a binary package (RPM, SLP, Debian), maybe use the
+following command instead:
+
+/usr/sbin/pure-ftpd &
+
+Your server is ready. Just type 'ftp localhost' to test it. If you want to
+automatically run the server when the system boots, add the previous command
+to /etc/rc.d/rc.local or /etc/rc.d/boot.local . Don't forget the '&' sign.
+
+Note:
+
+To deinstall Pure-FTPd (no, do you really want to do this?), use:
+./configure
+make uninstall
+
+
+   ------------------------ ADVANCED COMPILATION ------------------------
+    
+    
+The "./configure" script accepts some arguments you might want to add before
+the compilation:
+
+
+
+/--------------------
+ "--with-" switches
+ --------------------/
+
+
+--with-altlog: in addition to the syslog output, support logging into a
+specific file, in an alternative format. Currently, the CLF, Stats, W3C and
+xferlog formats are implemented.
+CLF (common log format) is the basic format produced by Apache, WebFS, Roxen
+and most web servers. These log files only record file transfers and they can
+feed web statistic software (Analog, Webalizer, etc.) to analyze the load of
+your FTP server. The Stats format is a special output format, designed for log
+file analysis software. The W3C format is a standard format parsed by most
+commercial log analyzers (all analyzers with support for IIS should deal with
+it) . Xferlog is the traditional format created by wu-ftpd. Check the -O
+option later in this documentation for additional info.
+
+--with-brokenrealpath: some Solaris versions have a broken realpath()
+implementation. If altlog and/or pure-uploadscript doesn't seem to work
+properly on your system, try to recompile with this switch.
+
+--with-tls: enable TLS support. Read README.TLS for more about this feature.
+
+--with-certfile=<file>: the file with the TLS certificate (see README.TLS). The
+default is /etc/ssl/private/pure-ftpd.pem .
+
+--with-cookie: display a fortune or a customized banner when a user logs
+in (see the '-F' option) .
+
+--with-diraliases: support directory aliases ("shortcuts" for the "cd"
+command) . Please read the appropriate section about this (further in this
+manual) .
+
+--with-everything: build a big server with almost all features turned on:
+altlog, cookies, throttling, ratios, ftpwho, upload script, virtual users
+(puredb), quotas, virtual hosts, directory aliases, external authentication,
+Bonjour and privilege separation.
+
+--with-extauth: compiles support for external authentication modules. Please
+read README.Authentication-Modules and the pure-authd(8) man page before
+enabling this feature. Most users don't need it.
+
+--with-ftpwho: support for the 'pure-ftpwho' command. Enabling this feature
+needs some extra memory. Better use it when the server is run in standalone
+mode. It can be way slower in inetd mode.
+
+--with-language=english
+--with-language=albanian
+--with-language=german
+--with-language=romanian
+--with-language=french
+--with-language=polish
+--with-language=spanish
+--with-language=danish
+--with-language=italian
+--with-language=brazilian-portuguese
+--with-language=slovak
+--with-language=dutch 
+--with-language=korean
+--with-language=swedish
+--with-language=norwegian
+--with-language=russian
+--with-language=traditional-chinese
+--with-language=simplified-chinese
+--with-language=hungarian
+--with-language=catalan
+--with-language=czech: change the language of server messages.
+Default is english. If you want to contribute a translation, please
+translate the 'src/messages_en.h' file and send it to <j at pureftpd dot org> .
+
+--with-ldap: use the native LDAP directory support. When this option is
+enabled, system accounts can be bypassed. You need OpenLDAP to use that
+feature. If OpenLDAP is installed in a custom location, you can use the
+--with-ldap=<directory> syntax. See the README.LDAP file for more info about
+LDAP and Pure-FTPd.
+
+--with-minimal: to efficiently use features of modern FTP clients, Pure-FTPd
+implements the basics of the FTP protocol, with many extensions (SITE IDLE,
+SITE CHMOD, MLSD, ...) . Using the --with-minimal directive, these extensions
+won't be compiled in. Also, there will be no standalone server, no lookup for
+user/group names, no humor and no ASCII support. But the executable file size
+will be smaller than in a default installation. You need at least GCC 3.3 to
+compile with this option. Regular expressions are compiled in. If you still
+want to reduce the size, use --without-globbing in conjunction with
+--with-minimal. If you are building an embedded system, use this. In all other
+cases, to avoid complaints from customers (especially with Windows clients),
+forget this.
+
+--with-mysql: use the native MySQL support for users database. When this
+option is enabled, system accounts can be bypassed. MySQL client libraries
+should be installed to use that feature. If MySQL is installed in a custom
+location, you can use the --with-mysql=<directory> syntax. See the
+README.MySQL file for more info about MySQL and Pure-FTPd. 
+
+--with-nonroot: set up a server that doesn't need root privileges to be
+started. Any regular user can run the server. It can be useful if you have a
+limited shell access to a non-dedicated hosting server. But some features
+will be disabled and passwords can only be checked via LDAP, SQL or PureDB.
+When virtual chroot is enabled, people will be restricted to the directory
+the server was started in. This is an insecure mode, designed for setting up
+very temporary servers by regular (non-root) users. Port 2121 will be
+listened by default in standalone mode. If you want to use the nonroot mode,
+you must compile and *install* the software (./configure --prefix=... &&
+make install-strip) . /sbin, /bin and /man directories will be created in
+that prefix. But you must also add an /etc directory (readable and writeable
+by the user pure-ftpd will run as) . You can change the anonymous FTP root
+directory through an environment variable named FTP_ANON_DIR.
+
+--with-pam: use pluggable authentication modules. Don't use this option
+if your login/passwd pairs are always refused (but the real fix would be to
+fix your PAM configuration). You need to create a /etc/pam.d/pure-ftpd file
+to properly use the PAM authentication. The 'pam' directory contains an
+example of such a file.
+
+--with-paranoidmsg: favor paranoid messages over sysadmin-friendly
+messages. When this option is enabled, login failures will show the same
+message to the user, regardless of the source of the problem. Without this
+option, "Authentication failure" is displayed when this is a password
+problem and "Sorry, I can't trust you" is displayed when the user has been
+banned by the sysadmin.
+
+--with-peruserlimits: enable per-user concurrency limits. Avoid this
+on very loaded servers.
+
+--with-pgsql: use the native Postgres support for users database. When this
+option is enabled, system accounts can be bypassed. Postgres client libraries
+should be installed to use that feature. If Postgres is installed in a custom
+location, you can use the --with-pgsql=<directory> syntax. See the
+README.PGSQL file for more info about Postgres and Pure-FTPd. 
+
+--with-probe-random-dev: Pure-FTPd uses /dev/urandom or /dev/random devices
+to provide hardly-predicable random numbers. Presence of these devices are
+usually probed at compile-time. If you want to compile a binary package on
+a host, then run it on another host, this option will enable the probe at
+run-time. This is useless on Linux and BSD systems, but it can be needed on
+Solaris and QNX.
+
+--with-puredb: support virtual users, ie. a local users database,
+independent of your system accounts. Please read the README.Virtual-Users
+file for more info about virtual users.
+
+--with-quotas: enable virtual quotas. With virtual quotas, you can restrict
+the maximal number of files a user can store in his account. You can also
+of course restrict the total size. See the "quotas" section later in this
+document.
+
+--with-ratios: support upload/download ratios, to please w4r3z fr34k2.
+
+--with-sysquotas: support system quotas (not Pure-FTPd's virtual quotas) .
+
+--with-throttling: support bandwidth throttling (see below).
+
+--with-uploadscript: since 0.98, Pure-FTPd has a nice feature regarding
+uploads. Any external program or script can be automatically called after a
+successful upload. It needs another program installed by the Pure-FTPd
+package, called 'pure-uploadscript'. Check the man page for more info about
+this.
+
+--with-virtualchroot: usually, when a user is chrooted (-A and -a
+options), it's impossible to go out of his home directory. Enabling that
+feature makes it possible: symbolic links are always followed, even if they
+are pointing to directories not located in the user's home directory. This
+is very useful for having shared directories (for instance, have a symbolic
+link to /var/incoming in every home directory) .
+This feature isn't enabled by default.
+
+--with-virtualhosts: support virtual hosting. It means that you can have
+different anonymouns FTP areas for each IP address. If your server has only
+one IP address, you don't need that feature. But if you have multiple IP
+addresses and if you want a client that connects to IP xxx to get
+the content of /etc/pure-ftpd/xxx/ instead of ~ftp/ , enable this option.
+And read the the "VIRTUAL SERVERS" section at the end of this file.
+
+--with-welcomemsg: read 'welcome.msg' files for compatibility with some
+other FTP servers. This is a security flaw (anonymous users may upload
+'welcome.msg' files to add random banners) . Pure-ftpd uses '.banner' files
+by default.
+
+--with-boring: display boring "professionnal-looking" messages.
+
+--with-bonjour: enable Bonjour support on MacOS X (see the -v switch).
+
+--with-rfc2640: enable support for charset conversion. It adds a dependency
+over the iconv library and it requires a little more CPU time. See the -8
+and -9 switches.
+
+--with-implicittls: build a FTPS server (TLS is implicitly enabled).
+The protocol is incompatible with FTP and listens to another port by default
+(port 990, ftps). Never enable this option unless you know what you're doing.
+
+
+/-----------------------
+ "--without-" switches
+ -----------------------/
+
+--without-privsep: disable privilege separation (see notes about this later),
+not recommended.
+
+--without-ascii: does not support 7-bits transfers (ASCII) .  If you have
+customers using Windows clients to send scripts and HTML files, don't use
+this option or they will yell at you.
+
+--without-capabilities: if the capabilities library (libcap) is found,
+Pure-FTPd will try to use it in order to enhance security. This option
+overrides the test to ignore the library. Try this if capabilities don't
+work properly on your system. libcap can be downloaded from
+ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/ .
+
+--without-globbing: don't include the globbing code. It reduces the memory
+footprint but regular expressions won't work any more (things like 'ls
+*.rpm') . Most people shouldn't use --without-globbing. Globbing is a nice
+feature.
+
+--without-humor: if you find what this option does without peeking at the
+source code, you're a lucky guy!
+
+--without-inetd: if you will always be running Pure-FTPd in standalone-mode,
+enabling this flag can save a few code bytes. Don't enable --without-inetd
+and --without-standalone, because it's impossible to run a server without
+one of them. These options aren't enabled on binary distributions of
+Pure-FTPd, so that both inetd-like and standalone mode are supported.
+
+--without-iplogging: don't log any IP address to protect confidentiality,
+especially for political servers.
+
+--without-nonalnum: paranoid file name checking: only allow basic
+alphanumeric characters. Never enable this switch blindly, or your customers
+will complain.
+
+--without-unicode: disallow non-latin characters. Recommended if you don't
+have special characters in file names.
+
+--without-sendfile: on Linux, Solaris, HPUX and FreeBSD kernels, Pure-FTPd
+tries to reduce the CPU/memory usage by using a special system call (sendfile)
+. It works very well with most filesystems. However, this optimization is not
+implemented for all filesystems in current kernels. Users reported that
+downloading files with Pure-FTPd failed with SMBFS (Samba) on FreeBSD and
+TmpFS and NTFS on Linux (the error reported by the server is "broken pipe" or
+"Error during write to data connection") . If you are planning to serve files
+from these filesystems, you have to use the --without-sendfile switch to
+enable a workaround. It was also reported that PA-Risc Linux systems need this
+flag.
+
+--without-shadow: ignore the shadow passwords, even though they are
+auto-detected. Usually a bad idea, unless you use PAM, LDAP or SQL.
+Pure-FTPd support expiration dates of shadow passwords (both for accounts
+and passwords) .
+
+--without-standalone: the FTP server can normally run in standalone-mode
+(without any super-server) . If you don't need that feature and if you want
+to save few code bytes, add this option. A super-server such as xinetd
+or tcpserver will be mandatory to run the service. But the standalone mode is
+the recommended mode of operation.
+
+--without-usernames: never outputs user and group names in directory
+listings, only UIDs and GIDs. It improves security and performances, but
+some people find this not user-friendly.
+
+
+
+/--------------
+ Other notes
+ --------------/
+
+
+Other traditional autoconf options are of course recognised, in particular:
+
+- "--prefix=" to change the installation prefix, that defaults to "/usr/local/"
+
+- "--sysconfdir=" to change the configuration files directory (defaults to
+"/etc" unless you specified a prefix with --prefix)
+
+- "--localstatedir=" to change the runtime files directory (defaults to
+"/var" even if you specified a prefix with --prefix)
+
+FYI, the binary RPM packages of Pure-FTPd are configured with the following
+command line:
+
+./configure --with-everything --with-paranoidmsg --without-capabilities \
+            --with-virtualchroot
+
+RPM packages are also compiled with --without-pam to enhance their
+portability.
+
+
+  ------------------------ STANDALONE INSTALLATION ------------------------
+
+
+This is the recommended way to start the server.
+
+Unless you compiled the server with "--without-standalone", running the
+server is as easy as typing:
+
+/usr/local/sbin/pure-ftpd &
+
+In the following examples, we will assume that the 'pure-ftpd' file is
+located in /usr/local/sbin. This is the default if you compiled the server
+from the source code tarball. But as I said earlier in this document, if
+you installed a binary package (RPM, SLP, DEB, TGZ), the server maybe
+installed in /usr/sbin/. So just replace '/usr/local/sbin/pure-ftpd' with
+'/usr/sbin/pure-ftpd'.
+
+When the previous command is run, the server will listen for incoming
+connections on every interface, all IP addresses and the standard FTP port
+(21) . If your system has IPv6 addresses, they should work as well.
+
+Now, if you want to listen for an incoming connection on a non-standard port,
+just append '-S' and the port number:
+
+/usr/local/sbin/pure-ftpd -S 42
+
+Service names are also allowed ('-S smtp' and the daemon will be accepting
+connections on the SMTP port (25) . Very uncommon, but we should please
+everybody anyway, even disturbed minds) .
+
+Now, what if your system has many IP addresses and you want the FTP server
+to be reachable on only one of these addresses, let's say 192.168.0.42?
+Just use the following command line:
+
+/usr/local/sbin/pure-ftpd -S 192.168.0.42,
+
+The final comma is important, don't forget it. Actually, it's a shorthand for:
+
+/usr/local/sbin/pure-ftpd -S 192.168.0.42,21
+
+If you prefer host names over IP addresses, it's your choice:
+
+/usr/local/sbin/pure-ftpd -S ftp.example.com,21
+
+IPv6 addresses are of course supported.
+
+With previous command lines, the server will run in the default
+configuration. Anonymous FTP logins will be allowed if there's a system
+account called 'ftp' and every user of your system will be able to access
+the FTP server using their regular login/password pair.
+
+If you need to tweak that default configuration, other command-lines options
+can be added. For instance:
+
+/usr/local/sbin/pure-ftpd -c 50 &
+
+or
+
+/usr/local/sbin/pure-ftpd -S ftp.example.com,21 -c 50 &
+
+And only 50 simultaneous connections will be allowed. To discover what
+options are available please jump to the 'OPTIONS' chapter below. If the
+server runs perfectly for you in standalone mode, you don't need to read the
+following chapter about super-servers. But read the options. '-m' and '-C'
+are recommended. '-D' is also a good choice if you (or your customers) use
+broken clients. Please read on.
+
+When you run 'ps auxw|grep pure-ftpd', the result looks like this:
+
+root     15211  0.1  0.3  1276  452 ?        S    13:53   0:00 pure-ftpd [SERVER]
+root     15212  0.1  0.5  1340  672 ?        S    13:54   0:00 pure-ftpd [IDLE]
+root     15214  0.0  0.5  1340  672 ?        S    13:56   0:00 pure-ftpd [DOWNLOADING]
+
+[SERVER] is the main server. If you kill this process, the server will exit
+after the next connection.
+[IDLE] shows a client with no transfer activity.
+[DOWNLOADING] shows a client downloading a file.
+[UPLOADING] show a client uploading a file.
+
+For easy scripting, the file '/var/run/pure-ftpd.pid' is created and it
+always contains the PID of the main server process.
+
+If you want to stop the server, you can just kill the processes:
+
+pkill -x pure-ftpd
+
+Of course, don't use -9 unless the server is completely stuck. -9 doesn't
+let processes any chance to clean things up and should never be used except
+where there's absolutely nothing else to do.
+
+
+ ------------------------ SUPER-SERVER INSTALLATION ------------------------
+    
+    
+Pure-FTPd can also run with the help of a super-server, like telnet, wu-ftp,
+finger or Qmail. This is not recommended. If this is an option, start it in
+standalone mode instead. Using a super-server is usually slower than the
+standalone mode. But if you love tcpwrappers or built-in filtering abilities
+of your super-server, Pure-FTPd can cope with them.
+
+Unix has tons of super-servers: Inetd (the most common one), TCPserver,
+G2S, Xinetd, Rlinetd, ... Only the first three will be covered here, but
+integration with other super-servers should be painless.
+
+
+**** Usage with Inetd ****
+
+Important: if security matters for you, forget inetd. In the default
+configuration, inetd will stop a service after a high rate of connections to
+the same port. This creates an easy denial-of-service. Also, inetd doesn't
+have any concurrency limit. Bad guys can fill up your memory and your
+descriptor tables even if you are restricting the number of connections in
+pure-ftpd. Better use a modern replacement for inetd, or run pure-ftpd in
+standalone mode.
+
+
+1) Check that inetd is up:
+
+ps auxw | grep inetd
+root      3699  0.0  0.3  1072  492 ?        S    15:47   0:00 inetd
+
+2) Edit /etc/inetd.conf and look for a line like:
+
+ftp        stream        tcp        nowait        root        /usr/sbin/tcpd        in.ftpd
+
+The line may also end with "proftpd" or "wuftpd", but it should start with
+"ftp stream tcp".
+
+3) Replace that line with the following one:
+
+ftp        stream        tcp        nowait        root        /usr/sbin/tcpd        /usr/local/sbin/pure-ftpd
+
+If /usr/sbin/tcpd is missing on your system, try the following line instead:
+
+ftp        stream        tcp        nowait        root        /usr/local/sbin/pure-ftpd  pure-ftpd
+
+4) Restart the inetd daemon:
+
+pkill -x -s HUP inetd
+
+If 'pkill' is missing on your system, try this:
+
+kill -HUP $(cat /var/run/inetd.pid)
+
+
+**** Usage with Xinetd ****
+
+Add the following entry to the /etc/xinetd.conf file:
+
+
+service ftp 
+{ 
+    socket_type = stream 
+    server = /usr/local/sbin/pure-ftpd 
+    protocol = tcp 
+    user = root 
+    wait = no
+    disable = no 
+}
+
+
+On Redhat systems, you can also put this in a /etc/xinetd.d/pure-ftpd file.
+
+Then, restart the server:
+
+pkill -x -s USR2 xinetd
+
+
+
+**** Usage with TCPserver ****
+
+
+TCPServer is part of the ucspi-tcp package by Dan Bernstein.
+The simplest way of running Pure-FTPd with TCPserver is the following command:
+
+tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd &
+
+You can add that line to your system local startup scripts
+(usually /etc/rc.d/boot.local or /etc/rc.d/rc.local) . If it doesn't work,
+replace 'tcpserver' with its full path (eg. '/usr/local/bin/tcpserver') .
+
+
+          ------------------------ OPTIONS ------------------------
+    
+    
+The previous steps should be enough to get a running FTP server. But you can
+add some command-line arguments to change its behavior. These arguments have
+to be added after the pure-ftpd path in your super-server configuration.
+For instance, you want to add the '-s' and '-a 42' flags. Here are what the
+configuration lines will look like in your super-server:
+
+- Inetd:
+ftp        stream        tcp        nowait        root        /usr/sbin/tcpd  /usr/local/sbin/pure-ftpd -s -a42
+or
+ftp        stream        tcp        nowait        root        /usr/local/sbin/pure-ftpd  pure-ftpd -s -a42
+
+If you use Inetd, don't put space between options and arguments. e.g. use
+-a42 instead of -a 42 . Inetd has trouble dealing with a lot of options and
+with characters like ':' .
+
+- Xinetd:
+
+service ftp 
+{ 
+    socket_type = stream 
+    server = /usr/local/sbin/pure-ftpd
+    server_args = -s -a 42
+    protocol = tcp 
+    user = root 
+    wait = no
+    disable = no 
+}
+
+- TCPserver:
+tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -s -a 42 &
+
+- G2S:
+{  
+    SERVICE ftp
+    DESCRIPTION "Pure-FTPd"
+    RUN /usr/local/sbin/pure-ftpd -s -a 42
+}
+
+Users need a shell listed in /etc/shells to get restricted or unrestricted
+FTP access. Alternatively, you can give them "ftp" as a shell. Users with a
+"ftp" shell will be able to login through FTP only: no telnet, no SSH. And
+there's no need (and you shouldn't do so) for an "ftp" entry in /etc/shells.
+
+Here are the recognized switches:
+
+- '-0': when a file is uploaded and there is already a previous version of the
+file with the same name, the old file will neither get removed nor truncated.
+Upload will take place in a temporary file and once the upload is complete,
+the switch to the new version will be atomic. For instance, when a large PHP
+script is being uploaded, the web server will still serve the old version and
+immediately switch to the new one as soon as the full file will have been
+transferred.
+
+- '-1': log the PID of each session in syslog output.
+
+- '-2 <file>': when using TLS, set the path to the certificate file.
+
+- '-4': only listen to IPv4 connections.
+
+- '-6': don't listen to IPv4, only listen to IPv6.
+
+- '-a <gid>': authenticated users will be granted access to their home
+directory and nothing else (chroot) . This is especially useful for users
+without shell access, for instance, WWW-hosting services shared by several
+customers. Only member of group number <gid> will have unrestricted access
+to the whole filesystem. So add a "staff", "admin" or "ftpadmin" group and
+put your trusted users in. <gid> is a NUMERIC group number, not a group name.
+This feature is mainly designed for system users, not for virtual ones.
+
+Note: 'root' (uid 0) always has full filesystem access.
+
+If you want to chroot() everyone, but root, use the following flag:
+
+- '-A': chroot() everyone, but root. There's no such thing as a trusted
+group. '-A' and '-a <gid>' are mutually exclusive.
+
+- '-b': Ignore parts of RFC standards in order to deal with some totally
+broken FTP clients, or broken firewalls/NAT boxes. Also, non-dangling
+symbolic links are shown as real files/directories.
+
+- '-B': Have the standalone server start in background (daemonization).
+
+- '-c <number of clients>': Allow a maximum of clients to be connected. For
+instance '-c 42' will limit access to simultaneous 42 clients. There is a
+50 client limit by default.
+
+- '-C <max connection per ip>': Limit the number of simultaneous connections
+coming from the same IP address. This is yet another very effective way to
+prevent stupid denial of services and bandwidth starvation by a single user.
+It works only when the server is launched in standalone mode (if you use a
+super-server, it is supposed to do that) . If the server is launched with
+'-C 2', it doesn't mean that the total number of connections is limited to 2.
+But the same client, coming from the same machine (or at least the same IP),
+can't have more than two simultaneous connections. This feature needs some
+memory to track IP addresses, but it's recommended to use it.
+
+- '-d': Send various debugging messages to the syslog. Don't use this
+unless you really want to debug Pure-FTPd. Passwords aren't logged.
+Duplicate '-d' to log responses, too.
+
+- '-D': List files beginning with a dot ('.') even when the client doesn't
+append the '-a' option to the list command. A workaround for badly
+configured FTP clients. If you are a purist, don't enable this. If you
+provide hosting services and if you have lousy customers, enable this.
+
+- '-e': Only allow anonymous users. Use this on a public FTP site with no
+remote FTP access to real accounts.
+
+- '-E': Only allow authenticated users. Anonymous logins are prohibited.
+
+- '-f <facility>': Use that facility for syslog logging. It defaults to
+'ftp' (or 'local2' if you got an obsolete libc without that facility).
+Logging can be disabled with '-f none' .
+
+- '-F <fortune file>': Display a fortune cookie on login. The sentence is
+a random extract from the text file <fortune file>. This text file should be
+formatted like standard "fortune" files (fortunes are separated by a '%'
+sign on a single line) . Pure-FTPd has to be compiled with support for
+cookies (--with-cookie). If you just want a simple banner displayed before
+the login prompt, add the name of any text file here.
+
+- '-g <pid file>': Change the location of the pid file when the server is
+run in standalone mode. The default is /var/run/pure-ftpd.pid .
+
+- '-G': Disallow renaming.
+
+- '-H': By default, fully-qualified host names are logged. To achieve this,
+DNS lookups are mandatory. The '-H' flag avoids host names resolution.
+("213.41.14.252" will be logged instead of "www.toolinux.com") . It can
+significantly speed up connections and reduce bandwidth usage on busy
+servers. Use it especially on public FTP sites. Also, please note that
+without -H, host names are informative but shouldn't be trusted: no reverse
+mapping check is done to save DNS queries.
+
+- '-i': Disallow upload for anonymous users, whatever directory permissions
+are. This option is especially useful for virtual hosting, to avoid your
+users creating warez sites in their account.
+
+- '-I <timeout>': Change the maximum idle time. The timeout is in minutes
+and defaults to 15 minutes. Modern FTP clients are trying to fool timeouts
+by sending fake commands at regular interval. We disconnect these clients
+when they are idle for twice (because they are active anyway) the normal
+timeout.
+
+- '-j': If the home directory of a user doesn't exist, automatically create
+it. The newly created home directory belongs to the user and permissions are
+set according to the current directory mask. Only the home directory can be
+created (so /home/john/./public_html won't work, but /home/john will) . To
+avoid local attacks, the parent directory should never belong to an untrusted
+user. Also note that you must trust whoever manages the users databases,
+because with that feature, he'll be able to create/chown directories anywhere
+on the server's filesystem.
+
+- '-J <ciphers>': Sets the list of ciphers that will be accepted for
+TLS connections.
+
+- '-k <percentage>': Don't allow uploads if the partition is more than
+<percentage>% full. For instance, "-k 95" will ensure your disks will never
+get filled more than 95% by FTP. No need for the "percent" sign after the
+number.
+
+- '-K': Allow users to resume and upload files, but *NOT* to delete or rename
+them. Directories can be removed, but only if they are empty. However,
+overwriting existing files is still allowed (to support upload resume) . If
+you want to disable this too, add -r (--autorename) .
+
+- '-l <authentication>' or '-l <authentication>:<config file>': Adds a new
+rule to the authentication chain. Please read the "Authentication" section,
+later in this README file. It's an important section.
+
+- '-L <max files>:<max depth>': To avoid stupid denial-of-service attacks
+(or just CPU hogs), Pure-FTPd never displays more than 10000 files in response
+to an 'ls' command. Also, a recursive 'ls' (-R) never goes further than 5
+subdirectories. You can increase/decrease those limits with the '-L' option.
+
+- '-m <cpu load>': Don't allow anonymous download if the load is above <cpu
+load> . A very efficient way to prevent overloading your server. Upload is
+still allowed, though.
+
+- '-M': Allow anonymous users to create directories.
+
+- '-n <max files>:<max size>': If the server has been compiled with support
+for virtual quotas, enforce these quota settings for all users (except
+members of the 'trusted' group) . <max size> is in Megabytes. See the
+"virtual quotas" section later in this document.
+
+- '-N': NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box
+that doesn't support applicative FTP proxying, or if you use port
+redirection without a transparent FTP proxy, use this. Well... the previous
+sentence isn't very clear. Okay: if your network looks like this:
+(FTP server)-------(NAT/masquerading gateway/router)------(Internet)
+and if you want people coming from the internet to have access to your FTP
+server, please try without this option first. If Netscape clients can
+connect without any problem, your NAT gateway rulez. If Netscape doesn't
+display directory listings, your NAT gateway sucks. Use '-N' as a workaround.
+
+- '-o': Write all uploaded files to '/var/run/pure-ftpd.upload.pipe' so
+that the 'pure-uploadscript' program can run. Don't enable that option if
+you don't actually use 'pure-uploadscript' otherwise pure-ftpd will hang
+waiting for pure-uploadscript to start.
+
+- '-O <format>:<log file>': Record all file transfers into a specific log
+file, in an alternative format. Currently, four formats are supported: CLF
+(Apache-like), Stats, W3C and xferlog.
+
+If you add '-O clf:/var/log/pureftpd.log' to your starting options,
+Pure-FTPd will log transfers in /var/log/pureftpd.log in a format similar to
+the Apache web server in default configuration. 
+
+If you use '-O stats:/var/log/pureftpd.log' to your starting options,
+Pure-FTPd will create log files in a special format, designed for statistical
+reports. The Stats format is compact, more efficient and more accurate that
+CLF and the old broken "xferlog" format.
+
+The Stats format is:
+<date> <session id> <user> <ip> <U or D> <size> <duration> <file>
+
+<date> is a GMT timestamp (time()) and <session id> identifies the current
+session. <file> is unquoted, but it's always the last element of a log line.
+"U" means "Upload" and "D" means "Download".
+
+Warning: the session id is only designed for statistics purposes. While it's
+always an unique string in the real world, it's theoretically possible to have
+it non unique in very rare conditions. So don't rely on it for critical
+missions.
+
+A command called "pure-statsdecode" can be used to convert timestamps into
+human-readable dates.
+
+The W3C format is enabled with '-O w3c:/var/log/pureftpd.log' .
+
+For security purposes, the path must be absolute (eg. /var/log/pureftpd.log
+, not ../log/pureftpd.log) . If this log file is stored on a NFS volume, don't
+forget to start the lock manager (often called "lockd" or "rpc.lockd").
+
+- '-p <first port>:<last port>': Use only ports in the range <first port>
+to <last port> inclusive for passive-mode downloads. This is especially
+useful if the server is behind a firewall without FTP connection tracking.
+Use high ports (40000-50000 for instance), where no regular server should be
+listening.
+
+- '-P <ip address or host name>': Force the specified IP address in reply to
+a PASV/EPSV/SPSV command. If the server is behind a masquerading (NAT) box
+that doesn't properly handle stateful FTP masquerading, put the ip address
+of that box here. If you have a dynamic IP address, you can put the public
+host name of your gateway, that will be resolved every time a new client will
+connect.
+
+- '-q <upload ratio>:<download ratio>': Enable ratios for anonymous users.
+
+- '-Q <upload ratio>:<download ratio>': Enable ratios for everybody
+(anonymous and non-anonymous). Members of the root (0, something called
+'wheel') have no ratio.
+
+- '-r': Never overwrite existing files. Uploading a file whose name
+already exists cause an automatic rename. Files are called xyz, xyz.1, xyz.2,
+xyz.3, etc.
+
+Tip: if you compile with 'make AUTORENAME_REVERSE_ORDER=1' , the naming
+convention will be reversed. Files will be called xyz, 1.xyz, 2.xyz, 3.xyz,
+etc.
+
+- '-R': Disallow users (even non-anonymous ones) usage of the CHMOD
+command. On hosting services, it may prevent newbies from making mistakes,
+like setting bad permissions on their home directory. Only root can use
+CHMOD when -R is enabled.
+
+- '-s': The "waReZ protection". Don't allow anonymous users to download
+files owned by "ftp" (generally, files uploaded by other anonymous users) .
+So that uploads have to be validated by a system administrator (chown to
+another user) before being available for download.
+
+- '-S [<ip address>,|<hostname>,] [<port>|<service name>]'. This option is
+only effective when the server is launched as a standalone server.
+Connections are accepted on the specified IP and port. IPv4 and IPv6 are
+supported. Numeric and fully-qualified host names are accepted. A service
+name (see /etc/services) can be used instead of a numeric port number.
+
+- '-T <bandwidth>' and '-t <bandwidth>': Enable bandwidth limitation (see
+below) . <bandwidth> is specified in kilobytes/seconds. To set up separate
+upload/download bandwidth, the [<upload>]:[<download>] syntax is supported.
+
+- '-u <uid>': Don't allow uids below <uid> to log in. '-u 1' denies access
+to root (safe), '-u 100' denies access to virtual accounts on most Linux
+distros.
+
+- '-U <umask for files>:<umask for dirs>': Change the file creation mask.
+The default is 133:022. If you want a new file uploaded by a user to only be
+readable by that user, use '-U 177:077'. If you want uploaded files to be
+executable, use 022:022 (files will be readable -but not writable- by other
+users) or 077:077 (files will only be executable and readable by their
+owner) . Please note that Pure-FTPd support the SITE CHMOD extension, so a
+user can change the permissions of his own files.
+
+- '-V <ip address>': Allow non-anonymous FTP access only on this specific
+local IP address. All other IP addresses are only anonymous. With that
+option, you can have routed IPs for public access and a local IP (like
+10.x.x.x) for administration. You can also have a routable trusted IP
+protected by firewall rules and only that IP can be used to login as a
+non-anonymous user.
+
+- '-v <name>': Set the service name for Apple's Bonjour. Only available on
+MacOS X when Bonjour support is compiled in.
+
+- '-w': Support the FXP protocol only for authenticated users. FXP works
+with IPv4 and IPv6 addresses.
+
+- '-W': Support the FXP protocol. FXP allows transfers between two remote
+servers without any file data going to the client asking for the transfer.
+
+However:
+
+****************************************************************************
+
+   *FXP IS AN INSECURE PROTOCOL* (third-party hosts can steal the current
+connection) . In Pure-FTPd, specific precautions have been taken to reduce
+FXP insertion attacks. But if your FTP server serves private data:
+   NEVER ALLOW FXP ACCESS TO UNTRUSTED HOSTS. YOU CAN PLAY WITH IT ON AN
+INTERNAL SERVER, BUT _DON'T_ GIVE FXP ACCESS TO ANONYMOUS INTERNET USERS.
+
+****************************************************************************
+
+        It's why FXP is disabled by default on Pure-FTPd unless you
+explicitly enable it with '-W' or '-w'.
+
+- '-x': In normal operation mode, authenticated users can read/write files
+beginning with a dot ('.') . Anonymous users can't, for security reasons
+(like changing banners or a forgotten .rhosts) . When '-x' is used,
+authenticated users can download dot-files, but not overwrite/create them,
+even if they own them. That way, you can prevent hosted users from messing
+.qmail files. If you want to give user access to a special dot-file, create a
+symbolic link to the dot-file with a file name that has no dot in it and the
+client will be able to retrieve the file through that link.
+
+- '-X': This flag is identical to the previous one (writing dot-files is
+prohibited), but in addition, users can't even *read* files and directories
+beginning with a dot (like "cd .ssh") .
+
+****************************************************************************
+
+When used in conjunction with "-a", members of the trusted group can bypass
+'-x'/'-X' restrictions.
+
+****************************************************************************
+
+- '-y <max user logins>:<max anonymous logins>': This option only
+works if the server has been compiled with --with-peruserlimits. It
+restricts the number of concurrent sessions the same user can have.
+  A null value ('0') means 'unlimited'.
+
+Here's a concrete example:
+
+/usr/local/sbin/pure-ftpd -y 3:20 -c 15 -C 5 -B
+
+Here, we allow:
+  * A max total of 15 sessions.
+  * 5 connections max coming from the same IP address.
+  * 3 connections max with the same user name.
+  * 20 anonymous users max.
+  
+With such a setup, a single user can't easily fill all slots.  
+
+- '-Y 0': Disable the TLS encryption layer (default).
+  '-Y 1': Accept both standard and encrypted sessions.
+  '-Y 2': Refuse connections that aren't using TLS security mechanisms,
+including anonymous sessions. The server must have been compiled with
+--with-tls and a valid certificate must be in place to get this feature.
+See the README.TLS file for more info about TLS.
+  '-Y 3': Cleartext sessions are refused and only TLS compatible 
+clients are accepted. Clear data connections are also refused, so private 
+data connections are enforced.
+
+- '-z': Allow anonymous users to read files and directories starting with a
+dot ('.') .
+
+- '-Z': Try to protect customers against common mistakes to avoid your
+technical support being busy with stupid issues. Right now, the '-Z' switch
+prevents your users against making bad 'chmod' commands, that would deny
+access to files/directories to themselves. The switch may turn on other
+features in the future. If you are a hosting provider, turn this on.
+
+If you prefer long options (GNU-style) over standard ones, the following
+aliases are available. You can get this list at any time by typing
+'pure-ftpd --help' .
+
+
+--(switches sorted by ##standard switches## lexical order)--
+
+-0  --notruncate
+-1  --logpid                <file>
+-4  --ipv4only
+-6  --ipv6only
+-8  --fscharset             <charset>
+-9  --clientcharset         <charset>
+-a  --trustedgid            <gid>
+-A  --chrooteveryone    
+-b  --brokenclientscompatibility    
+-B  --daemonize 
+-c  --maxclientsnumber      <number>
+-C  --maxclientsperip       <number>
+-d  --verboselog    
+-D  --displaydotfiles   
+-e  --anonymousonly 
+-E  --noanonymous   
+-f  --syslogfacility        <facility>
+-F  --fortunesfile          <file>
+-g  --pidfile               <path to pid file>
+-G  --norename
+-h  --help  
+-H  --dontresolve   
+-i  --anonymouscantupload
+-I  --maxidletime           <time (min)>
+-j  --createhomedir
+-J  --tlsciphersuite        <ciphers>
+-k  --maxdiskusagepct       <percentage>
+-K  --keepallfiles
+-l  --login                 <auth> or <auth>:<config file>
+-L  --limitrecursion        <number:number>
+-m  --maxload               <load>
+-M  --anonymouscancreatedirs    
+-N  --natmode
+-o  --uploadscript
+-O  --altlog                <format>:<log file>
+-p  --passiveportrange      <minport:maxport>
+-P  --forcepassiveip        <ip address>
+-q  --anonymousratio        <upload ratio>:<download ratio>
+-Q  --userratio             <upload ratio>:<download ratio>
+-r  --autorename
+-R  --nochmod
+-s  --antiwarez 
+-S  --bind                  <ip address,port>
+-t  --anonymousbandwidth    <bandwidth (KB/s)>
+-T  --userbandwidth         <bandwidth (KB/s)> or [<up bw>]:[<down bw>]
+-u  --minuid                <uid>
+-U  --umask                 <mask>
+-v  --bonjour               <name>
+-V  --trustedip             <ip address>
+-w  --allowuserfxp  
+-W  --allowanonymousfxp
+-x  --prohibitdotfileswrite 
+-X  --prohibitdotfilesread  
+-y  --peruserlimits         <per user max>:<max anonymous sessions>
+-Y  --tls                   <0:no TLS | 1:TLS+cleartext | 2:enforce TLS |
+                             3: enforce encrypted data channel as well>
+-z  --allowdotfiles
+-Z  --customerproof
+
+
+
+--(switches sorted by ##GNU-style long switches## lexical order)--
+
+-W  --allowanonymousfxp
+-z  --allowdotfiles
+-w  --allowuserfxp  
+-O  --altlog                <format>:<log file>
+-t  --anonymousbandwidth    <bandwidth (KB/s)>
+-M  --anonymouscancreatedirs    
+-i  --anonymouscantupload
+-e  --anonymousonly 
+-q  --anonymousratio        <upload ratio>:<download ratio>
+-s  --antiwarez 
+-r  --autorename
+
+-S  --bind                  <ip address,port>
+-b  --brokenclientscompatibility    
+
+-A  --chrooteveryone
+-9  --clientcharset         <charset>
+-j  --createhomedir
+-Z  --customerproof
+
+-B  --daemonize 
+-D  --displaydotfiles   
+-H  --dontresolve   
+
+-Y  --tls                   <0:no TLS | 1:TLS+cleartext | 2:enforce TLS |
+                             3:enforce encrypted data channel as well>
+
+-P  --forcepassiveip        <ip address>
+-F  --fortunesfile          <file>
+-8  --fscharset             <charset>
+
+-h  --help  
+
+-4  --ipv4only
+-6  --ipv6only
+
+-K  --keepallfiles
+
+-l  --login                 <auth> or <auth>:<config file>
+-1  --logpid                <file>
+-L  --limitrecursion        <number:number>
+
+-c  --maxclientsnumber      <number>
+-C  --maxclientsperip       <number>
+-k  --maxdiskusagepct       <percentage>
+-I  --maxidletime           <time (min)>
+-m  --maxload               <load>
+-u  --minuid                <uid>
+
+-N  --natmode
+-E  --noanonymous   
+-R  --nochmod
+-G  --norename
+-0  --notruncate
+
+-v  --bonjour               <name>
+
+-p  --passiveportrange      <minport:maxport>
+-y  --peruserlimits         <per user max>:<max anonymous sessions>
+-g  --pidfile               <path to pid file>
+-X  --prohibitdotfilesread  
+-x  --prohibitdotfileswrite 
+
+-f  --syslogfacility        <facility>
+
+-J  --tlsciphersuite        <ciphers>
+-a  --trustedgid            <gid>
+-V  --trustedip             <ip address>
+
+-U  --umask                 <mask>
+-o  --uploadscript
+-T  --userbandwidth         <bandwidth (KB/s)> or [<up bw>]:[<down bw>]
+-Q  --userratio             <upload ratio>:<download ratio>
+
+-d  --verboselog    
+
+
+------------------------ SETTING UP AN ANONYMOUS FTP ------------------------
+    
+    
+If a 'ftp' user exists and its home directory exists, Pure-FTPd will
+accept anonymous login, as 'ftp' or 'anonymous'.
+
+The root directory of the files served when logged as 'anonymous' is
+the home directory of the 'ftp' user.
+
+There's no need for 'bin', 'lib', 'etc' and 'dev' directories, nor any
+external program. Don't chown the public files to 'ftp', just writable
+directories such as 'incoming'.
+
+
+    ------------------------ DISPLAYING BANNERS ------------------------
+    
+
+If a '.banner' file is located in the 'ftp' user home directory (or in the
+root directory of a virtual server, see below), it will be printed when the
+client logs in. Put a nice ASCII-art logo with your name in that file.
+
+This file shouldn't be larger than 4000 bytes, or it won't be displayed.
+
+In each directory, you may also have a '.message' file. Its content will be
+printed when a client enters the directory. Such a file can contain important
+information ("Don't download version 1.7, it's broken!") .
+
+
+    ------------------------ DISPLAYING A COOKIE ------------------------
+
+
+A funny random message can be displayed in the initial login banner. The
+random cookies are extracted from a text file, in the standard "fortune"
+format. If you installed the "fortune" package, you should have a directory
+(usually /usr/share/fortune) with binary files (xxxx.dat) and text files
+(without the .dat extension) . To use Pure-FTPd cookies, just add the name
+of a text file to the '-F' option. For instance:
+
+/usr/local/sbin/pure-ftpd -F /usr/share/fortune/zippy
+
+If you want to have your own fortune files, just create a text file with the
+following structure.
+
+Hello... this is the first fortune...
+%
+Welcome to the real world.
+%
+Follow the white rabbit.
+%
+Have fun...
+Well... lotsa fun!
+%
+Yop is good for you.
+
+Goddit? Fortunes are delimited by a '%' sign on a single line. But a
+fortune itself can be multi-line (see the fourth example) .
+
+For security paranoia, the text file has to be readable by everybody (chmod
+644 the file if necessary), or the server will ignore it.
+
+Of course, the fortune file can contain a single message.
+
+
+  ------------------------ PER-USER CHROOT() RULES ------------------------
+
+
+Apart from the "-a" flag, Pure-FTPd has another way to fine-tune chroot()
+rules. Let's take an /etc/passwd entry:
+
+mimi:x:501:100:Mimi:/home/mimi:/bin/zsh
+
+Without any special rule, mimi will be able to log in and to retrieve any
+public-readable file in the filesystem. Now, let's change a bit of its home
+directory:
+
+mimi:x:501:100:Mimi:/home/mimi/./:/bin/zsh
+
+So what? Mimi's home directory is still the same and common applications
+shouldn't notice any difference. But Pure-FTPd understands "chroot() until
+/./". So when mimi next carries out a FTP log in, only the /home/mimi
+directory will be reachable, not the whole filesystem. If you don't like the
+"-a" and its trusted gid thing, this is a good way to only chroot() some
+users. Another trick is to add something after "/./":
+
+mimi:x:501:100:Mimi:/home/mimi/./public_html:/bin/zsh
+
+When Mimi will log in, two things will happen:
+- chroot("/home/mimi") so that Mimi can't see anything but her home directory.
+- chdir("public_html") so the session will start in the public_html
+directory. "cd .." is still allowed, though.
+That "url-style" handling is especially handy for FTP-only users (ie.
+without shell access) .
+
+If a user is chrooted with the /./ trick *and* belongs to the trusted group
+(-a) he *will* be chrooted, but he will have no ratio and will be allowed to
+access dot files.
+
+
+         ------------------------ RATIOS ------------------------
+
+
+If you want to force people to upload new files before being able to
+download other files, ratios are for you. It's a very good way to get lotsa
+fresh stuff on a public FTP server and a must for warez traders. I don't
+like that kind of business, but well... Pure-FTPd has to be designed to
+please everybody.
+
+To enable ratios, just use the '-q' option, followed by the upload:download
+ratio:
+
+                                   -q 2:5
+                                   
+...means that an anonymous user has to upload at least 2 Mb of goodies to be
+able to download 5 Mb.
+
+If ratios should apply to everyone (anon and non-anon), use the '-Q' option
+the same way.
+
+Note: 'root' never has ratios. Neither have users of the trusted group when
+'-Q' in used with the '-a' or '-A' option.
+
+
+   ------------------------ BANDWIDTH THROTTLING ------------------------
+
+
+Pure-FTPd has an interesting built-in feature: simple bandwidth throttling.
+
+* You want to limit FTP throughput so that uploading and downloading files
+through that protocol can't fill up your network bandwidth.
+
+-> Compile Pure-FTPd with --with-throttling
+-> Run it with the '-T' flag, followed by a number. That number is the
+maximum bandwidth a user can use in a session, in kilobytes/seconds.
+
+* You want to allow less bandwidth to your anonymous users than your
+authenticated ones. So that during a bandwidth starvation, real users can
+still upload/download properly.
+
+-> Compile Pure-FTPd with --with-throttling
+-> Run it with the '-t' flag, followed by a number.
+
+Example:
+
+/usr/local/sbin/pure-ftpd -t 64
+
+And uploading/downloading files can't take more than 64 KB/sec whatever real
+bandwidth you have.
+
+* It is possible to have different bandwidth limits for uploads and for
+downloads. '-t' and '-T' can indeed be followed by two numbers delimited by
+a column (':') . The first number is the upload bandwidth and the next one
+applies only to downloads. One of them can be left blank which means infinity.
+
+Example 1: 256 KB/s for uploads, 64 KB/s for downloads
+
+/usr/local/sbin/pure-ftpd -t 256:64
+
+Example 2: 256 KB/s for uploads, no limit for downloads
+
+/usr/local/sbin/pure-ftpd -t 256:
+
+Example 3: no limit for uploads, 64 KB/s for downloads
+
+/usr/local/sbin/pure-ftpd -t:64
+
+With no column, the value applies to both, so '-t 64' is an alias for 
+'-t 64:64' .
+
+* When Pure-FTPd serves a session with restricted bandwidth, it decreases
+its process priority to 10. So, '-t 0' makes sense: during a CPU
+starvation, authenticated sessions may be more responsible than anonymous
+ones. '-T 0' is quite useless, but it also works and it will always be nice to
+the server process.
+
+* If you need advanced bandwidth management, have a look at your kernel
+Q.O.S. abilities.
+
+
+      ------------------------ VIRTUAL SERVERS ------------------------
+
+
+Using Virtual servers is a convenient way of hosting several FTP sites on the same
+computer. Let's say, you got two customers. The former owns the 'cgx.org'
+domain name, while the latter owns the 'example.com' domain name. Both are
+hosted on the same computer, but they don't want to share the same files.
+ftp://ftp.cgx.org/ should show different content than ftp://ftp.example.com/
+.
+
+The FTP protocol doesn't allow name-based selection. So, if you want to host
+<N> different virtual FTP servers on the same host and keep the standard port,
+you need <N> different IP addresses. Yes, Sir. Or use HTTP.
+
+Assign the needed IP addresses to your network adapter (with "ifconfig eth0:x
+..." or "ip addr add dev eth0 a.b.c.d").
+
+Now, create a /etc/pure-ftpd directory if it doesn't exist:
+
+mkdir /etc/pure-ftpd
+
+To add a virtual FTP server, you only need to create a symbolic link in
+/etc/pure-ftpd/ from the virtual host IP to the directory that contains the
+file for that virtual host.
+
+Example:
+
+ln -s /home/customers/example.com/ftp /etc/pure-ftpd/216.226.17.77
+ln -s /home/customers/cgx.org/ftp    /etc/pure-ftpd/212.73.209.252
+
+Done! Put the CGX files in /home/customers/cgx.org/ftp/ and the Example
+files in /home/customers/example.com/ftp/ .
+
+With that feature, every account on the server can have its own public
+anonymous FTP area. If you are providing hosting services, this is a nice
+feature for your customers.
+
+* WARNING *: it also means that your customers can create "incoming"
+directories with 1777 permissions. It can be nice, but it can also fill up
+your disk with warez. You can stop uploads for anonymous users with the
+'-i' (or --anonymouscantupload) option.
+
+By default, all IP addresses assigned to your server can be accessed by real
+or anonymous users. You can restrict this with -e (only anonymous) or -E
+(only real) .
+
+A more flexible way is to use '-V <ip address>' to define a "trusted" IP
+address. When a client connects to that trusted IP, anonymous and real
+logins are permitted. But on all other IP, only anonymous users are permitted.
+
+If you are a hosting service provider and if each customer has its own IP
+address, it may be a nice idea to have a trusted IP you give to all your
+customers, so that they can manage the files in their account. That IP is
+the same for all customers. You can easily restrict access to that IP with
+firewall rules if your customers have static IP addresses.
+Use '-V <trusted ip>' and link /etc/pure-ftpd/<customer ip> to
+~customer/ftp . Every customer will have his own *anonymous only* FTP
+server and hackers will have to find the trusted IP to get in.
+
+
+       ------------------------ IPv6 SUPPORT ------------------------
+
+
+Pure-FTPd has full IPv6 support (native IPv6 addresses and 4-in-6
+addresses). But use a super-server that also understands the IPv6 protocol,
+like Rlinetd or Xinetd. Recent versions of Inetd should also be ok
+(unverified). IPv6 is supported everywhere: logging, configuration
+switches, virtual hosts, protocol (EPSV/EPRT support), name resolution...
+
+
+             --------------------- LOGGING ---------------------
+
+
+Log messages are sent to the syslog daemon. You can disable logging with
+'-f none'.
+If you want all FTP messages to be redirected to a file, say /var/log/ftp,
+add this line to your /etc/syslog.conf file:
+
+ftp.*   /var/log/ftp
+
+Then restart your syslogd daemon:
+
+pkill -x -s HUP syslogd
+
+You can also drop your old "syslogd" and "klogd" programs for Metalog, an
+efficient alternative: http://metalog.sourceforge.net/
+
+Names of uploaded/downloaded files are logged with paths like this:
+
+                           /home/ftp//pub/bla.jpg
+                           
+The double-slash ('//') is the chroot limit.
+
+
+    --------------------- WATCHING CURRENT SESSIONS ---------------------
+
+
+Since 0.97.7, you can type 'pure-ftpwho' at any time to watch current active
+sessions.
+
+If typing 'pure-ftpwho' answers 'Command not found', you have to add
+/usr/local/sbin in your PATH environment variable.
+
+The default output looks like this:
+
++------+---------+-------+------+-------------------------------------------+
+| PID  |  Login  |For/Spd| What |                 File/IP                   |
++------+---------+-------+------+-------------------------------------------+
+| 2239 | jedi    | 00:17 |  D/L | XFree86-clients-4.0.3.tar.gz              |
+|  ''  |    ''   |  41K/s|  33% | ->                     nestea.funboard.de |
++------+---------+-------+------+-------------------------------------------+
+| 2385 | ftp     | 00:02 | IDLE |                                           |
+|  ''  |    ''   |       |      | ->                     gw2.crn.kjop.co.uk |
++------+---------+-------+------+-------------------------------------------+
+
+'D/L' means that the client is downloading and 'U/L' means he's uploading
+some file whose name is shown in the next column. '33%' is the real-time
+completion of the current operation. '41K/s' is the bandwidth used by the
+client. You can track down who's starving your bandwidth with this.
+
+The 'pureftp-who' command accepts interesting options:
+
+'-c': the program is called via a web server (CGI interface) . Output is a
+full HTML page with the initial content-type header. This option is
+automatically enabled if an environment variable called GATEWAY_INTERFACE is
+found. This is the default if you can access the program from a CGI-enabled web
+server (Apache, Roxen, Caudium, WN, ...) .
+
+'-h': show command-line options summary.
+
+'-n': don't resolve host names and only show IP addresses (faster).
+
+'-s': output an easily parsable format for shell scripts (but not very user
+friendly) . 
+There's only one line per client, with only numeric data, delimited by a '|'
+character. It's not very human-readable, but it's designed for easy parsing by
+shell scripts (cut/sed) . '|' characters in user names or file names are
+quoted ('|' becomes '\|') .
+
+Type 'pure-ftpwho -h' to check the format. 
+
+'-w': output a complete HTML page (web mode).
+
+'-W': output an HTML page with no header and no footer. This is an embedded
+mode, suitable for inline calls from CGI, SSI or PHP scripts.
+
+'-x': output well-formed XML data for post-processing. This is the most
+acurate mode. Time is in seconds and file sizes are in bytes (in other
+output formats, sizes are in kbytes for easier readability) .
+
+'-v': verbose output in text mode. Additional info includes the size of
+files being downloaded/uploaded, the local IP or local host name and the
+connection port. This is especially useful for virtual hosts. Here's a
+sample output of 'pure-ftpwho -v':
+
++------+---------+-------+------+-------------------------------------------+
+| PID  |  Login  |For/Spd| What |     File/Remote IP/Size(Kb)/Local IP      |
++------+---------+-------+------+-------------------------------------------+
+| 9086 | j       | 00:04 |  DL  | linux-2.4.4.tar.bz2                       |
+|  ''  |    ''   |  22K/s|  27% | ->                              localhost |
+|  ''  |    ''   |       |      | Total size:    20859 Transferred:     5632 |
+|  ''  |    ''   |       |      | <-                        localhost:21    |
++------+---------+-------+------+-------------------------------------------+
+
+
+      ------------------------ AFTER AN UPLOAD ------------------------
+
+
+After an upload, any external program or shell script can be spawned with the
+name of the newly uploaded file as an argument. You can use that feature to
+automatically send a mail when a new file arrives. Or you can pass it to a
+moderation system, an anti-virus, a MD5 signature generator or whatever you
+decide can be done with a file.
+
+To support this, the server has to be configured --with-uploadscript at
+compilation time. Upload scripts won't be spawned on unreadable directories.
+So it's highly recommended to use upload scripts with the --customerproof
+run-time option and without unreadable parent directories.
+To tell the FTP server to use upload scripts, it has to be launched with the
+'-o' option. Finally, you have to run another daemon called 'pure-uploadscript'
+provided by this package.
+
+IMPORTANT:
+
+YOU MUST START PURE-FTPD _FIRST_ and _THEN_ START PURE-UPLOADSCRIPT.
+THE REVERSE ORDER WON'T WORK.
+
+For security purposes, the server never launches any external program. It's
+why there is a separate daemon, that reads new uploads pushed into a named
+pipe by the server. Uploads are processed synchronously and sequencially.
+It's why on loaded or untrusted servers, it might be a bad idea to use
+pure-uploadscript with lengthy or cpu-intensive scripts.
+
+The easiest way to run pure-uploadscript is 'pure-uploadscript -r <script>':
+
+/usr/local/sbin/pure-uploadscript -r /bin/antivirus.sh
+
+The absolute path of the newly uploaded file is passed as a first argument.
+Some environment variables are also filled with interesting values:
+
+- UPLOAD_SIZE  : the size of the file, in bytes.
+- UPLOAD_PERMS : the permissions, as an octal value.
+- UPLOAD_UID   : the uid of the owner.
+- UPLOAD_GID   : the group the file belongs to.
+- UPLOAD_USER  : the name of the owner.
+- UPLOAD_GROUP : the group name the file belongs to.
+- UPLOAD_VUSER : the full user name, or the virtual user name. (127 chars max)
+
+There are also some options to "pure-uploadscript":
+
+- '-u <uid>' and '-g <gid>' to switch the account pure-uploadscript will run
+as. The script will be spawned with the same identity.
+
+- '-B' to fork in background.
+
+Please have a look at the man page ('man pure-uploadscript') for additional
+info.
+
+
+    ------------------------ LISTING DIRECTORIES ------------------------
+
+
+The built-in 'ls' supports all common options of a regular 'ls' command.
+Here are the ones you should know for a better life with FTP:
+
+- '-l': verbose listing, reporting dates, owners, perms and sizes.
+- '-a': also lists files and directories beginning with a dot.
+- '-F': adds a '/' after directory names.
+- '-d': list the directory itself, not its content.
+- '-R': recursive listing.
+- '-S': sort by size.
+- '-t': sort by date.
+- '-r': reverse the sorting order.
+
+If you aren't very familiar with Unix, log in to your FTP server and try
+these variants:
+
+ls
+ls -F
+ls -l
+ls -la
+ls -lR
+ls -Sl
+ls -Slr
+ls -tl
+ls -tlr
+
+Globbing is also supported. So if you are looking for a GNOME RPM in
+<I don't know the directory name>/gnome-xxxxxxxx.rpm , you can find it that
+way:
+
+ls */gnome*.rpm
+
+
+      ------------------------ VIRTUAL QUOTAS ------------------------
+
+
+With virtual quotas, you can restrict the maximum number of files and the
+total size of a user directory.
+
+These quotas are "virtual" because they aren't handled at kernel-level, but
+by the FTP server itself. There are some advantages over kernel quotas:
+
+- Virtual quotas are specific to the FTP server. You can have different
+system quotas to handle other files (eg. mail) on the same partition.
+
+- You can have different virtual quotas for every user, even if they share
+the same system uid.
+
+- Virtual quotas are working even on filesystems that don't support system
+quotas.
+
+However, virtual quotas are slower and can't be as reliable as kernel quotas,
+so don't trust them ultimately, they are probably races allowing to bypass
+them. Also the filesystem users directories are on must properly support file
+locking.
+
+Virtual quotas are implemented in Pure-FTPd as simple files called
+".ftpquota", located in the home directory of chrooted users. This file only
+contains two numbers: the current number of files for this user and the
+total size of the directory (+ its subdirectories), in bytes. When a new
+file is uploaded, these numbers grow. When a file is deleted, these numbers
+get smaller. Simple. Of course, when virtual quotas are enabled for one
+user, that user must be 1) chrooted, 2) not allowed to write quota files, 3)
+not allowed to forbid access to some directories to fool the counter.
+
+Quotas can be enabled for all users for the -n (--quotas) option. This
+option is followed by the max number of files and the max size (in Megabytes)
+. Every user will have the same quota. Exception: members of the trusted
+group, if -a is enabled.
+
+You can also have different quotas for every user if you use PureDB or SQL
+databases. See the "README.Virtual-Users" file for more info about PureDB
+databases.
+
+So, if you want 1000 files max and 10 Mb max for all your customers, run
+the server like this:
+
+/usr/local/sbin/pure-ftpd -n 1000:10
+
+".ftpquota" files are created on demand when they are missing. However, when
+they are created, the server assumes that the account was empty. If this is
+not the case, you must run the "pure-quotacheck" utility to create an
+initial ".ftpquota" file.
+
+"pure-quotacheck" is a tool that computes the size and the number of files
+in a directory and create a ".ftpquota" file with this info.
+
+The syntax is:
+
+pure-quotacheck -u username/uid -d home directory [-g group/gid]
+
+For instance, if you want to summarize usage for the /home/ftpusers/john
+directory, whose files are owned by the "ftpusers" system account, just run:
+
+pure-quotacheck -u ftpusers -d /home/ftpusers/john
+
+You can run pure-quotacheck whenever you want, even when ".ftpquota" files
+are already there. This is even a good idea to run this for all users in
+crontab, so that stored quotas are always exact, even if something went wrong
+(server bug, filesystem corruption, savagely killed server, etc) .
+
+
+      ------------------------ AUTHENTICATION ------------------------
+
+
+Pure-FTPd supports multiple methods of authentication. To use a method, you
+must have it compiled in (check the ./configure options) .
+
+- To use Unix authentication (the traditional /etc/passwd file), add the
+following option when you run the server:
+
+                                   -l unix
+
+
+- To use PAM authentication, add this:
+
+                                   -l pam
+                                   
+                                   
+- To use PureDB (virtual users), add this:
+
+                     -l puredb:/path/to/puredb_database
+
+(read README.Virtual-Users for more info about PureDB indexed files)
+
+
+- To use LDAP directories, add this:
+
+                      -l ldap:/path/to/ldap_config_file
+
+(read README.LDAP for more info about LDAP directories)
+
+
+- To use MySQL databases, add this:
+
+                     -l mysql:/path/to/mysql_config_file
+
+(read README.MySQL for more info about MySQL databases)
+
+- To use Postgres databases, add this:
+
+                     -l pgsql:/path/to/postgres_config_file
+
+(read README.PGSQL for more info about Postgres databases)
+
+- To use external authentication handlers (with pure-authd), use:
+
+                     -l extauth:/path/to/authd/socket
+
+(read README.Authentication-Modules for more info about external
+authentication)
+
+
+Multiple authentication methods can be chained. For instance, you can run the
+server like this:
+
+/usr/local/sbin/pure-ftpd -lldap:/etc/pureftpd-ldap.conf      \
+                          -lpuredb:/etc/pureftpd.pdb -lunix
+
+Every method is tried in order. With the previous command line, an LDAP
+directory is probed first. If a user isn't found in the directory, a
+PureDB database is scanned for the same user name. If that user is still not
+found, /etc/passwd is scanned.
+
+If the user is found in the LDAP directory, but the given password is wrong,
+further authentication methods are skipped.
+
+If you don't specify any -l option, PAM is assumed by default if the server
+is compiled with PAM support and Unix is assumed by default otherwise.
+
+
+     ------------------------ DIRECTORY ALIASES ------------------------
+
+
+Directory aliases provides "shortcuts" for the "cd" command. For instance,
+if you define an alias called "pictures" for "/usr/misc/pictures", when an
+user will type "cd pictures" and if no real "pictures" directory exists, he
+will be automatically redirected to "/usr/misc/pictures". Unlike symbolic
+links, "cd pictures" will work from any directory. Tildes are *not* expanded.
+
+a user can get the list of available aliases with the following command:
+
+SITE ALIAS
+
+To support that feature, the server must be compiled with --with-diraliases
+passed to ./configure .
+
+To define alias/directory pairs, you must create a file called
+/etc/pureftpd-dir-aliases, whose format is:
+
+Alternating lines of alias and dir
+(this enables embedded whitespace in dir and alias without quoting rules)
+Optional blank lines
+Optional lines beginning with '#' as comments
+(no you can't put a '#' just anywhere)
+
+Example:
+
+pictures
+/usr/misc/pictures
+
+sources
+/usr/src
+
+# This is for the OpenBSD port tree
+pureftpd-port
+/usr/ports/net/pure-ftpd
+
+
+    ------------------------ PRIVILEGE SEPARATION ------------------------
+
+
+When privilege separation is enabled, each session will spawn two processes :
+a "privileged" process running as root, but that can only do very basic
+and trusted actions (binding a port and remove the ftpwho scoreboard) and
+the "client" process. The "client" process definitely revokes all privileges
+after authentication and chroot() and punctually communicates with the
+parent over a private channel.
+
+Privilege separation decreases performance of loaded servers, but it
+increases security and reliability. Enabling it is recommended.
+
+Some old broken operating systems may allow the ptrace() system call on
+processes that revoked privileges. On these platforms, enabling privilege
+separation is a bad idea if untrusted users also have shell access. Use the
+src/ptracetest program to check this. At least Solaris, ISOS, MirBSD,
+OpenBSD, DragonflyBSD, FreeBSD and Linux are known to be safe.
+
+
+    ------------------------ CHARSETS (RFC2640) ------------------------
+        
+
+Since version 1.0.21, pure-ftpd has *experimental* support for charsets
+conversion. The server filesystem can use a different charset than the
+charset assumed by clients, and pure-ftpd translates file names through the
+iconv library.
+
+Some modern clients like lftp will also try to use UTF-8 if the server
+supports it.
+
+Thus, charsets conversion can be very useful when dealing with file names
+containing non-english characters.
+
+In order to support this, pure-ftpd has to be compiled with:
+
+./configure ... --with-rfc2640
+
+This is not supported by default because it requires libiconv.
+
+Then the server has to be started with --fscharset=<charset>. Replace
+<charset> with the charset of the server's filesystem. For instance:
+
+/usr/local/sbin/pure-ftpd --fscharset=ISO-8859-15
+
+This is often enough to properly work with UTF-8 capable clients.
+
+But optionnally, you can specify the default charset for clients, with
+--clientcharset:
+
+/usr/local/sbin/pure-ftpd --fscharset=iso-8859-15 --clientcharset=big5
+
+
+ ------------------------ OPTIMIZING FOR HIGH LOAD ------------------------
+
+
+If you are going to use Pure-FTPd on a highly loaded server, here are some
+hints to get the best performances:
+
+- Compile with:
+
+env CFLAGS="-O2 -fomit-frame-pointer -fgcse -Os" ./configure --with-minimal --without-inetd --without-pam
+make install-strip
+
+- Run it in standalone mode. Don't use -C, don't enable pure-ftpwho nor
+pure-uploadscript (-o), nor per-user limits (-y) .
+
+- Increase your system max descriptors number and local port range. On a
+Linux kernel, you can try:
+
+echo 2000 > /proc/sys/fs/super-max
+echo 60000 > /proc/sys/fs/file-max
+ulimit -n 60000
+echo 30000 65534 > /proc/sys/net/ipv4/ip_local_port_range
+
+- On a Linux kernel, disable syncookies, ecn, timestamps and window scaling:
+
+echo 0 > /proc/sys/net/ipv4/tcp_syncookies
+echo 0 > /proc/sys/net/ipv4/tcp_ecn
+echo 0 > /proc/sys/net/ipv4/tcp_timestamps
+echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
+
+- Disable access time update on your mounted filesystems. On a Linux system,
+just add 'noatime,nodiratime' for each mount point in your /etc/fstab file.
+
+- Disable syslog output and DNS lookups. Run it with:
+
+/usr/local/sbin/pure-ftpd -f none -H
+
+
+For FreeBSD, DJ_Oggy recommends the following setting:
+
+>>> QUOTE:
+
+Drop into single user mode (do a shutdown now or boot -s) and enter
+
+tunefs -n enable <filesystem>
+
+i sugest / /usr /var
+
+In /etc/fstab add ",noatime" to the options of all filesystems.
+
+In /boot/loader.conf add the following:
+
+hw.ata.wc="1"
+kern.ipc.nmbclusters="60000"
+
+In /etc/sysctl.conf add the following:
+
+vfs.vmiodirenable=1
+kern.ipc.maxsockbuf=2097152
+kern.ipc.somaxconn=8192
+kern.ipc.maxsockets=16424
+kern.maxfiles=65536
+kern.maxfilesperproc=32768
+net.inet.tcp.rfc1323=1
+net.inet.tcp.delayed_ack=0
+net.inet.tcp.sendspace=65535
+net.inet.tcp.recvspace=65535
+net.inet.udp.recvspace=65535
+net.inet.udp.maxdgram=57344
+net.local.stream.recvspace=65535
+net.local.stream.sendspace=65535
+
+give it two asprin, a reboot and call me in the morning!!!!! 
+
+<<< END OF QUOTE
+
+
+       ------------------------ KNOWN ISSUES ------------------------
+
+
+- On non-linux systems, '-c' only works in standalone mode.
+
+- You should always avoid the use of spaces in login names: applications
+that are parsing log files often choke on this.
+
+- Incomplete transfers aren't logged in alternative formats.
+
+- On Solaris, to get chroot to work with pure-ftpd you need a dev directory
+in your new rootdir with these:
+
+crw-rw-rw-   1 root     other     11, 42 Dec 10 15:02 tcp
+crw-rw-rw-   1 root     other    105,  1 Dec 10 15:02 ticotsord
+crw-rw-rw-   1 root     other     11, 41 Dec 10 15:03 udp
+crw-rw-rw-   1 root     other     13, 12 Dec 10 15:03 zero
+
+else you get this
+
+ftp> ls
+425 Can't create the data socket: Bad file number.
+
+If all your users are chrooted, you have to create these files in every home
+directory. Here's how:
+
+mkdir dev
+mknod dev/tcp c 11 42
+chmod 0666 dev/tcp
+mknod dev/udp c 11 41
+mknod dev/zero c 13 12
+mknod dev/ticotsord c 105 1
+
+(Reported by Kenneth Stailey)
+
+- Resuming ASCII transfers is refused. ASCII transfers are hell, because
+they are consuming CPU time both at client and server sides. And they even
+consume *more* bandwidth than binary transfers. But they allow Windows
+clients to upload scripts to Unix servers, stripping these nasty ^M signs.
+ASCII transfers are implemented in Pure-FTPd. But they can't be resumed and
+this is intentional. To restart an ASCII transfer, the file has to be
+read and analyzed byte by byte. It can be very long and by sending two
+trivial commands, a client can completely kill a server (take a lot of CPU and
+disk resources) . And there's no workaround.
+Another point is that while RFC describe a way to resume ASCII transfers,
+many clients and servers implement them in another way. The result is that
+resumed ASCII transfers can lead to data corruption. Some major servers
+didn't follow RFC, so some clients did the same mistake to support these
+servers, while some other modern clients and servers are trying to fully
+conform to RFC. So when clients and servers are speaking the same dialect, it
+works. When it's not the case, you get corrupted files. Messy, eh?
+And what if a customer uploads a script to your server and thinks he can
+safely delete it from its hard disk? If the remote file is corrupted, he
+will get really angry.
+It's why Pure-FTPd *refuses* to resume ASCII transfers. If a customer tells
+you that he isn't able to upload/download a partially transferred ASCII file,
+please tell them to remove the partial file and to retransfer it again. This
+is a safe bet.
+
+
+   ------------------------ DOWNLOADING PURE-FTPD ------------------------
+
+
+Pure-FTPd home page is: https://www.pureftpd.org/ .
+
+Git repository: https://github.com/jedisct1/pure-ftpd
+
+Thank you, 
+
+                       -Frank DENIS "Jedi/Sector One" <j at pureftpd dot org>

EVSE/GPL/pure-ftpd-1.0.49/README.Authentication-Modules

@@ -0,0 +1,150 @@
+
+
+  ------------------------ AUTHENTICATION MODULES ------------------------
+
+
+Anybody can add new custom authentication methods to Pure-FTPd without
+recompiling anything, using "authentication modules".
+
+To enable it, you must ./configure with --with-extauth, or
+--with-everything. Linux binary packages have it enabled by default.
+
+Here's how they work:
+
+1) A client connects to the FTP server and issues a login/password pair.
+
+2) The FTP server connects to a local separate daemon, called 'pure-authd'.
+Data transmitted to that daemon is: user's login, user's password, the IP
+address that user connected to, the local port that user connected to and
+the user's remote IP address.
+
+3) pure-authd spawns an authentication program. It can be anything,
+including a shell script. The program is given the collected info (login,
+password, IP addresses, etc) as environment variables.
+
+4) The authentication program replies (to the standard output) with the
+user's home directory, quota, ratio, bandwidth and if authentication was
+successful or not.
+
+5) pure-authd relays this info to pure-ftpd.
+
+This method is a bit slower than built-in authentication methods. But it's
+very flexible as anyone can easily write his own authentication programs.
+And they can run non-root, chrooted, with limited capabilities, etc.
+
+Communication between pure-ftpd and pure-authd is done through a local Unix
+socket. It's recommended to put that socket in a directory where non-trusted
+users have no write access to.
+
+Authentication programs can read the following environment variables to get
+info about the user trying to authenticate:
+
+AUTHD_ACCOUNT
+AUTHD_PASSWORD
+AUTHD_LOCAL_IP
+AUTHD_LOCAL_PORT
+AUTHD_REMOTE_IP
+AUTHD_ENCRYPTED
+AUTHD_CLIENT_SNI_NAME
+
+They are self-explanatory. Previous global environment variables aren't
+cleared when the script is called. The content of these variables is
+_not_ quoted. They may contain special characters. They are under the
+control of a possibly malicious remote user.
+
+The program must respond on the standard output with lines like:
+
+auth_ok:1
+uid:42
+gid:21
+dir:/home/j
+end
+
+Note the final 'end' keyword. It's mandatory.
+
+Here's the list of recognized tokens ('xxx' has of course to be filled):
+
+* auth_ok:xxx
+
+If xxx is 0, the user was not found (the next authentication method passed
+to pure\-ftpd will be tried) . If xxx is \-1, the user was found, but there
+was a fatal authentication error: user is root, password is wrong, account
+has expired, etc (next authentication methods will not be tried) . If xxx is
+1, the user was found and successfully authenticated.
+ 
+* uid:xxx
+
+The system uid to be assigned to that user. Must be > 0.
+ 
+* gid:xxx
+
+The primary system gid. Must be > 0.
+ 
+* dir:xxx
+
+The absolute path to the home directory. Can contain /./ for a chroot jail.
+ 
+*slow_tilde_expansion:xxx (optional, default is 1)
+
+When the command 'cd ~user' is issued, it's handy to go to that user's home
+directory, as expected in a shell environment. But fetching account info can
+be an expensive operation for non-system accounts. If xxx is 0, 'cd ~user'
+will expand to the system user home directory. If xxx is 1, 'cd ~user' won't
+expand. You should use 1 in most cases with external authentication, when
+your FTP users don't match system users. You can also set xxx to 1 if you're
+using slow nss_* system authentication modules.
+ 
+* throttling_bandwidth_ul:xxx (optional)
+
+The allocated bandwidth for uploads, in bytes per second.
+ 
+* throttling_bandwidth_dl:xxx (optional)
+
+The allocated bandwidth for downloads, in bytes per second.
+ 
+*user_quota_size:xxx (optional)
+
+The maximal total size for this account, in bytes.
+ 
+* user_quota_files:xxx (optional)
+
+The maximal number of files for this account.
+ 
+* ratio_upload:xxx and radio_download:xxx (optional)
+
+The user must match a ratio_upload:ratio_download ratio.
+
+* per_user_max:xxx (optional)
+
+The maximal authorized number of concurrent sessions.
+
+
+          ------------------------ EXAMPLE ------------------------
+          
+          
+Here's a very basic example. Our sample authentication program will only
+accept user 'john' with any password and return a fixed home directory and
+uid/gid.
+
+#! /bin/sh
+
+if test "$AUTHD_ACCOUNT" = "john"; then
+  echo 'auth_ok:1'
+  echo 'uid:69'
+  echo 'gid:42'
+  echo 'dir:/tmp'
+else
+  echo 'auth_ok:0'
+fi
+echo 'end'
+
+Let's say we save this file as /usr/bin/ftp-auth-handler
+
+Now, we have to run pure-authd and pure-ftpd, to connect them through a
+local socket and to tell pure-ftpd to use our external authentication module:
+
+pure-authd -s /var/run/ftpd.sock -r /usr/bin/ftp-auth-handler &
+pure-ftpd  -lextauth:/var/run/ftpd.sock &
+
+That's all. Now, we can only log in as 'john', as all FTP authentication is
+done by the shell script.

EVSE/GPL/pure-ftpd-1.0.49/README.Configuration-File

@@ -0,0 +1,31 @@
+Pure-FTPd strives to remain simple to operate, and keeps the number of
+knobs down to a minimum.
+
+Virtually everything can be set using command-line switches, so that a
+configuration file is not required.
+
+For example, the '-H' switch is recommended and avoids DNS lookups.
+
+To enable this feature, just add it right after the executable name:
+
+    /usr/local/sbin/pure-ftpd -H
+
+Long options are also supported. This is equivalent to the previous
+command:
+
+    /usr/local/sbin/pure-ftpd --dontresolve
+
+As an alternative to command-line switches, Pure-FTPd can use a
+configuration file. The set of supported features is the same no
+matter what way of configuring the server is beind used.
+
+A sample configuration file named pure-ftpd.conf should have been installed
+in /etc/, /usr/local/etc/ or another standard location derived from
+the package installation prefix.
+
+Tweak it according to your needs, and start the server using that file:
+
+    /usr/local/sbin/pure-ftpd /etc/pure-ftpd.conf
+
+Note the absence of switches. In order to avoid confusion, either a
+configuration file or a set of command-line switches can be used.

EVSE/GPL/pure-ftpd-1.0.49/README.Donations

@@ -0,0 +1,198 @@
+
+
+      ------------------------ SPECIAL THANKS ------------------------
+
+
+   Thanks a million to the following individuals and companies for their
+support:
+
+     * Jean-Matthieu Schaffhauser
+     * Fremonthost.com
+     * Hollow Moon Productions
+     * Vanco Computing
+     * Business Functions Ltd
+     * Oxalide
+     * Helmut Linnemann
+     * Andrei Mamontov
+     * Balazs Koren
+     * James Jones
+     * James Wyllie
+     * Jennifer Becker
+     * GadgetMadness.com
+     * Reiseführer index
+     * Hostpoint.ch - The data residence
+     * Charles McCharty
+     * Lee Whalen
+     * Kari Salminen
+     * Daniel J Gregor Jr
+     * UK Servers
+     * Kanmonline IT Services LLC
+     * Fabrice Anèche
+     * Puzzle ITC GmbH
+     * Markus Colombo
+     * LandM Internet Services, S.L.
+     * Dcrin3 Films
+     * Ilker Egilmez
+     * Akeem McLennon - Blue Laguna
+     * Miklos Erdos
+     * OKIHost Internet
+     * PHP4Hosting
+     * Peter Halverson
+     * Baruch Schwartz
+     * Balazs Koren
+     * Las Vegas Communication Solutions
+     * Marco Meile
+     * Ezoshosting
+     * Sean Durkin
+     * Emma Kane
+     * Anders Häggström, Intercorner.net
+     * Captain's Ancien Coins & Artifacts
+     * Anthony Volodkin
+     * NumeriZone SARL
+     * Boris Hajduk
+     * Horst Tellioglu
+     * Francisco Serrano Pons
+     * Charles Longeau (CHL)
+     * Xavier Martin (Xeu)
+     * Aaron Mueller
+     * Alexander Turcic & Rebecca Levin
+     * HTTPDNet.com
+     * David Aragao
+     * Gautam Vasudevan
+     * Alex Waldus
+     * Daniel Grossman
+     * ValueSERVER - Quality Servers
+     * Kevin Cornwell
+     * Ross Sieber
+     * Ikarios
+     * Aaron Marasco
+     * Kai Wembacher
+     * Johannes Beus
+     * Peter Gronholm
+     * Michael Hofmann
+     * Sören Fink
+     * Andrew Von Raalte
+     * Jon Fuller
+     * FrozenWebHost.com
+     * Oneil Pinto
+     * Techbox
+     * Daniel Prior DPITS
+     * Lauren Roberts
+     * Anton Dollmaier
+     * Anthony Jones
+     * Flash HQ
+     * Adam Muller
+     * Antoine Barrillon
+     * Troy Gladhill
+     * Iban Nieto
+     * Spinning-Wheel, LLC
+     * Francisco Roque
+     * Aboveaverage Hosting
+     * Aidan Findlater
+     * Joseph Mosser
+     * Michael Damm
+     * Maurice Funke - Viacobra Networks
+     * SC Web Services
+     * Frank Lane
+     * Popcorn Monsters
+     * Daniel Kissam
+     * Rogelio Rodriguez Cueto
+     * Isaac Straley
+     * Carlos Carluccio
+     * Clear-Data
+     * Steve Lavoie
+     * JD Harrington
+     * Scott Stout
+     * Ken Cochrane - CampRate
+     * Adrian Urquhart
+     * PaiCheng Tao
+     * Olly Culverhouse
+     * Host 4 Cents web hosting
+     * Fletcher & Fletcher
+     * Macrocosmic Technologies
+     * James Wyllie
+     * Luca Rizzi
+     * Ed Sullivan
+     * Kalin Stamenov
+     * Chris Alfano
+     * Andrew Butitta
+     * Data 2 Host
+     * SkulBoxx Cyber
+     * Patrice Damezin
+     * Andris Drulle
+     * Pro-G Media Ltd
+     * HostWerks.com, Inc
+     * Arto Bendiken
+     * Veloxia Networks
+     * Pascal Terjan
+     * Gabe Ramuglia
+     * Stefan Praszalowicz
+     * Mathieu Pillard
+     * Arto Bendiken
+     * Mitja Muzenic
+     * Ferca.com
+     * Hajo Kessener
+     * Khalid Ashein
+     * Christian Lange
+     * Paul-André Spiltoir
+     * Mr Alert - Free Website Monitoring Service
+     * Hiboox - Image hosting
+     * Failla Angelo Michele
+     * Yvo van Doorn
+     * Daniel Wallmark
+     * Mardala
+     * Karon Konsult
+     * Laurent Soron
+     * Interactive Concepts LLC
+     * Gerard de Brieder
+     * Peer Heinlein
+     * Eutechnyx LTD
+     * Samuel Liddicott
+     * Matthieu Parisot
+     * Johan Sörlin
+     * Siegfried Rottensteiner
+     * Miks Mikelsons
+     * Bohdan Sanders
+     * Laszlo Heredy
+     * Matt McNamara
+     * David Wasson
+     * Philippe Busson
+     * Keith Schawel
+     * Sushicam - Japan Photo Blog
+     * Thomas Trepl
+     * Robert Reuss
+     * Fused Network
+     * Robert Chao
+     * Dominic Perez
+     * Suhail Kazi
+     * Ecoder.com
+     * GridStock Inc
+     * Conchology Inc
+     * Richard Placek
+     * John Howell
+     * Brad Slavin - http://www.bsdatwork.com
+     * Paul Beasi
+     * Half a million dollar home page
+     * Bill Ferell
+     * EveryDNS.Net
+     * Isaac Eiland-Hall
+     * Jameson Swain
+     * Gary Mikutel
+     * Emmanuel Eichler
+     * AdminWay
+     * Techark
+     * PJI
+     * Ewing Creative Inc
+     * Web Wosters Hosting
+     * ETH0.US
+     * John Orazem
+     * SYN Hosting
+     * Jason Bolbach
+     * Wolvix.org
+     * HostingOne.net
+     * Ewdhosting.com
+     * Andreas Schiermeier
+     * Bashar Al-Abdulhadi CEO of KuwaitNET Internet services
+     * Steve Rieger
+     * Otto Bretz
+     * Mark H Krieger

EVSE/GPL/pure-ftpd-1.0.49/README.LDAP

@@ -0,0 +1,283 @@
+
+If you never heard about LDAP before, *DON'T* enable LDAP support in
+Pure-FTPd. LDAP is useless if you don't have to manage many shared accounts.
+But well... if you want to learn about LDAP anyway, here's a good starting
+point: http://www.openldap.org/
+
+
+       ------------------------ LDAP SUPPORT ------------------------
+
+
+Pure-FTPd has a built-in support for LDAP directories. When LDAP is
+enabled, all account info is fetched from a central LDAP directory.
+
+To compile the server with LDAP support, you first have to build and install
+OpenLDAP. OpenLDAP is freely available from http://www.openldap.org/ and
+binary packages are included in many major distributions. But if you choose
+a binary form, don't forget to also install the development packages if they
+are available separately.
+
+Then, configure Pure-FTPd with --with-ldap and your favorite extra gadgets:
+
+
+    ./configure --with-ldap --with-everything
+
+
+If your LDAP libraries are installed in a special path, you can specify it
+like this:
+
+
+    ./configure --with-ldap=/usr/local/openldap
+
+
+In this example, headers (ldap.h and lber.h files) will be searched in
+/usr/local/openldap/include, while related libraries will be searched in
+/usr/local/openldap/lib .
+
+Then, install the server as usual:
+
+
+                                 make install
+
+
+  ------------------------ LDAP CONFIGURATION FILE ------------------------
+  
+  
+Before running the server, you have to create a configuration file. Why a
+configuration file instead of simple command-line options? you may ask.
+Because for security reasons, you may want to hide how to connect to your
+LDAP server. And as command-line options can be discovered by local users
+(with 'ps auxwww' for instance), it's more secure to use a configuration
+file for sensitive data. Keep the file only readable by root (chmod 600) .
+
+Here's a sample configuration file:
+
+
+LDAPServer ldap.c9x.org
+LDAPPort   389
+LDAPBaseDN cn=Users,dc=c9x,dc=org
+LDAPBindDN cn=Manager,dc=c9x,dc=org
+LDAPBindPW r00tPaSsw0rD
+LDAPDefaultUID 500
+LDAPForceDefaultUID False
+LDAPDefaultGID 100
+LDAPForceDefaultGID False
+
+Well... the keywords should be self-explanatory, but here we go for some
+details anyway:
+
+- LDAPScheme is the scheme (aka protocol) to connect with to the LDAP server.
+It defaults to 'ldap'. To connect to a server listening on TLS port, set it
+to 'ldaps' (and change the port below).
+
+- LDAPServer is the LDAP server name (hey!) . It defaults to 'localhost'.
+
+- LDAPPort is the connection port. It defaults to 389, the standard port.
+Port value should be changed for 'ldaps' connection (the TLS port for an
+LDAP server is usually 636).
+
+- LDAPBaseDN is the search starting point for users accounts. Your tree must
+have posixAccount objects under that node.
+
+- LDAPBindDN is the DN we should bind the server for simple authentication.
+If you don't need authentication (ie. anonymous users can browse that part
+of the LDAP directory), just remove that line.
+
+- LDAPBindPW is the plaintext password to bind the previous DN. The
+configuration file should be only readable by root if you are using
+LDAPBindDN/LDAPBindPW.
+
+- LDAPDefaultUID and LDAPDefaultGID are default values for objects without
+any entry for them.
+
+- LDAPForceDefaultUID and LDAPForceDefaultGID - These options both default to
+`False`. Any value other than `True` (case insensitive) is also treated as
+`False`.  When set these options cause the respective uid or gid value returned
+by the LDAP server for a username to be ignored and instead use the value set
+by `LDAPDefaultUID` or `LDAPDefaultGID`.  If the appropriate `LDAPDefaultXID`
+option is not set, these options have no effect.
+
+This is useful for allowing users to authenticate against LDAP but access or
+create content with common a set of ownership/permissions.  It also provides a
+measure of security in that it prevents pure-ftpd processes from being created
+with arbitrary uid/gids that may conflict with local accounts.
+
+- LDAPFilter is the filter to use in order to find the object to authenticate
+against. The special sequence \L is replaced with the login of the user. The
+default filter is (&(objectClass=posixAccount)(uid=\L)) .
+
+- LDAPHomeDir is the attribute to get the home directory ('homeDirectory' by
+default) .
+
+- LDAPVersion is the protocol version to use. Version 3 is recommended and
+needed with OpenLDAP servers. It is the default.
+
+- LDAPUseTLS can be True or False. True means that the server should use TLS
+to connect to the LDAP server over ldap protocol. This property has no effect
+when ldaps protocol is used, as the connection is inherently secured with TLS.
+This was introduced in pure-ftpd 1.0.37.
+
+- LDAPAuthMethod can be BIND (experimental, but default if there is no
+LDAPBindDN) or PASSWORD (default if a LDAPBindDN is set). The former tries
+to authenticate users by binding, thus allowing to use an unprivileged LDAP
+account. The later requires a privileged LDAP accounts and the FTP server
+itself checks against the userPassword attribute.
+
+In fact, the only mandatory keyword is LDAPBaseDN. Other keywords are
+optional and defaults are ok for local testing.
+
+Save the configuration file anywhere. Let's say /etc/pureftpd-ldap.conf .
+
+Then, you have to run the pure-ftpd command with '-l ldap:' (it's an 'ell'
+not a 'one') followed by the path of that configuration file. Here's an
+example:
+
+
+pure-ftpd -l ldap:/etc/pureftpd-ldap.conf -B
+
+You can mix different authentication methods. For instance, if you want to
+use system (/etc/passwd) accounts when an account is not found in a LDAP
+directory, use -l ldap:/etc/pureftpd-ldap.conf -l unix
+
+
+      ------------------------ THE LDAP SCHEMA ------------------------
+
+
+Pure-FTPd uses the standard 'posixAccount' class to locate accounts. With
+OpenLDAP, that class is defined in the 'nis' schema.
+
+FTP login names should match 'uid' attributes of 'posixAccount' instances.
+When a user logs in as 'joe', the following filter is used to locate Joe's
+account:
+
+
+                   (&(objectClass=posixAccount)(uid=joe))
+
+
+Here's a sample entry in LDIF format:
+
+
+dn: cn=Joe,dc=rtchat,dc=com
+objectClass: posixAccount
+cn: Joe
+uid: joe
+uidNumber: 500
+gidNumber: 100
+homeDirectory: /home/joe
+userPassword: {scrypt}$7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+
+
+'userPassword' is the password hashed with the system 'crypt' function,
+MD5, SHA, SMD5, SSHA, SCRYPT or ARGON2.
+
+Do not use MD5, SHA, SMD5 or SSHA except if you really have to. Use {crypt}
+with the strongest algorithm supported by your implementation. Or better,
+use {scrypt} or {argon2}.
+
+Please note that a login can only contains common characters: A...Z, a...z,
+0...9, -, ., _, space, :, @ and ' . For paranoia purposes, other characters
+are forbidden.
+
+If you don't want to use posixAccount objects, you can edit src/log_ldap.h
+to customize attribute names.
+
+
+  ----------- EXTENDED LDAP SCHEMA (QUOTAS, THROTTLING, RATIOS) ----------
+
+
+To enable quotas, download/upload rate throttling and/or download/upload
+ratios, an extended LDAP schema is needed.  This modified schema also allows
+you to completely enable and disable users' FTP access by simply changing
+the "FTPStatus" field in their LDAP entry.
+
+Simply copy the included pureftpd.schema file to your OpenLDAP schema
+directory (/usr/local/etc/openldap/schema in this example) and add the
+appropriate line to your slapd.conf, like so:
+
+
+include         /usr/local/etc/openldap/pureftpd.schema
+
+
+This schema defines a new objectClass, PureFTPdUser, which contains the
+*OPTIONAL* status, quota, throttling and ratio fields as in the example
+below:
+
+
+dn: uid=Ichiro,dc=gmo,dc=jp
+objectClass: PureFTPdUser
+objectClass: posixAccount
+cn: Ichiro
+uid: Ichiro
+uidNumber: 888
+gidNumber: 888
+homeDirectory: /home/ichiro
+userPassword: {crypt}$1$w58NLo5z$NHhr6GzSPw0qxaxs3PAaK/
+FTPStatus: enabled
+FTPQuotaFiles: 50
+FTPQuotaMBytes: 10
+FTPDownloadBandwidth: 50
+FTPUploadBandwidth: 50
+FTPDownloadRatio: 5
+FTPUploadRatio: 1
+
+The example is mostly self-explanatory. FTPQuotaMBytes is the quota size in
+megabytes. FTPDownloadBandwidth and FTPUploadBandwidth are in KB/sec.
+
+FTPStatus should be either "enabled" or "disabled". If the FTPStatus field
+exists and is set to anything except "enabled", the user will not be
+permitted to log in. If the FTPStatus field does not exist, the user *WILL*
+be allowed to log in as normal, to allow LDAP users without the PureFTPdUser
+objectClass.
+
+There are also optional FTPuid and FTPgid attributes. If present, they will
+override uidNumber and gidNumber values, so that you can have different
+uid/gid mapping for FTP and for other services.
+
+Please note that all of the FTP* LDAP fields are optional for the
+PureFTPdUser objectClass. You can have a user with just FTPQuotaFiles and
+FTPQuotaMBytes set, for example, if you only wish to enforce a quota, but
+not throttle the user's bandwidth or enforce ratios.
+
+Of course, you must make sure to enable the features you wish to use at
+compile time (--with-quotas, --with-throttling, --with-ratios) .
+
+
+      ------------------------ ANONYMOUS USERS ------------------------
+
+
+If you want to accept anonymous users on your FTP server, you don't need to
+have any 'ftp' user in the LDAP directory. But you need to have a system
+'ftp' account on the FTP server.
+
+
+        ------------------------ ROOT USERS ------------------------
+
+
+If an LDAP user entry has a root (0) uidNumber and/or gidNumber, Pure-FTPd
+will refuse to log them in.
+
+Without this preventive restriction, if your LDAP server ever gets
+compromised, the attacker could also easily compromise the FTP server.
+
+
+           ------------------------ ARGON2 ------------------------
+
+
+Password hashed with argon2i and argon2id can be used, provided that pure-ftpd
+was linked to libsodium.
+
+They are expected to be provided as a string, as returned by the
+crypto_pwhash_str() function or by its bindings.
+
+
+           ------------------------ SCRYPT ------------------------
+
+
+Password hashed with scrypt can be used, provided that pure-ftpd was linked to
+libsodium.
+
+They are expected to be provided in escrypt format, as returned by the
+crypto_pwhash_scryptsalsa208sha256_str() function or by its bindings.
+
+For example, the string $7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+would verify the password "test".

EVSE/GPL/pure-ftpd-1.0.49/README.MacOS-X

@@ -0,0 +1,40 @@
+
+
+     ------------------------ OSX SPECIFIC NOTES ------------------------
+
+The easiest way to install Pure-FTPd is to use Homebrew:
+
+$ brew install pure-ftpd
+
+Available options are:
+
+--with-mysql
+	Build with mysql support
+--with-postgresql
+	Build with postgresql support
+--with-virtualchroot
+	Follow symbolic links even for chrooted accounts
+
+
+To get Pure-FTPd authenticate against system users on OSX, you have to
+use PAM.
+       
+$ ./configure --with-pam <your other favorite options like --with-everything>
+$ make install-strip
+
+  Create a /etc/pam.d/pure-ftpd file:
+ 
+# pure-ftpd: auth account password session
+auth       required       pam_opendirectory.so
+account    required       pam_permit.so
+password   required       pam_deny.so
+session    required       pam_permit.so
+
+  Start the FTP server:
+
+$ /usr/local/sbin/pure-ftpd -lpam -B
+ 
+
+To take advantage of Bonjour, please add --with-bonjour to ./configure
+switches and give the server a Bonjour service name with the -v (--bonjour=)
+switch.

EVSE/GPL/pure-ftpd-1.0.49/README.MySQL

@@ -0,0 +1,271 @@
+
+
+    ------------------------ MYSQL/MARIADB SUPPORT ------------------------
+
+
+When MySQL is enabled, all account info is fetched from a central MySQL
+or MariaDB database.
+
+To compile the server with MySQL/MariaDB support, you first have to build and
+install the MySQL client libraries. MariaDB is freely available from
+https://mariadb.org/ and binary packages are included in many major
+distributions. But if you choose a binary form, don't forget to also install
+the development packages if they are available separately. For example, on
+Debian/Ubuntu systems, the package to install is called
+libmariadb-client-lgpl-dev.
+
+Then, configure Pure-FTPd with --with-mysql and your favorite extra gadgets:
+
+
+    ./configure --with-mysql --with-everything
+
+
+If your MySQL libraries are installed in a special path, you can specify it
+like this:
+
+
+    ./configure --with-mysql=/opt/mysql
+
+
+In this example, headers (like mysql.h) will be searched in
+/opt/mysql/include and /opt/mysql/include/mysql, while related libraries
+will be searched in /opt/mysql/lib and /opt/mysql/lib/mysql .
+
+Then, install the server as usual:
+
+
+                                 make install
+
+
+ ------------------------ MYSQL CONFIGURATION FILE ------------------------
+           
+
+Before running the server, you have to create a configuration file. Why a
+configuration file instead of simple command-line options? you may ask.
+For security reasons, you may want to hide how to connect to your
+MySQL server. And as command-line options can be discovered by local users
+(with 'ps auxwww' for instance), it's more secure to use a configuration
+file for sensitive data. Keep it readable only by root (chmod 600) .
+
+Here's a sample configuration file:
+
+#MYSQLServer     localhost
+#MYSQLPort       3306
+MYSQLSocket     /tmp/mysql.sock
+MYSQLUser       root
+MYSQLPassword   rootpw
+MYSQLDatabase   pureftpd
+MYSQLCrypt      cleartext
+MYSQLGetPW      SELECT Password FROM users WHERE User="\L"
+MYSQLGetUID     SELECT Uid FROM users WHERE User="\L"
+MYSQLGetGID     SELECT Gid FROM users WHERE User="\L"
+MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"
+
+Have a look at the sample pureftpd-mysql.conf configuration file for
+explanations of every keyword.
+
+Save the configuration file anywhere. Let's say /etc/pureftpd-mysql.conf .
+
+Then, you have to run the pure-ftpd command with '-l mysql:' (it's an 'ell'
+not a 'one') followed by the path of that configuration file.
+
+Example:
+
+pure-ftpd -l mysql:/etc/pureftpd-mysql.conf -B
+
+You can mix different authentication methods. For instance, if you want to
+use system (/etc/passwd) accounts when an account is not found in a MySQL
+database, use -l mysql:/etc/pureftpd-mysql.conf -l unix
+
+
+     ------------------------ TABLES STRUCTURES ------------------------
+     
+     
+Pure-FTPd is very flexible and users can be stored in any way in SQL tables.
+You just have to have fields with the following info:
+
+- The user's login.
+
+- The user's password, hashed using argon2 (argon2id or argon2i), scrypt or
+crypt(3). SHA1, MD5, and MySQL's password() format are supported for legacy
+reasons, but shouldn't be used any more. Pure-FTPd also accepts the "any"
+value for the MySQLCrypt field. With "any", all hash functions are
+sequentially tried.
+
+* RECOMMENDATION: Do not use SHA1, MD5, or, obviously, plaintext. Unless your
+system provides a decent crypt() function, use a MySQL function to verify
+the hashed password or use argon2/scrypt.
+
+- The system uid to map the user to. This can be a numeric id or a user
+name, looked up at run-time.
+
+- The system gid (numeric or not) .
+
+- The home directory.
+
+Here's a dump of a simple table to handle this:
+
+CREATE TABLE users (
+  User VARCHAR(255) BINARY NOT NULL,
+  Password VARCHAR(255) BINARY NOT NULL,
+  Uid INT NOT NULL default '-1',
+  Gid INT NOT NULL default '-1',
+  Dir VARCHAR(255) BINARY NOT NULL,
+  PRIMARY KEY (User)
+);
+
+Uid and Gid can be char() instead of int() if you want to use names instead
+of values.
+
+Then, in the pureftpd-mysql.conf configuration file, you have to provide SQL
+templates to fetch the needed info.
+
+Let's take the previous example:
+
+MYSQLGetPW      SELECT Password FROM users WHERE User="\L"
+MYSQLGetUID     SELECT Uid FROM users WHERE User="\L"
+MYSQLGetGID     SELECT Gid FROM users WHERE User="\L"
+MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"
+
+For each query:
+
+\L is replaced by the login of a user trying to authenticate.
+\I is replaced by the IP address the client connected to.
+\P is replaced by the port number the client connected to.
+\R is replaced by the remote IP address the client connected from.
+\D is replaced by the remote IPv4 address, as a long decimal number.
+
+You can mix all of these to store info in various tables. For instance, with
+\I, you can have a different table for every domain, so that joe@domain1
+won't be the same account as joe@domain2 . And with \R, you can restrict
+one account to one specific address.
+
+Multiple statements can be used using a semicolon (";") as a delimiter.
+
+Please note that a login can only contain common characters: A...Z, a...z,
+0...9, -, ., _, space, :, @ and ' . For security purposes, other characters
+are forbidden.
+
+You can also remove uid and gid fields in your tables and use default
+values instead (thus saving useless lookups) . Two directives are
+useful to serve that purpose: MYSQLDefaultUID and MYSQLDefaultGID.
+
+Obvious example:
+
+MYSQLDefaultUID 1000
+MYSQLDefaultGID 1000
+
+Using these directives overrides MYSQLGetUID and MYSQLGetGID.
+
+
+           ------------------------ ARGON2 ------------------------
+
+
+Password hashed with argon2i and argon2id can be used, provided that pure-ftpd
+was linked to libsodium.
+
+They are expected to be provided as a string, as returned by the
+crypto_pwhash_str() function or by its bindings.
+
+
+           ------------------------ SCRYPT ------------------------
+
+
+Password hashed with scrypt can be used, provided that pure-ftpd was linked to
+libsodium.
+
+They are expected to be provided in escrypt format, as returned by the
+crypto_pwhash_scryptsalsa208sha256_str() function or by its bindings.
+
+For example, the string $7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+would verify the password "test".
+
+
+     ------------------------ PER-USER SETTINGS ------------------------
+
+
+Individual settings can be set for every user, using optional queries.
+
+- MySQLGetQTAFS is the maximal number of files a user can store in his home
+directory.
+
+Example:
+MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User="\L"
+
+- MySQLGetQTASZ is the maximal disk usage, in Megabytes.
+
+Example:
+MySQLGetQTASZ  SELECT QuotaSize FROM users WHERE User="\L"
+
+- MySQLGetRatioUL and MySQLGetRatioDL are optional ratios.
+
+Example:
+MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
+MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
+
+- MySQLGetBandwidthUL and MySQLGetBandwidthDL are optional upload and
+download bandwidth restrictions. Returned values should be in KB/s.
+
+Example:
+MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
+MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
+
+- MySQLForceTildeExpansion is yet another optional feature, to enable "~"
+expansion in paths. 0 disables it (default), 1 enables it. Only enable this
+if real (system) users and virtual (MySQL) users match. In all other cases,
+don't enable it blindly.
+
+
+       ------------------------ TRANSACTIONS ------------------------
+
+
+If you upgraded your tables to transaction-enabled tables, you can configure
+Pure-FTPd to take advantage of transactions. That way, you can be sure that
+all info parsed by the server is complete even if you're updating it at the
+same time.
+
+To enable transactions, add this line:
+
+MySQLTransactions On
+
+Don't enable transactions on tables that still are in ISAM or MyISAM
+formats. Transactions are only working with newer backends (Gemini, InnoDB,
+BerkeleyDB...) and in recent MySQL versions.
+
+
+     ------------------------ STORED PROCEDURES ------------------------
+
+
+Mike Goins says:
+
+To get pure-ftp to use a MySQL 5 stored procedure, use statements like:
+
+MYSQLGetDir   CALL get_path_from_name("\L")
+instead of
+MYSQLGetDir   SELECT user_dir FROM user WHERE user_name="\L"
+
+Note that this requires the type of Stored Procedure that returns a result set
+in a single call as opposed to the two call method:
+CALL sp('value', @a); SELECT @a
+
+
+      ------------------------ ANONYMOUS USERS ------------------------
+
+
+If you want to accept anonymous users on your FTP server, you don't need to
+have any 'ftp' user in the MySQL directory. But you need to have a system
+'ftp' account on the FTP server.
+
+
+        ------------------------ ROOT USERS ------------------------
+
+
+If a MySQL user entry has a root (0) uid and/or gid, Pure-FTPd will refuse
+to log them in.
+
+Without this preventive restriction, if your MySQL server ever gets
+compromised, the attacker could also easily compromise the FTP server.
+
+Security barriers are also implemented to avoid bad implications if wrong
+data types (eg. binary blobs instead of plain text) are fetched with SQL
+queries.

EVSE/GPL/pure-ftpd-1.0.49/README.PGSQL

@@ -0,0 +1,245 @@
+
+       ----------------------- PostgreSQL SUPPORT ------------------------
+
+
+When PostgreSQL is enabled, all account info are fetched from a central
+Postgres database.
+
+To compile the server with PostgreSQL support, you first have to build and
+install the PostgreSQL client libraries. PostgreSQL is freely available from
+http://www.postgresql.org/ and binary packages are included in many major
+distributions. But if you choose a binary form, don't forget to also install
+the development packages if they are available separately.
+
+Then, configure Pure-FTPd with --with-pgsql and your favorite extra gadgets:
+
+
+    ./configure --with-pgsql --with-everything
+
+
+If your PostgreSQL libraries are installed in a special path, you can specify
+it like this:
+
+
+    ./configure --with-pgsql=/opt/pgsql
+
+
+In this example, headers (like pgsql.h) will be searched in
+/opt/pgsql/include and /opt/pgsql/include/pgsql, while related libraries
+will be searched in /opt/pgsql/lib and /opt/pgsql/lib/pgsql .
+
+Then, install the server as usual:
+
+
+                                 make install
+
+
+ ------------------------ PGSQL CONFIGURATION FILE ------------------------
+           
+
+Before running the server, you have to create a configuration file. Why a
+configuration file instead of simple command-line options? you may ask.
+Because for security reasons, you may want to hide how to connect to your
+PostgreSQL server. And as command-line options can be discovered by local users
+(with 'ps auxwww' for instance), it's more secure to use a configuration
+file for sensitive data. Keep it readable only by root (chmod 600) .
+
+Here's a sample configuration file:
+
+PGSQLServer     localhost
+PGSQLPort       5432
+PGSQLUser       root
+PGSQLPassword   rootpw
+PGSQLDatabase   pureftpd
+PGSQLCrypt      cleartext
+PGSQLGetPW      SELECT "Password" FROM "users" WHERE "User"='\L'
+PGSQLGetUID     SELECT "Uid" FROM "users" WHERE "User"='\L'
+PGSQLGetGID     SELECT "Gid" FROM "users" WHERE "User"='\L'
+PGSQLGetDir     SELECT "Dir" FROM "users" WHERE "User"='\L'
+
+Have a look at the sample pureftpd-pgsql.conf configuration file for
+explanations of every keyword.
+
+Save the configuration file anywhere. Let's say /etc/pureftpd-pgsql.conf .
+
+Then, you have to run the pure-ftpd command with '-l pgsql:' (it's an 'ell'
+not a 'one') followed by the path of that configuration file. Here's an
+example:
+
+pure-ftpd -l pgsql:/etc/pureftpd-pgsql.conf -B
+
+
+You can mix different authentication methods. For instance, if you want to
+use system (/etc/passwd) accounts when an account is not found in a PostgreSQL
+database, use -l pgsql:/etc/pureftpd-pgsql.conf -l unix
+
+
+     ------------------------ TABLES STRUCTURES ------------------------
+     
+     
+Pure-FTPd is very flexible and users can be stored in any way in SQL tables.
+You just have to have fields with the following info:
+
+- The user's login.
+
+- The user's password, hashed using argon2, scrypt or crypt(3). SHA1 and MD5
+are also supported for legacy reasons, but shouldn't be used any more.
+Pure-FTPd also accepts the "any" value for the PGSQLCrypt field.
+With "any", all hash functions are sequentially tried.
+
+* RECOMMENDATION: Do not use SHA1, MD5, or, obviously, plaintext. Unless your
+system provides a decent crypt() function, use a PostgreSQL function to verify
+the hashed password or use argon2/scrypt.
+
+- The system uid to map the user to. This can be a numeric id or a user
+name, looked up at run-time.
+
+- The system gid (numeric or not) .
+
+- The home directory.
+
+Here's a dump of a simple table to handle this:
+
+CREATE TABLE "users" (
+  "User" TEXT NOT NULL,
+  "Password" TEXT NOT NULL,
+  "Uid" INTEGER NOT NULL default '-1',
+  "Gid" INTEGER NOT NULL default '-1',
+  "Dir" TEXT NOT NULL,
+  PRIMARY KEY ("User")
+) WITHOUT OIDS;
+
+Uid and Gid can be VARCHAR instead of INTEGER if you want to use names instead
+of values.
+
+Then, in the pureftpd-pgsql.conf configuration file, you have to provide SQL
+templates to fetch the needed info.
+
+Let's take the previous example:
+
+PGSQLGetPW      SELECT "Password" FROM "users" WHERE "User"='\L'
+PGSQLGetUID     SELECT "Uid" FROM "users" WHERE "User"='\L'
+PGSQLGetGID     SELECT "Gid" FROM "users" WHERE "User"='\L'
+PGSQLGetDir     SELECT "Dir" FROM "users" WHERE "User"='\L'
+
+For each query:
+
+\L is replaced by the login of a user trying to authenticate.
+\I is replaced by the IP address the client connected to.
+\P is replaced by the port number the client connected to.
+\R is replaced by the remote IP address the client connected from.
+\D is replaced by the remote IPv4 address, as a long decimal number.
+
+You can mix all of these to store info in various tables. For instance, with
+\I, you can have a different table for every domain, so that joe@domain1
+won't be the same account than joe@domain2 . And with \R, you can restrict
+one account to one specific address.
+
+Please note that a login can only contains common characters: A...Z, a...z,
+0...9, -, ., _, space, :, @ and ' . For security purposes, other characters
+are forbidden.
+
+You can also remove uid and gid fields in your tables and use default
+values instead (thus saving useless lookups) . Two directives are
+useful to serve that purpose: PGSQLDefaultUID and PGSQLDefaultGID.
+
+Obvious example:
+
+PGSQLDefaultUID 1000
+PGSQLDefaultGID 1000
+
+Using these directives overrides PGSQLGetUID and PGSQLGetGID.
+
+
+           ------------------------ ARGON2 ------------------------
+
+
+Password hashed with argon2i and argon2id can be used, provided that pure-ftpd
+was linked to libsodium.
+
+They are expected to be provided as a string, as returned by the
+crypto_pwhash_str() function or by its bindings.
+
+
+           ------------------------ SCRYPT ------------------------
+
+
+Password hashed with scrypt can be used, provided that pure-ftpd was linked to
+libsodium.
+
+They are expected to be provided in escrypt format, as returned by the
+crypto_pwhash_scryptsalsa208sha256_str() function or by its bindings.
+
+For example, the string $7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+would verify the password "test".
+
+
+     ------------------------ PER-USER SETTINGS ------------------------
+
+
+Individual settings can be set for every user, using optional queries.
+
+- PGSQLGetQTAFS is the maximal number of files a user can store in his home
+directory.
+
+Example:
+PGSQLGetQTAFS SELECT "QuotaFiles" FROM "users" WHERE "User"='\L'
+
+- PGSQLGetQTASZ is the maximal disk usage, in Megabytes.
+
+Example:
+PGSQLGetQTASZ SELECT "QuotaSize" FROM "users" WHERE "User"='\L'
+
+- PGSQLGetRatioUL and PGSQLGetRatioDL are optional ratios.
+
+Example:
+PGSQLGetRatioUL SELECT "ULRatio" FROM "users" WHERE "User"='\L'
+PGSQLGetRatioDL SELECT "DLRatio" FROM "users" WHERE "User"='\L'
+
+- PGSQLGetBandwidthUL and PGSQLGetBandwidthDL are optional upload and
+download bandwidth restrictions. Returned values should be in KB/s.
+
+Example:
+PGSQLGetBandwidthUL SELECT "ULBandwidth" FROM "users" WHERE "User"='\L'
+PGSQLGetBandwidthDL SELECT "DLBandwidth" FROM "users" WHERE "User"='\L'
+
+
+
+      ------------------------ ANONYMOUS USERS ------------------------
+
+
+If you want to accept anonymous users on your FTP server, you don't need to
+have any 'ftp' user in the PGSQL directory. But you need to have a system
+'ftp' account on the FTP server.
+
+
+        ------------------------ ROOT USERS ------------------------
+
+
+If a PGSQL user entry has a root (0) uid and/or gid, Pure-FTPd will refuse
+to log them in.
+
+Without this preventive restriction, if your PGSQL server ever gets
+compromised, the attacker could also easily compromise the FTP server.
+
+Security barriers are also implemented to avoid bad implications if wrong
+data types (eg. binary blobs instead of plain text) are fetched with SQL
+queries.
+
+
+Hint:
+
+PostgreSQL supports views and it's common practice to define a new DB
+user, e.g., ftpd and a view of the 'real' user database with just the
+bits that the server needs. E.g., if you have virtual domains you
+could use:
+
+create view vftpd as select u.vuser, u.domain, u.passwd, d.uid, d.gid,
+'/virtual/' || u.domain || '/' || u.vuser || '/./' as homedir
+from vusers as u, vdomains as d where u.domain = v.domain;
+
+grant select on vftpd to ftpd;
+
+The definition of homedir shows how views can be used to enforce a
+canonical form for home directories - nothing short of defining this
+view will allow a user to drop the chroot from their home directory.

EVSE/GPL/pure-ftpd-1.0.49/README.TLS

@@ -0,0 +1,314 @@
+
+
+         ------------------------ TLS SUPPORT ------------------------
+
+Pure-FTPd supports encryption of the control and data channels using
+TLS security mechanisms.
+
+When this extra security layer is enabled, login and passwords are no more
+sent as cleartext. Neither are other commands sent by your client nor replies
+made by the server.
+
+
+         ------------------------ COMPILATION ------------------------
+
+To support TLS, the OpenSSL library must already be installed on your
+system. This is a common requirement so your operating system probably
+already ships with it.
+
+Pure-FTPd also has to be configured with the --with-tls switch before
+compilation :
+
+  ./configure --with-tls ...
+  make install-strip
+
+If something goes wrong, try to bring your OpenSSL library up-to-date.
+
+
+        ------------------------ CERTIFICATES ------------------------
+
+
+TLS connections require certificates, as well as their key.
+
+Both can be bundled into a single file. If you have both a `.pem` file
+and a `.key` file, just concatenate the content of the `.key` file to
+the `.pem` file.
+
+By default, Pure-FTPd will look for a cert+key bundle in the
+/etc/ssl/private/pure-ftpd.pem file.
+
+The location can be changed at compile-time with the --with-certfile
+and --with-keyfile options passed to ./configure.
+
+It can also be changed at runtime, with the CertFile option in the
+configuration file:
+
+CertFile                     /etc/ssl/private/pure-ftpd.pem
+or
+CertFileAndKey               /etc/pure-ftpd.pem /etc/pure-ftpd.key
+
+The former is for a bundle, the later loads two files.
+
+If you already have a certificate for another service on the same host
+(commonly for HTTPS), you can use it as well with Pure-FTPd and other
+TLS-enabled services.
+
+Both RSA and ECDSA signatures are supported, but not simultaneously.
+
+For testing purposes, a self-signed certificate can be created as follows:
+
+mkdir -p /etc/ssl/private
+
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
+
+openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
+  /etc/ssl/private/pure-ftpd.pem \
+  -out /etc/ssl/private/pure-ftpd.pem
+
+chmod 600 /etc/ssl/private/*.pem
+
+In this example, 2048 is the number of bits used for the RSA key.
+
+Here's what the /etc/ssl/private/pure-ftpd.pem should look like :
+
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDV8A/fexof9ttn
+uqpwCxXN3C019v40ByGqlfmg8SbTnkjtyt5FLw3ICoxBbQtQ65aYSAv5KtiGQbuc
+BZC+FGbR3rIokvHnbhsdLvIvWym+W+VR6U2P8VnbHWd3iSe0xMeTwGJgP9TC8r+c
+KfLX9a8EkTKL2iAVRhXuu/it7/A3T2rEomBRWGpmbE+AT69vP2T5ruQ9D7w21GcG
+S6ylqlfhRBy61ct3WI1jVR2W5BOXfE8LxgGuJYt0XY+dTrluqen9li8w5ju+3tlA
+9PsIl4ckjmYBZm1E7LqoSYDbIh/8D4kUQFLFm6xf27cUOEg3uYAJo5x3SfYlKsSm
+6PKzhzDIKcJ1896XG2AHOdIby9VoL8mZwjuMkmmrl1yro++g4XNnMIaTkajPgFzr
+NxQ195lXAgMBAADCggEBAMoqmCVc5Dwuf/mO+T72Cr3FgefMJz4tOxBDt2jyWfmC
+S3KC0fZY19IgvZeaHyZx6pavBrmIVqLQfSScUcJ97wgGRR94dSZ48yBp260KnfDo
+UFVOfeA3d+1K5RqdvqrhhaPHGm/QAhPTZ2SgUl8fEPqr7eZU4HhAcyPaLCMKFsV/
+lbfY2C4Kq54o2m1uHFTertx5niE4Yx6ALqBB66rR4It7lnr7kBhAnIsCYj7ENGrU
+6C1PzjpvrqjWqnYjbmzUov7b4S308YGqWKrfkJxTrviVaITI1XznAHlTBDLkuU1l
+eSyZ0YP3Gfd82j9fhdugH2nLxLCttcmGNOaA87VlXL/oZaYI5P5xqjyjkCgYEA6x
+Fy30dcPM+VKDhnp2QBbHrJC0zr88Hn4qYxIfyoPtjrvTb+vSI703Cd0rc00alGK6
+YZZKDV1NYKw8/r2uHRXgbpptYdRKz+GrsgNdORycKXkmWXw+ChIHsl/UghHG60jy
+KNPSkOJgPXIseJDn2ZcqlFLkl6sCgYEA6Pr+L1otzG//ROJdBV58yHO0V2KF9VKM
+amt5RUWkqRqfOiE0i5T3nmBPPflNB4bdj8qe+DwoPly2SJMihT7KQqvg54V/ZVb+
+jXY0fNLEDhJ0PdboB2I/r6SuWBNJyXF8AAewzcDF3PlBr/JGOHF4XGmOLVmiNL/N
++6RPLW5i6QUCgYA0sRq2M9QsGCy61xkTDwf2xbbSQ/6bTCPpZbHIKn98wDzXkOwr
+XMqneD7teYiBUi98jhMiMOMmaygEDsU8TpW2vSa0+CaL6zR17Itr/015Wj6SrkDw
+G/TvckxGt5MzB7hYRYZYI0bdCOMPpkAxipluRG/SFh+FvuVZTpsKuDHpFQKBgFrA
+ThXzmNlx069BYNj2NGL0AI8ueQlIca84tAlLMAMrPQw5gfgeVSBdzWuRV9SX1+1L
+EZuT037XuLaIcMHbsT6N/0u69mwFqn6y6gSQUwbhAoGAYa6eN7KUA0Xri5zrABst
+S2PP2rrmrnFLohNJ5CAWR7vvk6aKkMd+hEAJTk6s+vc7B3NHR/icIu1CnXWxKhB7
+AI0SIL0losHuBfCst8CTpqZ//Jjvi0IbOm+SNI/aqYcrrHrzdkSWYLC6Ll16Ckrg
+xeBXhXuiP9wEJSDmg7wb1t0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfwCCQC/UlBaK8CNnDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJG
+UjEOMAwGA1UEBwwFUGFyaXMxEjAQBgNVBAoMCVB1cmUtRlRQZDEZMBcGA1UEAwwQ
+ZnRwLnB1cmVmdHBkLm9yZzAeFw0xNTAyMjExNDE1MTlaFw0xNTAMzjMxNDE1MTla
+MEwxCzAJBgNVBAYTAkZSMQ4wDAYDVQQHDAVQYXJpczESMBAGA1UECgwJUHVyZS1G
+VFBkMRkwFwYDVQQDDBBmdHAucHVyZWZ0cGQub3JnMIIBIjANBgkqhkiG9w0BAQEF
+FEBSxZusX9u3FDhIN7mACaOcd0n2JSrEpujys4cwyCnCdfPelxtgBznSG8vVaC/J
+IBCgKCAQEA1fAP33saH/bbZ7qqcAsVzdwtNfb+NAchqpX5oPEmqGSIb3DQEB055I
+7creRS8NyAqMQW0LUOuWmEgL+SrYhkG7nAWQvhRm0d6yKJLx524bHS7yL1spvlvl
+UelNj/FZ2x1nd4kntMTHk8BiYD/UwvK/nEuspapX4UQcutXLd1iNY1UdluQTl3xP
+C8YBriWLdF2PnU65bqnp/ZYvMOY7vt7ZQPT7CJeHJI5mAWZtROy6qEmA2yIf/A+J
+mcI7jJJpq5dc6qAAOCAQ8AMIPvoOF3ksmdGD9xn3fNozcUNfeZVwIDAQABMA0GCS
+BqUAA4IBAQDT768mdG071/m6V1N4qeM5PVrpa5eB5mulE7JPBOPJADmw6YwYaSWJ
+90wE+YuU6DiDbRxHtWiCMwHoCH42fxU7BDVNrc3L614v1kUQGTLlHPyAUs6KZvz0
+Rko2y6Dzj+kVaJiWFKi+zWwWnf9P4wLYafv/n5EHKmEt1K83UE0h5r64fhwX9vH7
+6NHCMbmSDXgHjnv3rZKOOKN85ZYr2vKX+rTvASh2nxp2bbNM1XpfyuH2vbWL3J+E
+mFCaj3/lD880kHnTaTwo3Kg0SQy/Axe2LhX3zj+kSD2A9k6wtGcKttjrt4kNGaFc
+BlhkOrwnAhqbm5N3VQCB63CRpuuCVmYz
+-----END CERTIFICATE-----
+
+If you need client certificate verification, prefix the list of
+ciphers (-J/--tlsciphersuite) with -C:
+
+pure-ftpd --tlsciphersuite=-C:HIGH -Y2 ...
+
+If you want to do certificate-based client authentication, their
+public key must be included in the pure-ftpd.pem file.
+
+If multiple domains are used on the same server, each with its
+own certificate, Pure-FTPd supports SNI and custom certificate
+handlers (see down below).
+
+
+   ------------------------ ACCEPTING TLS SESSIONS ------------------------
+
+Once the certificate has been installed, you need to start a TLS-enabled
+pure-ftpd daemon with the -Y (or --tls=) switch. Example :
+
+/usr/local/sbin/pure-ftpd --tls=1 &
+
+- With "--tls=0", support for TLS is disabled. This is the default.
+
+- With "--tls=1", clients can connect either the traditional way or through an
+TLS layer. This is probably the setting you need if you want to enable
+TLS without having too many angry customers.
+
+- With "--tls=2", cleartext sessions are refused and only TLS compatible
+clients are accepted.
+
+- With "--tls=3", cleartext sessions are refused and only TLS compatible
+clients are accepted. Clear data connections are also refused, so private
+data connections are enforced. This is an extreme setting.
+
+When TLS has been successfully negotiated for a connection, you'll see
+something similar to this in log files :
+
+<<
+TLS: Enabled TLSv1/SSLv3 with ECDHE-ECDSA-AES128-GCM-SHA256, 128 secret bits cipher
+>>
+
+
+ ------------------------ CUSTOM CERTIFICATE HANDLERS ------------------------
+
+If multiple domains are used to access the server, each with their own
+certificate, Pure-FTPd supports the SNI (Server Name Indication) extension, as
+well as a flexible mechanism to map names to certificates.
+
+The pure-certd daemon needs to be started along with the FTP server.
+
+pure-certd listens to certificate requests, runs arbitrary commands written in
+any programming language, provides them the client SNI name, and returns what
+action has to be taken, and/or where the certificate to use is located.
+
+pure-certd command-line options follow:
+
+-B      --daemonize
+-g      --gid   <opt>
+-h      --help
+-p      --pidfile       <opt>
+-r      --run   <opt>
+-s      --socket        <opt>
+-u      --uid   <opt>
+
+The mandatory ones are --run and --socket. The former indicates what command
+to run in order to return actions and certificates, the later is a path to the
+local UNIX socket that will be created in order to communicate with the FTP
+server.
+
+Example usage:
+
+pure-certd --run /opt/pure-ftpd/bin/certificate-handler.sh \
+           --socket /var/run/ftpd-certs.sock
+
+The command can access the SNI name in an environment variable named
+CERTD_SNI_NAME. If this is a shell script, make sure that the file is
+executable.
+
+The command should print the following lines to the standard output:
+
+action:xxx
+cert_file:yyy (optional)
+key_file:zzz  (optional)
+end
+
+With xxx being one of:
+
+- deny: access is denied
+- default: the default certificate will be used
+- strict: the certificate whose path is indicated in "cert_path" will be used.
+If absent or invalid, access will be denied.
+- fallback: the certificate whose path is indicated in "cert_path" will be used.
+If absent or invalid, the default certificate will be used instead.
+
+yyy is the absolute path on the filesystem where the certificate is located.
+It can be a certificate+key bundle.
+
+zzz is optional and is the path to the certificate secret key, if it is not
+bundled into the PEM file.
+
+If the action is "deny" or "default", "cert_file" and "key_file" do not have
+to be provided.
+
+Here is a trivial example script logging the SNI name, and returning a fixed
+certificate path:
+
+#! /bin/sh
+
+echo 'action:strict'
+echo 'key_file:/etc/pure-ftpd/special.pem'
+echo 'done'
+
+Once pure-certd is running, the FTP server must be configured to use it.
+
+This is achieved by enabling the "ExtCert" feature in the configuration file:
+
+ExtCert                      /var/run/ftpd-certs.sock
+
+The path to the socket must match the one created by pure-certd.
+
+
+      ------------------------ COMPATIBLE CLIENTS ------------------------
+
+Pure-FTPd was reported to be fully compatible with the following clients with
+the TLS encryption layer turned on :
+
+
+* Transmit (OSX)
+  URL: https://panic.com/transmit/
+
+  TLS works out of the box, both in implicit and explicit modes.
+
+
+* CoreFTP Lite (Windows)
+  URL: http://www.coreftp.com/
+
+  TLS perfectly works when "AUTH TLS" is enabled. CoreFTP Lite has some
+neat features like IPv6 support, remote file searching, .htaccess editing,
+queueing, bandwidth control, etc.
+
+  CoreFTP Lite is free both for personal and business use.
+
+
+* SmartFTP (Windows)
+  URL: https://www.smartftp.com/
+
+  An excellent client with IPv6 support, port range limitation and other
+useful features (!= bloat) . And it's free for personal, educational and non-
+commercial use. And it detects Pure-FTPd :)
+
+  TLS perfectly works when the "FTP over SSL (explicit)" protocol is
+selected and when the data connection mode (Tools->Settings->SSL) is set to
+"clear data connection" while the AUTH mode (also in Tools->Settings->SSL) is
+set to "TLS".
+
+
+* FlashFXP (Windows)
+  URL: https://www.flashfxp.com/
+
+  TLS works. In the "Quick connect" dialog box, pick the "SSL" tab and :
+ - enable Auth TLS
+ - disable Secure File Listing
+ - disable Secure File Transfers
+
+
+* SDI FTP (Windows)
+  URL: https://www.sdisw.com/
+
+  TLS works. In the "Connection" tab, just pick "SSL Support: TLSv1".
+
+
+* LFTP (Unix, MacOS X)
+  URL: https://lftp.yar.ru/
+
+  TLS is automatically detected and works out of the box.
+
+
+* RBrowser (MacOS X)
+  URL: http://www.rbrowser.com/
+
+  A cute graphical client for MacOS that was reported to work by Jason Rust
+and Robert Vasvari.
+
+
+* Cyberduck (OSX)
+  https://cyberduck.ch/
+
+  TLS works out of the box.
+
+
+* WinSCP (Windows)
+  https://winscp.net/eng/index.php
+  WinSCP should be configured with "File protocol" set to "FTP" with
+"TLS Explicit encryption".

EVSE/GPL/pure-ftpd-1.0.49/README.Virtual-Users

@@ -0,0 +1,318 @@
+
+
+       ------------------------ VIRTUAL USERS ------------------------
+
+
+Virtual users is a simple mechanism to store a list of users, with their
+password, name, uid, directory, etc. It's just like /etc/passwd. But it's
+not /etc/passwd. It's a different file, only for FTP.
+
+It means that you can easily create FTP-only accounts without messing up
+your system accounts.
+
+In addition, virtual users files can store individual quotas, ratios,
+bandwidth, etc. System accounts can't do this.
+
+Thousands of virtual users can share the same system user, as long as they
+all are chrooted and they have their own home directory.
+
+*IMPORTANT* If you are planning to use the virtual users feature, and
+unless your operating system already provides a secure password
+hashing function, please install libsodium (http://doc.libsodium.org)
+before compiling Pure-FTPd.
+
+A good thing to do before using virtual users is to create a system user
+for this. Of course, you can use any existing account like "nobody" (but not
+root), but it's better to have a dedicated account.
+
+Let's create an "ftpgroup" group and an "ftpuser" user.
+
+Linux/OpenBSD/NetBSD/Solaris/HPUX/OSX/a lot of other Unix-like systems:
+
+groupadd ftpgroup
+useradd -g ftpgroup -d /dev/null -s /etc ftpuser
+
+FreeBSD/DragonflyBSD:
+
+pw groupadd ftpgroup
+pw useradd ftpuser -g ftpgroup -d /dev/null -s /etc
+
+Then, all maintenance of virtual users can be made with the "pure-pw"
+command. You can also edit the files by hand if you want.
+
+Files storing virtual users have one line per user. These lines have the
+following syntax:
+
+<account>:<password>:<uid>:<gid>:<gecos>:<home directory>:<upload
+bandwidth>:<download bandwidth>:<upload ratio>:<download ratio>:<max number
+of connections>:<files quota>:<size quota>:<authorized local IPs>:<refused
+local IPs>:<authorized client IPs>:<refused client IPs>:<time
+restrictions>
+
+Fields can be left empty (exceptions: account, password, uid, gid, home
+directory) .
+
+Passwords are compatible with the hashing function used in /etc/passwd or
+/etc/master.passwd . They are crypto hashed with blowfish, md5, multiple-des
+and simple des, in this order, according to what your system has support fort.
+
+
+    ------------------------ CREATING A NEW USER ------------------------
+
+
+To add a new user, use the following syntax:
+
+         pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]
+                         -D/-d <home directory> [-c <gecos>]
+                         [-t <download bandwidth>] [-T <upload bandwidth>]
+                         [-n <max number of files>] [-N <max Mbytes>]
+                         [-q <upload ratio>] [-Q <download ratio>]
+                         [-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]
+                         [-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]
+                         [-y <max number of concurrent sessions>]
+                         [-C <max number of concurrent login attempts>]
+                         [-M <total memory (in MB) to reserve for password hashing>]
+                         [-z <hhmm>-<hhmm>] [-m]
+
+Let's create "joe", whose home directory will be /home/ftpusers/joe . The
+system account associated with "joe" is "ftpusers".
+
+            pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe
+
+Joe's password is asked twice.
+
+With -d, joe will be chrooted. If you want to give joe access to the whole
+filesystem, use -D instead of -d.
+
+You don't need to create /home/ftpusers/joe if you run pure-ftpd with the
+-j (--createhome) switch. With that switch, home directories will
+automatically be created when users will log in for the first time.
+
+The "-z" option allow a user to connect only during a range of day time.
+For instance, with -z 0900-1800, joe will only be able to connect from 9 am
+to 18 pm. Warning: a user that connected during authorized hours can
+finish his session after these authorized hours.
+
+-r and -R are handy to restrict where the user can connect from. They can be
+followed by a simple IP/mask pair (-r 192.168.1.0/24), multiple pairs
+separated by a coma (-r 192.168.1.0/24,10.1.0.0/16,127.0.0.1/32), single IPs
+(-r 192.168.1.4,10.1.1.5), host names (-r bla.bla.net,yopcitron.com), or any
+combination of those.
+
+-y is to restrict the number of concurrent sessions a user can have
+at the same time. '' or 0 mean unlimited. Avoid this feature on very loaded
+servers. Use per-ip limits instead.
+
+Ok, "joe" has been created. By default, the list of virtual users is stored
+in the /etc/pureftpd.passwd file (you can of course change this with -f
+<file>) .
+
+Let's have a look at its content:
+
+joe:$7$C6..../....swVShTUX9kLJepm0vvj7dUXPqtULzQ9G3GT/GAO3bd3$GMHJRyUdSRwNROunwtRbEDHlx5t3eNQew7bb1dz29K2:500:101::/home/ftpusers/joe/./:::::::::::::
+
+Passwords are hashed with the most secure hash function your system supports.
+Hashes are tried in this order: argon2, scrypt, bcrypt, SHA-512, MD5.
+
+SHA-512 and MD5 should not be used any more. bcrypt requires crypt(3)
+from the C library to support it, which is commonly the case on BSD
+systems, but is only present on some Linux distributions.
+
+Argon2 and scrypt are the recommended functions, and require pure-ftpd to be
+compiled in presence of libsodium. Note that a login attempt will require up
+to 64 Mb memory, and 100% of a CPU core. The number of simultaneously allowed
+sessions should be tuned accordingly to avoid resources starvation.
+
+
+       ------------------------ CHANGING INFO ------------------------
+
+
+Once virtual users have been created, you can edit their info. For instance
+you can add bandwidth throttling, change quotas, add their full name, update
+ratio, etc.
+
+The "pure-pw usermod" command works just like "pure-pw useradd" except that
+it modifies an existing account instead of creating a new one.
+
+For instance, we will add a quota to Joe. Joe should be limited to 1000
+files and 10 Megabytes.
+
+                      pure-pw usermod joe -n 1000 -N 10
+
+Let's have a look at /etc/pureftpd.passwd:
+
+joe:$7$C6..../....swVShTUX9kLJepm0vvj7dUXPqtULzQ9G3GT/GAO3bd3$GMHJRyUdSRwNROunwtRbEDHlx5t3eNQew7bb1dz29K2:500:101::/home/ftpusers/joe/./::::::1000:10485760::::::
+
+As you can see, the size quota is stored in bytes in the file.
+
+
+   ------------------------ RESETTING ATTRIBUTES ------------------------
+
+
+To disable file quotas, use pure-pw usermod <user> -n ''
+To disable size quotas, use pure-pw usermod <user> -N ''
+To disable ratios, use pure-pw usermod <user> -q '' -Q ''
+To disable download bandwidth throttling, use pure-pw usermod <user> -t ''
+To disable upload bandwidth throttling, use pure-pw usermod <user> -T ''
+To disable IP filtering, use pure-pw usermod <user> <-i,-I,-r or -R> ''
+To disable time restrictions, use pure-pw usermod <user> -z ''
+To disable the number of concurrent sessions, use pure-pw usermod <user> -y ''
+
+
+      ------------------------ DELETING USERS ------------------------
+
+
+We won't delete Joe at this time. Joe is a fine guy :) But FYI, deleting an
+user is as simple as running "pure-pw userdel", whose syntax is:
+
+         pure-pw userdel <login> [-f <passwd file>] [-m]
+         
+Deleting Joe would be:
+
+                             pure-pw userdel joe
+                             
+The content of his home directory is kept. Delete it by hand if you want.
+
+
+    ------------------------ CHANGING PASSWORDS ------------------------
+
+
+To change the password of a user, use "pure-pw passwd":
+
+         pure-pw passwd <login> [-f <passwd file>] [-m]
+
+
+      ------------------------ DISPLAYING INFO ------------------------
+      
+
+To review info about one user, reading the /etc/pureftpd.passwd file is ok,
+but it's not really human-friendly.
+
+It's why you can use "pure-pw show", whose syntax is:
+
+         pure-pw show    <login> [-f <passwd file>]
+         
+Let's try with joe:
+
+                              pure-pw show joe
+                              
+
+Login              : joe
+Password           : $7$C6..../....swVShTUX9kLJepm0vvj7dUXPqtULzQ9G3GT/GAO3bd3$GMHJRyUdSRwNROunwtRbEDHlx5t3eNQew7bb1dz29K2
+UID                : 500 (ftpuser)
+GID                : 101 (ftpgroup)
+Directory          : /home/ftpusers/joe/./
+Full name          : 
+Download bandwidth : 0 Kb (unlimited)
+Upload   bandwidth : 0 Kb (unlimited)
+Max files          : 1000 (enabled)
+Max size           : 10 Mb (enabled)
+Ratio              : 0:0 (unlimited:unlimited)
+Allowed local  IPs : 
+Denied  local  IPs : 
+Allowed client IPs : 192.168.0.0/16
+Denied  client IPs : 192.168.1.1,blah.verybadhost.com
+Time restrictions  : 0900-1800 (enabled)
+Max sim sessions   : 0 (unlimited)
+
+
+  "/./" at the end of a home directory means that this user will be chrooted.
+
+
+     ------------------------ COMMITTING CHANGES ------------------------
+      
+
+IMPORTANT:
+
+You can add, modify and delete users with the previous commands, or by
+editing /etc/pureftpd.passwd by hand. But the FTP server won't consider the
+changes you make to that file, until you commit them.
+
+Committing changes really means that a new file is created from
+/etc/pureftpd.passwd (or whatever file name you choose) . That new file is a
+PureDB file. It contains exactly the same info than the other file. But in
+that file, accounts are sorted and indexed for faster access, even with
+thousands of accounts. PureDB files are binary files, don't try to view them
+or your terminal will beep like hell.
+
+Let's create a PureDB file from /etc/pureftpd.passwd. The indexed file will
+be called /etc/pureftpd.pdb (as always, choose whatever name you like):
+
+                                pure-pw mkdb
+                        
+this reads /etc/pureftpd.passwd and creates /etc/pureftpd.pdb by default, but
+to read another file, add the pdb file, optionnaly followed by -f <passwd file>
+
+For instance:
+
+  pure-pw mkdb /etc/accounts/myaccounts.pdb -f /etc/accounts/myaccounts.txt
+
+All modifications you made to the virtual users database will be committed
+automatically: all new accounts will be activated at the same time and all
+deleted users won't be able to log in as soon as you'll have hit the Return
+key.
+
+There's no need to restart the pure-ftpd server to commit changes.
+
+You can also change something to the text passwords file (add users, change
+password, delete users, etc) and automatically run 
+"pure-pw mkdb /etc/pureftpd.pdb" afterwards. To do so, just use the -m
+switch:
+
+pure-pw passwd joe -m
+
+This command will change Joe's password in pureftpd.passwd *and* commit the
+change to /etc/pureftpd.pwd .
+
+
+  ------------------------ ENABLING VIRTUAL USERS ------------------------
+  
+  
+Of course, to use virtual users, you have to enable their support in the FTP
+server itself. At compile-time, this is done by giving --with-puredb to
+./configure (--with-everything also enables it and binary packages have it
+compiled in) .
+
+Then, add this switch to your usual pure-ftpd switches:
+
+-l puredb:/path/to/puredb_file
+
+If long options are enabled, you can also use --login instead of -l .
+
+Let's run the server with automatic creation of home directories and puredb
+authentication:
+
+/usr/local/sbin/pure-ftpd -j -lpuredb:/etc/pureftpd.pdb &
+
+Try to 'ftp localhost' and log in as joe.
+
+
+------------------------ CONVERTING SYSTEM ACCOUNTS ------------------------
+  
+  
+You can convert all system (/etc/passwd) accounts to virtual FTP users, with
+the "pure-pwconvert" tool.
+
+Just run it:
+
+                    pure-pwconvert >> /etc/pureftpd.passwd
+
+
+If you do it as a non-privileged user, passwords won't be filled in. If you
+do it as root, everything will be copied, even hashed passwords.
+
+Copying system accounts to FTP accounts makes sense, because that way, users
+can use different passwords for FTP and for Telnet access.
+
+
+  ------------------------ ENVIRONNEMENT VARIABLES ------------------------
+  
+  
+If defined, a PURE_PASSWDFILE environment variable can set the default path
+to the pureftpd.passwd file. Without this variable, it defaults to
+/etc/pureftpd.passwd .  
+  
+If defined, a PURE_DBFILE environment variable can set the default path
+to the pureftpd.pdb file. Without this variable, it defaults to
+/etc/pureftpd.pdb .  
+  

EVSE/GPL/pure-ftpd-1.0.49/README.Windows

@@ -0,0 +1,90 @@
+
+
+ ------------------------ WINDOWS PORT OF PURE-FTPD ------------------------
+
+
+Pure-FTPd was designed for Unix-like systems. Still, it is possible to
+run it on Windows using Cygwin.
+
+This should be considered experimental and unsupported.
+
+
+       ------------------------ INSTALLATION ------------------------
+
+
+Copy the executable files (*.EXE) in a suitable directory. Also copy
+CYGWIN1.DLL in that directory.
+
+Create a C:\CYGWIN directory (you can leave it empty, but the
+directory should be there) .
+
+
+    ------------------------ RUNNING THE SERVER ------------------------
+
+
+PURE-FTPD.EXE works like Unix's /usr/local/sbin/pure-ftpd program and all
+command-line switches apply as well.
+
+A noticeable difference, though, is that users can't be stored in
+/etc/passwd (or equivalent files) . All users have the same UID/GID.
+So better chroot everyone.
+
+Users must be in a puredb database. PURE-PW.EXE can be used to create
+virtual users. It you use it in the default configuration, you have to
+create C:\CYGWIN\etc and C:\etc .
+
+Ray Jachrist says that Pure-FTPd can run as a service using Firedaemon:
+http://www.firedaemon.com/ .
+
+       ------------------------ SERVER FILES ------------------------
+
+
+All files managed by Pure-FTPd have their path relative to C:\CYGWIN .
+
+It means that starting the server with:
+
+                    pure-ftpd -lpuredb:/etc/pureftpd.pdb
+
+Will read:
+
+                         C:\CYGWIN\etc\pureftpd.pdb
+
+It also applies to log files and users directories.
+
+
+       ------------------------ ANONYMOUS FTP ------------------------
+
+
+Files for anonymous FTP must be stored in a directory called:
+
+                                C:\CYGWIN\FTP
+
+(of course you can use the -e switch to disable anonymous FTP) .
+
+Alternatively, you can have a FTP_ANON_DIR environment variable to
+define the directory for public files.
+
+Virtual hosting is supported as well. Files must be in:
+
+                          C:\CYGWIN\PURE-FTPD\<ip>\
+
+If you don't want anonymous users to upload files, use the -i switch.
+
+
+  ------------------------ COMPILATION ENVIRONMENT ------------------------
+
+
+Pure-FTPd can be compiled on Cygwin with the following command:
+
+env LDFLAGS="-static -s" \
+    ./configure --with-everything --with-brokenrealpath \
+                --without-shadow  --with-nonroot --with-tls
+
+All these switches (except --with-everything and --with-tls) are highly
+recommended to compile Pure-FTPd on Windows.
+
+Required packages are: base, gcc (+ dependencies), make and the crypt
+library. libsodium is also recommended if you are using PureDB.
+
+All of these can be installed with the standard Cygwin installer
+(http://www.cygwin.com/) .

EVSE/GPL/pure-ftpd-1.0.49/THANKS

@@ -0,0 +1,214 @@
+
+A big *THANK YOU* to all Pure-FTPd users that reported bugs, made
+interesting suggestions, asked relevant questions and contributed to help
+us build that tiny piece of free software. If you don't see your name in the
+following list, I'm awfully sorry. It's difficult to keep it up to date. But
+as you are reading this, you must be a very nice guy.
+
+External contributors and people who helped in any way, shape or form:
+
+* Aaron D. Marasco <aaron at marasco.com> - Noticed an obsolete comment in pure-ftpd.conf .
+* Aaron Stephanic
+* Adam Kruszewski (Fantomik) and Wojtek "elluin" Kaniewski - Pointed out an ugly fucking stupid huge bug (initgroups() called after chroot()).
+* Adrian Zurek - Suggested LDAP improvements.
+* Agri <agri at desnol.ru> reported that some write() were still in blocking mode before forking after a new connection was accepted.
+* Alec Lanari
+* Alex Black
+* Aluminiumcan (investigation of Cisco 675 NAT)
+* Andrew Victor <andrew at sanpeople.com> - Reported some old negative return codes that were still in recent code.
+* Anthony DeRobertis - Fixed the on-demand creation of home directories.
+* Avi Brender - Better support for error reporting in pure-pw.
+* Axel Apitz <a_apitz at pixelpark.com> - Support for Solaris shadow/NIS.
+* Balazs Toth - Suggested pureftpd-mysql.conf improvement.
+* Ben <ben at zaeon.com> - RPM improvements to build with SQL or LDAP.
+* Ben Gertzfield (che_fox) - Fixed Solaris compilation and LDAP SSL dependencies.
+* Ben Weir - Reported and straced a bug in pure-pw.
+* Benoit Massard - Suggested that dot-files should be given access even when virtual quotas are enabled.
+* Bernhard Weisshuhn - Reported that RNTO should work with existing targets. Corrected the german translation for grammatical/spelling errors.
+* Brandon Covert - Thanks for reporting the pure-ftpwho parsing bug.
+* Brian B (MrBubbs) for reporting that long-options weren't implemented on BSD systems.
+* C. Jon Larsen <jlarsen at richweb.com> - Wrote a nice part of the FAQ about the STOU command.
+* Christer Mjellem Strand - Reported an useless close() in dochmod() that caused wrong errors to  be printed.
+* Christian Janssen - Suggested the --createhomedir switch.
+* Cyberic (-k suggestion)
+* Daniel Elsaesser (suggested the -E flag and reported an AbsoluteFTP bug)
+* Daniel Tschan - Thanks for reporting bugs with uploads and ReiserFS.
+* Dannej.
+* Darcy Patridge - reported a mistake in the documentation.
+* David Majorel - fixed LDAP FTPStatus
+* David Vincelli - Reported OpenBSD issues.
+* Eric <ericnew at pacific.net.sg> - Reported a quota bug.
+* Eric Gouyer - Reported that without CAP_KILL, kill(..., 0) could fail on Linux.
+* Eric Larsson - Reported a ftpwho bug.
+* Erik (Cirvam, <erik at sublevo.com>) for his very nice help on the Solaris port.
+* Flaw Zero <flawzero at eyou.com> - Fixes to the simplified Chinese translation.
+* Florent Rushuru
+* Florin Andrei <elf_too at yahoo.com> - SGI Irix fixes.
+* Francis Little aka dj_oggy <oggy at hayesbrook.kent.sch.uk> - For his valuable help on Sourceforge forums, his testing of snapshot and his helpful advices. Thanks a lot, dude.
+* François SIMOND.
+* Frank de Brabander - better accuracy for throttling.
+* Frederico Gendorf - reported that on-demand directory creation didn't work with paths containing a /./ mark.
+* Gareth Blades <info2 at gbnetwork.co.uk> - Provided a fix for SMC Barricade routers.
+* Gareth Woolrdige - Fixed compilation on Corel Netwinder devices.
+* Guenter Bittner (suggested the umask option and reported that LeechFTP didn't parse properly the SIZE return)
+* Gunnar Isaksson
+* Henning Brauer - reported that empty passwords would bind anonymously using LDAP.
+* Henri Virtanen <hvirtanen at daous.com> - Suggested SO_REUSEPORT for FreeBSD.
+* Henrik Edlund <henrik at edlund.org> - Suggested documentation fixes (quoting field names) in PostgreSQL templates.
+* Hiramoto Kouji - reported and fixed the fact that quotas weren't properly updated when overwriting a file using RNTO.
+* JG <jg at cms.ac> - Reported a breakage of pure-ftpwho in version 1.0.16.
+* JKadilak (reported a Flash FXP feature, good for the FAQ)
+* Jan Hudoba - Support for new MySQL scrambling.
+* Jan Hudoba - support for new MySQL password scrambling.
+* Jan Pavlik - Reported that .ftpquota was counted in pure-quotacheck.
+* Jason Piterak (reported the 0.97.1 passive bug)
+* Jean-Francois Cousi (stress-testing pureftpd on production servers)
+* Jean-Philippe Le Hénaff (suggested the welcome.msg compatibility and reported ftpwho bandwidth problems) .
+* Jeff Moe - Suggested --without-iplogging.
+* Jeff Skubick (reported that netfilter lacked EPSV/EPRT support)
+* Jeffrey Koetsier <jkoetsier at corp.home.nl> - Fixed MySQL documentation typo.
+* Jim Jones (suggested -f none) .
+* Jobush (thanks for your suggestions)
+* Joce <joce at presence-pc.com> and Daniel Broms (Hogberg), Lokomo Systems - Convinced me to finally implement atomic uploads. Joce by continuously asking for it, Daniel by pointing out that users could use the races to upload past their virtual quota when uploads and deletes are mixed.
+* Joe Silva (aka j03y) - Suggested adding "shadow" into PAM rules.
+* Joerg Pulz <Joerg.Pulz at frm2.tum.de> - Pointed out that upload-pipe locking didn't work with daemonization.
+* Johan Schuld.
+* Johan Ström - Compatibility with newer OpenLDAP versions.
+* John Alberts - Suggested mysql_config instead of hard-coded paths.
+* John Hart - Fixed access to remote MySQL servers.
+* John Sullivan <john at benzo8.org> - Helped to spot a zeno effect with pure-uploadscript in 1.0.15 snapshots when the server was started in inetd mode.
+* Jose Pedro Oliveira <jpo at di.uminho.pt> - Spec file fixes.
+* Joshua Rodman <joshua_rodman at yahoo.com> - did a major rewrite of pure-config.py for reliability and maintainability.
+* Juan Carlos Perez.
+* Juan Pablo Gimenez - Improved the RPM package.
+* Juergen Daubert - Reported that authentication of non-chrooted users was broken in 1.0.25.
+* Juergen Henge-Ernst - Reported broken process names on Linux.
+* Juergen Nagel (reported that it didn't work with old libc)
+* Keith Vance - Thanks a lot for the Mac testing.
+* Kelton.
+* Kittiwat Manosuthi <kittiwat at hostpacific.com> - Help with Virtuozzo.
+* Koczka Ferenc - suggested AUTHD_ENCRYPTED.
+* Kulkarni Shantanu - reported a bogus regex in pure-config.py.
+* Kyle Herbert (http://www.firstnetimpressions.com/) for reporting a typo in the example configuration file.
+* Lan Yufeng - Reported a --createhome bug.
+* Leszek Reimus - Suggested that /./ mix with -a to get chrooted useres with no ratio.
+* M.Robbins (reported OpenLDAP 1.x compilation problem)
+* Maharaja - Reported a typo in the README file.
+* Marc Balmer - TLS support for LDAP.
+* Marc Dukes (xinetd configuration)
+* Marc Jauvin - Reported an incompatibility with old MySQL versions and implemented quotas in the MySQL backend.
+* Marc Thoben <chojin at gmx.de> - SuSE init script.
+* Marcus Danielsson <safety at fatelabs.com> (reported USER null deref).
+* Marcus Engene - Fixed an extra free() in the pgsql handler and a documentation error in pgsql.
+* Margus Kaidja - Reported an endless loop and provided some nice client compatibility fixes and new features.
+* Mariusz Pekala <skoot at poczta.onet.pl> - Fixed typo-errors in the polish translation.
+* Mark Reidel <mr at domainfactory.de> - Reported that users couldn't revert perms on a directory after they removed read/execute access rights.
+* Marshall Pierce <mpierce at hmc.edu> - For his tests on MacOS X.
+* Martin Fuxa - suggested that DELE should log file names like transfer commands.
+* Martin Gerardi (proposed user-domain ACL)
+* Martin Hedenfalk (mhe) - Reported that MLST shouldn't accept any option nor multiple file names.
+* Martin Hedenfalk (reported a bug related to listing of symbolic links to directories).
+* Mason lee (asked for SQL support)
+* Matthew Hartman.
+* Michael Bowe - Reported a buglet in configure script.
+* Michael Glad <glad at daimi.au.dk> - Submitted a patch to accept long .message files even on Irix.
+* Michele Pes - Reporting that --with-tls was documented in the README file, that the server required a change to compile with gcc2 and that --with-cork was still documented.
+* Mime Cuvalo - Reported the symlinks weren't handled consistently in MSLD.
+* Moisi Xhaferaj - Albanian translation.
+* Ned Holdbrook - reported that MLSD should display dot files.
+* Nicklas Uvelöv.
+* Nicolas (for all his questions)
+* Olivier Sannier
+* Oliver Soell <oliver at fusionit.com> - RPM fixes.
+* Olivier Soell.
+* Olivier Tharan <olive at zehc.net> (pointed out that Xinetd needs -USR2 not -HUP) .
+* Olle <olle at xmms.org> - reported log format error when working with webalizer
+* Oscar Sundbon <moose at djuren.org> - Fixed pastos in pid files removal.
+* Patrick <patrick at xsinet.com> (testing the FreeBSD port)
+* Paul <paul at chipmunkweb.yi.org> - Provided SSH access to sort out a bug with a specific glibc version.
+* Paul F. William" <paul.williams at uwex.edu> - Reported that Pure-FTPd compiled and worked fine on an IBM RS/6000 system running AIX 5.2 using the Visual Age C++ Ver 6.0 compiler.
+* Paul Hansen (Windward) - tracked down the syslog-in-clientfd bug and reported various logging-related issues.
+* Peter Ahlert <petera at gmx.net> - Reported a missing line in the README.Authentication-Modules sample.
+* Peter Green (Peyote) - thanks for your bug reports and your posts.
+* Philip Mak <mak at aaanime.net> - Suggested that pure-quotacheck should be runnable as a non-root user.
+* Pierre <pierre at epinetworx.com> - Reported a compilation bug with extauth.
+* Rafa Michalski - Reported broken throtting under FreeBSD.
+* Rasmus Fauske <rfauske at gmail.com> - Reported extauth regression.
+* Robert Wierzbicki - Reported a typo in README.Virtual-Users.
+* Robin Ericsson - Implemented support for MySQL password() function.
+* Ryan Laginski (suggested for -P feature)
+* Sacha Hoehne.
+* Sami Farin - Thanks for reporting the bad fd CORKing in error()
+* Shantanu <shantanu at dcpl.co.in> - For his valuable exercices in order to hands solid like steel, ready to type billions of source code
+* Shea Martin (reported the -U failure and suggested '.banner' for everyone)
+* Shiroiwa Noboru <shira at next-stage.ne.jp> - Reported a bad interaction with FTP Explorer.
+* Simon Lyngshede (--bind thing, good for the FAQ)
+* Stephan Wentz <wentz at gmx.de> - Helped to solve a bad interaction with Macromedia Homesite.
+* Steven Radack
+* Sven Goldt (sorry, no plans for gtar on the fly)
+* TJ Saunders <tj at castaglia.org> - Reported that Proftpd and Proftpd-modquota were different packages.
+* Tamás Reinhardt (freddyke) - Suggested to have consistent max user lengths.
+* Terry Davis - A very nice guy. He helped to fix ASCII upload issues.
+* Thomas Ericsson - Reported documentation glitches.
+* Thomas Maschutznig.
+* Thomas Min - Reported an endless loop.
+* Tomasz Krynicki - Suggested SHA1 password hashing in MySQL.
+* Todd Rinaldo - sent two compatibility fixes for GCC 2.95 and provided support for the -J option.
+* Tomonori Kamitaki - Helped pure-ftpd to work on Playstation 2.
+* Trilucid - Initial web design of pureftpd.org
+* Ulrich Zehl - Found a documentation error in the sample LDAP schema.
+* Viktor Butskih - Reported that > 4Gb files were corrupted on a 32-bits arch.
+* William Kern(el panic) (thanks for your wish list)
+* Wouter de Jong <wouter at widexs.nl>
+* Xianghu Zhao - spotted the fact that charset conversion was needed on directory names in traditional listings.
+* Yann Bizeul (projects.tynsoe.org) - Reported a Panther specific issue with getnameinfo(). Thanks a lot for providing a temporary account on a Panther machine in order to implement a workaround.
+* Ying-Chieh Liao <ijliao at csie.nctu.edu.tw> for the FreeBSD port updates and for reporting that simplified and traditional chinese settings were swapped in 1.0.12 .
+* Youssef El Fathi
+* ahodgson at simkin.ca (thanks for your opinion on config files and your help for CVS repositories)
+* bernard.lheureux at bbsoft4.org
+* bkeil at indiana.edu
+* brett at ekit-inc.com 
+* chris at widexs.nl (suggested authenticating users on virtual hosts)
+* claudiuc at kde.org (romanian translator and great tester)
+* corleone at otenet.gr
+* dalis at upit.ro (thanks for reporting the --without-usernames stuff in 0.98.5pre2)
+* dan at kaylon.com 
+* dan_c at pellin.ro 
+* drakkyl at canada.com
+* ffarkas at lightning.ch
+* gorthem at garcia-luengo.com 
+* gumz at cs.uni-magdeburg.de (german translator and very nice guy)
+* hellhound at geek.be (reported the syslog bug)
+* herbsworld at stny.rr.com 
+* hirona at infotopia.or.jp 
+* iTooo <itooo at itooo.com> , for reporting a nasty typo in throttling code.
+* ian at ugcs.caltech.edu 
+* iceyeyez at excite.com
+* j at falooley.org (for your patch and your code help proposal)
+* jasmin.buchert at atlantica.ch
+* jseelig at compasslearning.com (who reported how to have MSIE open an authentication dialog when anonymous users were denied) .
+* kaiv at wakkanet.fi 
+* ljohnson at stormforge.net 
+* lukas at supremedesigns.com (thanks for helping users on the ML)
+* man at t-online.fr (for reporting the bug in space parsing and suggesting webalizer patch/ftpwho/ftpcount)
+* marc.angles1 at fnac.net (who asked the rights questions for a FAQ)
+* mark at grapevine2.net 
+* misiek at pld-linux.org (and everyone from the PLD Linux Distribution: http://www.pld-linux.org/)
+* ml at splio.com (who reported that accents were filtered)
+* mlong at idsi.net 
+* mstern at mac.com 
+* neogenix at xsinet.co.za
+* nxg at nod4mail.pvrr.ru (very nice guy)
+* phatfil at optushome.com.au
+* ppons at cvf.fr
+* pureftp at carpediem-it.co.uk (an hosting service company, moving from proftpd to pureftpd)
+* rem at rss.tl.lv
+* ricardo at arnet.com.ar 
+* richard at tre-amigos.nu
+* roberttheburton at excite.com 
+* robson555 at yahoo.com
+* rodl at wtfo.com 
+* silent at heracles.cuties.org 
+* yachar at absium.com (very, very nice guy, helped the debian packaging)
+* yiango at cytanet.com.cy 
+* zero-cool at chello.nl 

EVSE/GPL/pure-ftpd-1.0.49/autogen.sh

@@ -0,0 +1,6 @@
+#! /bin/sh
+
+aclocal -I m4 && \
+autoheader && \
+automake --gnu --add-missing --include-deps && \
+autoconf -I m4

EVSE/GPL/pure-ftpd-1.0.49/configure.ac

@@ -0,0 +1,1472 @@
+dnl AM_ACLOCAL_INCLUDE(m4)
+
+AC_PREREQ(2.65)
+AC_INIT([pure-ftpd],[1.0.49],
+  [https://github.com/jedisct1/pure-ftpd/issues],
+  [pure-ftpd],
+  [https://www.pureftpd.org])
+AC_CONFIG_SRCDIR(src/ftpd.c)
+AC_CONFIG_HEADERS([config.h])
+AM_INIT_AUTOMAKE([1.9 dist-bzip2 tar-ustar])
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+AM_MAINTAINER_MODE
+AM_DEP_TRACK
+AC_CONFIG_LIBOBJ_DIR(src)
+
+AC_SUBST(VERSION)
+
+dnl Checks for programs.
+LX_CFLAGS=${CFLAGS-NONE}
+AC_PROG_CC
+AC_PROG_RANLIB
+AC_USE_SYSTEM_EXTENSIONS
+
+AC_SEARCH_LIBS([strerror],[cposix])
+
+AX_CHECK_COMPILE_FLAG([-fPIC], [
+  AX_CHECK_LINK_FLAG([-fPIC],
+    [CFLAGS="$CFLAGS -fPIC"]
+  )
+])
+
+AS_IF([test "$enable_pie" != "no"],[
+  AX_CHECK_COMPILE_FLAG([-fPIE], [
+    AX_CHECK_LINK_FLAG([-pie], [
+      [CFLAGS="$CFLAGS -fPIE"
+       LDFLAGS="$LDFLAGS -pie"]
+    ])
+  ])
+])
+
+AX_CHECK_COMPILE_FLAG([-fwrapv], [CFLAGS="$CFLAGS -fwrapv"])
+AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"])
+AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
+AS_IF([echo `(uname -s) 2>/dev/null` | $GREP "CYGWIN" > /dev/null], [
+  AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"])
+], [
+  AS_IF([test `(uname -s) 2>/dev/null` = "DragonFly"],
+    [
+      AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+        AX_CHECK_LINK_FLAG([-fstack-protector],
+          [CFLAGS="$CFLAGS -fstack-protector"]
+        )
+      ])
+    ],
+    [
+      AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+        AX_CHECK_LINK_FLAG([-fstack-protector-all],
+          [CFLAGS="$CFLAGS -fstack-protector-all"]
+        )
+      ])
+    ]
+  )
+])
+
+AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"])
+AX_CHECK_COMPILE_FLAG([-Wwrite-strings], [CFLAGS="$CFLAGS -Wwrite-strings"])
+AX_CHECK_COMPILE_FLAG([-Wdiv-by-zero], [CFLAGS="$CFLAGS -Wdiv-by-zero"])
+
+AX_CHECK_COMPILE_FLAG([$CFLAGS -Wno-unused-command-line-argument],
+[CFLAGS="$CFLAGS -Wno-unused-command-line-argument"])
+
+AC_ARG_VAR([CWFLAGS], [define to compilation flags for generating extra warnings])
+AX_CHECK_COMPILE_FLAG([-Wall], [CWFLAGS="$CWFLAGS -Wall"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wextra], [CWFLAGS="$CWFLAGS -Wextra"])
+
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wbad-function-cast], [CWFLAGS="$CWFLAGS -Wbad-function-cast"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-align], [CWFLAGS="$CWFLAGS -Wcast-align"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-qual], [CWFLAGS="$CWFLAGS -Wcast-qual"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wchar-subscripts], [CWFLAGS="$CWFLAGS -Wchar-subscripts"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcomment], [CWFLAGS="$CWFLAGS -Wcomment"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wfloat-equal], [CWFLAGS="$CWFLAGS -Wfloat-equal"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wformat=2], [CWFLAGS="$CWFLAGS -Wformat=2"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wimplicit], [CWFLAGS="$CWFLAGS -Wimplicit"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-declarations], [CWFLAGS="$CWFLAGS -Wmissing-declarations"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-prototypes], [CWFLAGS="$CWFLAGS -Wmissing-prototypes"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wnormalized=id], [CWFLAGS="$CWFLAGS -Wnormalized=id"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Woverride-init], [CWFLAGS="$CWFLAGS -Woverride-init"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wparentheses], [CWFLAGS="$CWFLAGS -Wparentheses"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wpointer-arith], [CWFLAGS="$CWFLAGS -Wpointer-arith"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wredundant-decls], [CWFLAGS="$CWFLAGS -Wredundant-decls"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wstrict-prototypes], [CWFLAGS="$CWFLAGS -Wstrict-prototypes"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wswitch-enum], [CWFLAGS="$CWFLAGS -Wswitch-enum"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wvariable-decl], [CWFLAGS="$CWFLAGS -Wvariable-decl"])
+
+AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
+AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"])
+AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"])
+
+if test "x$cross_compiling" != "xyes"; then
+  for path in \
+    /usr/kerberos \
+    /usr/local /opt /usr/local/opt \
+    /usr/openssl@1.1 /opt/openssl@1.1 /usr/local/opt/openssl@1.1 \
+    /usr/openssl /opt/openssl /usr/local/opt/openssl; do
+    if test -d $path/include; then
+      CPPFLAGS="$CPPFLAGS -I${path}/include"
+    fi
+    if test -d $path/lib; then
+      LDFLAGS="$LDFLAGS -L${path}/lib"
+    fi
+  done
+fi
+
+CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+
+dnl Checks for header files
+
+AC_SYS_LARGEFILE
+AC_HEADER_STDC
+AC_HEADER_STAT
+AC_HEADER_TIME
+AC_HEADER_DIRENT
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS(unistd.h string.h strings.h sys/param.h ioctl.h sys/ioctl.h)
+AC_CHECK_HEADERS(sys/vfs.h sys/statvfs.h sys/sendfile.h sys/uio.h)
+AC_CHECK_HEADERS(sys/time.h sys/resource.h sys/capability.h)
+AC_CHECK_HEADERS(shadow.h getopt.h stddef.h stdint.h)
+AC_CHECK_HEADERS(netinet/in_systm.h netinet/in.h sys/pstat.h sys/file.h)
+AC_CHECK_HEADERS(sys/mount.h, [], [],
+[#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif])
+AC_CHECK_HEADERS(fcntl.h sys/fcntl.h sys/loadavg.h sys/ptrace.h)
+AC_CHECK_HEADERS(security/pam_appl.h security/pam_misc.h)
+AC_CHECK_HEADERS(security/pam_modules.h security/pam_filter.h)
+AC_CHECK_HEADERS(pam/pam_appl.h pam/pam_misc.h pam/pam_modules.h)
+AC_CHECK_HEADERS(pam/pam_filter.h)
+AC_CHECK_HEADERS(sgtty.h termio.h)
+AC_CHECK_HEADERS(locale.h)
+AC_CHECK_HEADERS(stdarg.h varargs.h)
+AC_CHECK_HEADERS(windows.h io.h)
+AC_CHECK_HEADERS(crypt.h)
+AC_CHECK_HEADERS(utime.h)
+AC_CHECK_HEADERS(openssl/ssl.h openssl/ec.h)
+AC_CHECK_HEADERS(CoreFoundation/CoreFoundation.h)
+AC_SYS_POSIX_TERMIOS
+
+if test "x$ac_cv_sys_posix_termios" = "xyes"; then
+AC_DEFINE(HAVE_POSIX_TERMIOS,,[Define if you have POSIX termios])
+fi
+
+dnl Check for endianness
+AC_C_BIGENDIAN
+
+dnl Checks for types
+
+AC_TYPE_SIGNAL
+AC_TYPE_SIZE_T
+AC_TYPE_SSIZE_T
+AC_TYPE_UID_T
+AC_TYPE_PID_T
+AC_TYPE_OFF_T
+AC_TYPE_MODE_T
+AC_STRUCT_TM
+AC_STRUCT_TIMEZONE
+AC_CHECK_MEMBER(struct tm.tm_gmtoff, [AC_DEFINE(STRUCT_TM_TM_GMTOFF,,[Define if you have struct tm/tm_gmtoff])],,[
+#include <sys/types.h>
+#include <$ac_cv_struct_tm>
+])
+
+AC_MSG_CHECKING([whether timezone is scalar])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <$ac_cv_struct_tm>    
+    ]], [[timezone = 42L]])],[
+         AC_MSG_RESULT(yes)
+         AC_DEFINE(HAVE_SCALAR_TIMEZONE,,[Define if your timezone is a scalar number])
+    ],[    AC_MSG_RESULT(no)    ])   
+
+AC_CHECK_TYPE(nlink_t, , [AC_DEFINE(nlink_t, int, [nlink_t type])],
+[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+])
+
+
+AC_CHECK_TYPE(dev_t, , [AC_DEFINE(dev_t, unsigned int, [dev_t type])],
+[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+])
+
+
+AC_CHECK_TYPE(ino_t, , [AC_DEFINE(ino_t, unsigned long, [ino_t type])],
+[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+])
+
+dnl Check for sizes
+AC_CHECK_SIZEOF(short)
+AC_CHECK_SIZEOF(int)
+AC_CHECK_SIZEOF(long)
+AC_CHECK_SIZEOF(long long)
+AC_CHECK_SIZEOF(mode_t)
+
+dnl Socket things
+
+AC_CHECK_FUNC(connect, , [AC_CHECK_LIB(socket, connect)])
+
+AC_CHECK_FUNC(gethostbyname, , [AC_CHECK_LIB(resolv, gethostbyname)])
+
+AC_CHECK_FUNC(gethostbyname, , [AC_CHECK_LIB(nsl, gethostbyname)])
+
+if test "x$ac_cv_lib_nsl_gethostbyname" != "xyes" && test "x$ac_cv_func_gethostbyname" != "xyes" ; then
+  AC_CHECK_FUNC(gethostbyname, , [AC_CHECK_LIB(socket, gethostbyname)])
+fi
+
+if test "$ac_cv_lib_nsl_gethostbyname" = "$ac_cv_func_gethostbyname" ; then
+  AC_MSG_CHECKING([if we can include libnsl + libsocket])
+  LIBS="-lnsl -lsocket $LIBS"
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void) gethostbyname]])],[my_ac_link_result=yes],[my_ac_link_result=no ])
+  if test "$my_ac_link_result" = "no" ; then
+    AC_MSG_RESULT([failure])
+    AC_MSG_ERROR([unable to use gethostbyname()])
+  else
+    AC_MSG_RESULT([success])
+  fi
+fi
+
+AC_CHECK_LIB(sendfile, sendfile)
+
+dnl Types - continued
+
+AC_CHECK_TYPE(socklen_t, , [AC_DEFINE(socklen_t, int, [socklen_t type])],
+[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_NETINET_IN_SYSTM_H
+# include <netinet/in_systm.h>
+#endif
+#include <netinet/in.h>
+])
+
+AC_CHECK_TYPE(in_port_t, , [AC_DEFINE(in_port_t, unsigned short, [in_port_t type])],
+[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_NETINET_IN_SYSTM_H
+# include <netinet/in_systm.h>
+#endif
+#include <netinet/in.h>
+])
+
+AC_CHECK_TYPE(sig_atomic_t, , [AC_DEFINE(sig_atomic_t, signed char, [sig_atomic_t type])],
+[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <signal.h>
+])
+
+dnl Compiler characteristics
+
+AC_PROG_GCC_TRADITIONAL
+AC_C_CONST
+AC_C_INLINE
+
+dnl Options
+
+AM_WITH_DMALLOC
+
+AC_ARG_ENABLE(pie,
+[AS_HELP_STRING(--enable-pie,Produce position independent executables @<:@default=yes@:>@)],
+ enable_pie=$enableval, enable_pie="maybe")
+
+AC_ARG_ENABLE(ssp,
+[AS_HELP_STRING(--disable-ssp,Don't compile with -fstack-protector)],
+[AS_IF([test "x$enableval" = "xno"], [
+    nxflags=""
+    for flag in `echo $CFLAGS`; do
+      case "$flag" in
+       -fstack-protector*) ;;
+        *) AS_VAR_APPEND([nxflags], [" $flag"]) ;;
+      esac
+    done
+    CFLAGS="$nxflags"
+  ])
+])
+
+AC_ARG_WITH(standalone,
+[AS_HELP_STRING(--without-standalone,Don't compile the standalone server code)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(NO_STANDALONE,,[without standalone])
+    no_standalone=yes
+  fi ])
+
+AC_ARG_WITH(inetd,
+[AS_HELP_STRING(--without-inetd,Don't support super-servers (like inetd))],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(NO_INETD,,[without inetd])
+    no_inetd=yes
+  fi ])
+
+if test "x$no_standalone" = "xyes" && test "x$no_inetd" = "xyes" ; then
+  AC_MSG_ERROR(You can't disable both standalone and inetd mode.)
+fi
+
+AC_ARG_WITH(capabilities,
+[AS_HELP_STRING(--without-capabilities,Don't use Linux capabilities (default=detect))],
+[ if test "x$withval" = "xno" ; then
+    no_capabilities=1
+  fi ])
+  
+if test -z "$no_capabilities" ; then
+  AC_CHECK_LIB(cap, cap_init, , )
+  if test "x$ac_cv_lib_cap_cap_init" = "xyes"; then
+    if test "x$ac_cv_header_sys_capability_h" = "xyes"; then
+      AC_DEFINE(USE_CAPABILITIES,,[use capabilities])
+    fi
+  fi
+fi
+
+AC_ARG_WITH(shadow,
+[AS_HELP_STRING(--without-shadow,Don't use shadow passwords (default=detect))],
+[ if test "x$withval" = "xno" ; then
+    no_shadow=1
+  fi ])
+  
+if test -z "$no_shadow" && test "x$ac_cv_header_shadow_h" = "xyes" ; then
+  AC_CHECK_FUNC(getspnam, AC_DEFINE(USE_SHADOW,,[use shadow passwords]),
+    AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(USE_SHADOW),
+      AC_MSG_WARN(shadow.h was found, but getspnam() isn't available)
+    )
+  )
+fi
+
+AC_ARG_WITH(usernames,
+[AS_HELP_STRING(--without-usernames,Use only numerical UIDs/GIDs)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(NO_FTP_USERS,,[without usernames])
+  fi ])
+
+AC_ARG_WITH(iplogging,
+[AS_HELP_STRING(--without-iplogging,Never log remote IP addresses (privacy))],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(DONT_LOG_IP,,[without iplogging])
+  fi ])
+
+AC_ARG_WITH(humor,
+[AS_HELP_STRING(--without-humor,Disable humor (enabled by default))],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(DISABLE_HUMOR,,[without humor])
+  fi ])
+
+AC_ARG_WITH(longoptions,
+[AS_HELP_STRING(--without-longoptions,Ignored - just for backward compatibility)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(NO_GETOPT_LONG,,[without longoptions])
+  fi ])
+
+AC_ARG_WITH(ascii,
+[AS_HELP_STRING(--without-ascii,Don't support 7-bits (ASCII) transfers)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(WITHOUT_ASCII,,[without ascii])
+  fi ])
+
+AC_ARG_WITH(globbing,
+[AS_HELP_STRING(--without-globbing,Don't include globbing code)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(DISABLE_GLOBBING,,[without globbing])
+  fi ])
+
+AC_ARG_WITH(nonalnum,
+[AS_HELP_STRING(--without-nonalnum,Only allow basic alphanumeric characters in file names)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(PARANOID_FILE_NAMES,,[disallow non-alphanumeric characters])
+  fi ])
+
+AC_ARG_WITH(unicode,
+[AS_HELP_STRING(--without-unicode,Disable non-latin characters in file names)],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(DISABLE_UNICODE_CONTROL_CHARS,,[disallow unicode control chars])
+  fi ])
+
+AC_ARG_WITH(sendfile,
+[AS_HELP_STRING(--without-sendfile,Don't use zero-copy optimizations (for network FS))],
+[ if test "x$withval" = "xno" ; then
+    AC_DEFINE(DISABLE_SENDFILE,,[without sendfile])
+  fi ])
+
+AC_ARG_WITH(privsep,
+[AS_HELP_STRING(--without-privsep,Disable privilege separation)],
+[ if test "x$withval" = "xno" ; then
+    without_privsep=yes
+  fi ])
+
+AC_ARG_WITH(boring,
+[AS_HELP_STRING(--with-boring,Display only boring messages)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(BORING_MODE,,[display only boring messages])
+    AC_DEFINE(DISABLE_HUMOR)
+  fi ])
+
+AC_ARG_WITH(brokenrealpath,
+[AS_HELP_STRING(--with-brokenrealpath,If your libc has a broken realpath() call)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(USE_BUILTIN_REALPATH,,[realpath() is broken])
+  fi ])
+
+AC_ARG_WITH(minimal,
+[AS_HELP_STRING(--with-minimal,Build only a small minimal server)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(MINIMAL,,[with minimal])
+    AC_DEFINE(NO_GETOPT_LONG)
+    AC_DEFINE(DISABLE_HUMOR)
+    AC_DEFINE(NO_FTP_USERS)
+    AC_DEFINE(WITHOUT_ASCII)    
+    AC_DEFINE(BORING_MODE)
+    CFLAGS="$CFLAGS -Os -fomit-frame-pointer -fno-unroll-loops "
+    LDFLAGS="$LDFLAGS -s "
+  fi ])
+
+AC_ARG_WITH(paranoidmsg,
+[AS_HELP_STRING(--with-paranoidmsg,Use paranoid but not admin-friendly messages)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(PARANOID_MESSAGES,,[with paranoidmsg])
+  fi ])
+
+AC_ARG_WITH(sysquotas,
+[AS_HELP_STRING(--with-sysquotas,Use system (not virtual) quotas)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(SYSTEM_QUOTAS,,[with sysquotas])
+  fi ])
+
+AC_ARG_WITH(altlog,
+[AS_HELP_STRING(--with-altlog,Support alternative log format (Apache-like))],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(WITH_ALTLOG,,[with altlog]) 
+  fi ])
+
+AC_ARG_WITH(puredb,
+[AS_HELP_STRING(--with-puredb,Support virtual (FTP-only) users)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(WITH_PUREDB,,[with puredb])
+  fi ])
+
+AC_ARG_WITH(extauth,
+[AS_HELP_STRING(--with-extauth,Support external authentication modules)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(WITH_EXTAUTH,,[with extauth (*BETA*)])
+  fi ])
+
+AC_ARG_WITH(pam,
+[AS_HELP_STRING(--with-pam,Enable PAM support (default=disabled))],
+[ if test "x$withval" = "xyes" ; then
+    with_pam="yes"
+  fi ])
+
+if test "x`uname`" = "xDarwin"; then
+  if test "x$with_pam" = "x"; then
+    with_pam="yes"
+  fi
+fi
+
+if test "x$with_pam" = "xyes" ; then
+  if test "x$ac_cv_header_security_pam_appl_h" != "xyes" &&
+     test "x$ac_cv_header_pam_pam_appl_h" != "xyes"; then
+    AC_MSG_ERROR(PAM headers not found.)  
+  else
+    AC_CHECK_LIB(dl, dlopen, , )
+    LIBS="$LIBS -lpam"
+    AC_DEFINE(USE_PAM,,[use pam])
+    AC_CHECK_FUNCS(pam_getenvlist)
+    AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#include <security/pam_appl.h>
+        ]], [[(void)pam_strerror((pam_handle_t *)NULL, -1)]])],[AC_MSG_RESULT(no)],[
+            AC_DEFINE(HAVE_OLD_PAM,,[obsolete pam])
+            AC_MSG_RESULT(yes)
+        ])   
+  fi
+fi  
+
+AC_MSG_CHECKING([whether syslog names are available])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#define SYSLOG_NAMES 1
+#include <stdio.h>
+#include <syslog.h>
+]], [[
+ (void) facilitynames
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE_SYSLOG_NAMES,,[define if syslog names are available])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+
+AC_MSG_CHECKING([whether struct addrinfo is defined])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+]], [[
+do {
+ struct addrinfo a;
+ (void) a.ai_flags;
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE_STRUCT_ADDRINFO,,[define if you have struct addrinfo])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+
+AC_MSG_CHECKING([whether sin_len is defined])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+]], [[
+do {
+ struct sockaddr_in a;
+ (void) a.sin_len;
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE_SIN_LEN,,[define if you have sin_len])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+
+AC_MSG_CHECKING([whether __ss_family is defined])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+]], [[
+do {
+ struct sockaddr_storage a;
+ (void) a.__ss_family;
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE___SS_FAMILY,,[define if you have __ss_family])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+
+AC_MSG_CHECKING([whether ss_len is defined])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+]], [[
+do {
+ struct sockaddr_storage a;
+ (void) a.ss_len;
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE_SS_LEN,,[define if you have ss_len])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+
+AC_MSG_CHECKING([whether __ss_len is defined])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+]], [[
+do {
+ struct sockaddr_storage a;
+ (void) a.__ss_len;
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE___SS_LEN,,[define if you have __ss_len])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+
+
+AC_MSG_CHECKING([if a linuxish sendfile is available])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UIO_H
+# include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_SENDFILE_H
+# include <sys/sendfile.h>
+#endif
+]], [[
+do {
+ int fd = 0;
+ off_t *off = NULL;
+ size_t cnt = (size_t) 0;
+ 
+ (void) sendfile(fd, fd, off, cnt);
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(SENDFILE_LINUX,,[define if you have a linuxish sendfile])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+AC_MSG_CHECKING([if a linuxish sendfile64 is available])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UIO_H
+# include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_SENDFILE_H
+# include <sys/sendfile.h>
+#endif
+]], [[
+do {
+ int fd = 0;
+ off_t *off = NULL;
+ size_t cnt = (size_t) 0;
+ 
+ (void) sendfile64(fd, fd, off, cnt);
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(SENDFILE64_LINUX,,[define if you have a linuxish sendfile64])
+],[
+  AC_MSG_RESULT(no)
+])
+
+AC_MSG_CHECKING([if a freebsdish sendfile is available])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UIO_H
+# include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_SENDFILE_H
+# include <sys/sendfile.h>
+#endif
+]], [[
+do {
+ int fd = 0;
+ off_t off = (off_t) 0;
+ size_t cnt = (size_t) 0;
+ struct sf_hdtr *hdtr = NULL;
+ 
+ (void) sendfile(fd, fd, off, cnt, hdtr, &off, 42);
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(SENDFILE_FREEBSD,,[define if you have a freebsdish sendfile])
+],[
+  AC_MSG_RESULT(no)
+])
+
+AC_MSG_CHECKING([if a hpuxish sendfile is available])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/socket.h>
+#include <stdio.h>
+]], [[
+do {
+ int fd = 0;
+ off_t off = (off_t) 0;
+ bsize_t nbytes = (size_t) 0;
+ const struct iovec *hdtrl = NULL;
+ 
+ (void) sendfile(fd, fd, off, nbytes, hdtrl, 42);
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(SENDFILE_HPUX,,[define if you have a hpuxish sendfile])
+],[
+  AC_MSG_RESULT(no)
+])
+
+AC_CHECK_FUNC(sendfilev, , [AC_CHECK_LIB(sendfile, sendfilev)])
+
+AC_MSG_CHECKING([if a solarisish sendfilev is available])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UIO_H
+# include <sys/uio.h>
+#endif
+#ifdef HAVE_SYS_SENDFILE_H
+# include <sys/sendfile.h>
+#endif
+]], [[
+do {
+ int fd = 0, sfvcnt = 0;
+ const struct sendfilevec vec;
+ size_t xferred;
+ 
+ (void) sendfilev(fd, &vec, sfvcnt, &xferred);
+} while(0)
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(SENDFILEV_SOLARIS,,[define if you have a solarisish sendfilev])
+],[
+  AC_MSG_RESULT(no)
+])
+
+
+AC_ARG_WITH(cookie,
+[AS_HELP_STRING(--with-cookie,Support 'fortune' cookies (-F option))],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(COOKIE,,[with cookie])
+  fi ])
+
+AC_ARG_WITH(throttling,
+[AS_HELP_STRING(--with-throttling,Support bandwidth throttling (disabled by default))],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(THROTTLING,,[with throttling])
+  fi ])
+
+AC_ARG_WITH(ratios,
+[AS_HELP_STRING(--with-ratios,Support for upload/download ratios)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(RATIOS,,[with ratios])
+  fi ])
+
+AC_ARG_WITH(quotas,
+[AS_HELP_STRING(--with-quotas,Support .ftpquota files)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(QUOTAS,,[with quotas])
+  fi ])
+
+AC_ARG_WITH(ftpwho,
+[AS_HELP_STRING(--with-ftpwho,Support for pure-ftpwho)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(FTPWHO,,[with ftpwho])
+  fi ])
+
+AC_ARG_WITH(welcomemsg,
+[AS_HELP_STRING(--with-welcomemsg,Support welcome.msg backward compatibility (deprecated))],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(WITH_WELCOME_MSG,,[with welcomemsg])
+  fi ])
+
+AC_ARG_WITH(uploadscript,
+[AS_HELP_STRING(--with-uploadscript,Allow running an external script after an upload (experimental))],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(WITH_UPLOAD_SCRIPT,,[with uploadscript])
+  fi ])
+
+AC_ARG_WITH(virtualhosts,
+[AS_HELP_STRING(--with-virtualhosts,Handle virtual servers on different IP addresses)],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(WITH_VIRTUAL_HOSTS,,[with virtualhosts])
+  fi ])
+
+AC_ARG_WITH(virtualchroot,
+[AS_HELP_STRING(--with-virtualchroot,Enable the ability to follow symlinks outside a chroot jail)],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(WITH_VIRTUAL_CHROOT,,[with virtual chroot])
+  fi ])
+
+AC_ARG_WITH(diraliases,
+[AS_HELP_STRING(--with-diraliases,Enable directory aliases)],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(WITH_DIRALIASES,,[with directory aliases])
+  fi ])
+
+AC_ARG_WITH(nonroot,
+[AS_HELP_STRING(--with-nonroot,[Compile a limited server designed to be started as a regular user. Only enable this option as a last resort if you really don't have root privileges on the server host.])],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(NON_ROOT_FTP,,[with nonroot])
+      AC_DEFINE(WITH_VIRTUAL_CHROOT)      
+      non_root_ftp=yes
+      without_privsep=yes
+  fi ])
+
+if test "x$without_privsep" = "xyes" ; then
+  AC_DEFINE(WITHOUT_PRIVSEP,,[disable privilege separation])
+fi
+
+AC_ARG_WITH(peruserlimits,
+[AS_HELP_STRING(--with-peruserlimits,Support per-user concurrency limits)],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(PER_USER_LIMITS,,[with per-user limits])
+      AC_DEFINE(FTPWHO)
+  fi ])
+
+AC_ARG_WITH(implicittls,
+[AS_HELP_STRING(--with-implicittls,Implicit TLS (port 990) - DO NOT USE unless you know what you are doing)],
+[ if test "x$withval" = "xyes" ; then
+      AC_DEFINE(IMPLICIT_TLS,,[with implicit TLS])
+      with_tls="yes"
+  fi ])
+
+AC_ARG_WITH(debug,
+[AS_HELP_STRING(--with-debug,For maintainers only - please do not use)],
+[ if test "x$withval" = "xyes" ; then
+    if test "$LX_CFLAGS" = "NONE"; then
+      nxflags=""
+      for flag in `echo $CFLAGS`; do
+        case "$flag" in
+          -O*) ;;
+          -g*) ;;
+          *) nxflags="$nxflags $flag"
+        esac
+      done
+      CFLAGS="$nxflags -O0 -g3 $CWFLAGS"
+    fi
+    CPPFLAGS="$CPPFLAGS -DDEBUG=1"
+  fi ])
+
+AC_ARG_WITH(everything,
+[AS_HELP_STRING(--with-everything,Build a big server with almost everything)],
+[ if test "x$withval" = "xyes" ; then
+    AC_DEFINE(WITH_ALTLOG)
+    AC_DEFINE(COOKIE)
+    AC_DEFINE(THROTTLING)
+    AC_DEFINE(RATIOS)
+    AC_DEFINE(QUOTAS)    
+    AC_DEFINE(WITH_UPLOAD_SCRIPT)
+    AC_DEFINE(WITH_VIRTUAL_HOSTS)
+    AC_DEFINE(WITH_PUREDB)
+    AC_DEFINE(WITH_EXTAUTH)
+    AC_DEFINE(FTPWHO)
+    AC_DEFINE(WITH_DIRALIASES)
+    AC_DEFINE(PER_USER_LIMITS)
+    with_bonjour='yes'
+  fi ])
+
+AC_ARG_WITH(language,
+[AS_HELP_STRING(--with-language=,< english | albanian | german | romanian | french |
+french-funny | polish | spanish | danish | dutch | italian |
+brazilian-portuguese | slovak | korean | swedish | norwegian | russian |
+traditional-chinese | simplified-chinese | czech | turkish | hungarian |
+catalan>)],
+[ if test "x$withval" = "xenglish" ; then
+    AC_DEFINE(MESSAGES_EN,,[english])
+  elif test "x$withval" = "xalbanian" ; then
+    AC_DEFINE(MESSAGES_SQ,,[albanian])
+  elif test "x$withval" = "xgerman" ; then
+    AC_DEFINE(MESSAGES_DE,,[german])
+  elif test "x$withval" = "xromanian" ; then
+    AC_DEFINE(MESSAGES_RO,,[romanian])
+  elif test "x$withval" = "xfrench" ; then
+    AC_DEFINE(MESSAGES_FR,,[french])
+  elif test "x$withval" = "xfrench-funny" ; then
+    AC_DEFINE(MESSAGES_FR_FUNNY,,[french-funny])    
+  elif test "x$withval" = "xpolish" ; then  
+    AC_DEFINE(MESSAGES_PL,,[polish])
+  elif test "x$withval" = "xspanish" ; then
+    AC_DEFINE(MESSAGES_ES,,[spanish])
+  elif test "x$withval" = "xdanish" ; then
+    AC_DEFINE(MESSAGES_DA,,[danish])
+  elif test "x$withval" = "xdutch" ; then
+    AC_DEFINE(MESSAGES_NL,,[dutch])
+  elif test "x$withval" = "xitalian" ; then
+    AC_DEFINE(MESSAGES_IT,,[italian])
+  elif test "x$withval" = "xbrazilian-portuguese" ; then
+    AC_DEFINE(MESSAGES_PT_BR,,[brazilian portuguese])
+  elif test "x$withval" = "xslovak" ; then
+    AC_DEFINE(MESSAGES_SK,,[slovak])
+  elif test "x$withval" = "xkorean" ; then
+    AC_DEFINE(MESSAGES_KR,,[korean])
+  elif test "x$withval" = "xswedish" ; then
+    AC_DEFINE(MESSAGES_SV,,[swedish])
+  elif test "x$withval" = "xnorwegian" ; then
+    AC_DEFINE(MESSAGES_NO,,[norwegian])
+  elif test "x$withval" = "xrussian" ; then
+    AC_DEFINE(MESSAGES_RU,,[russian])
+  elif test "x$withval" = "xtraditional-chinese" ; then
+    AC_DEFINE(MESSAGES_ZH_TW,,[traditional chinese])
+  elif test "x$withval" = "xsimplified-chinese" ; then
+    AC_DEFINE(MESSAGES_ZH_CN,,[simplified chinese])
+  elif test "x$withval" = "xczech" ; then
+    AC_DEFINE(MESSAGES_CS_CZ,,[czech])
+  elif test "x$withval" = "xturkish" ; then
+    AC_DEFINE(MESSAGES_TR,,[turkish])
+  elif test "x$withval" = "xhungarian" ; then
+    AC_DEFINE(MESSAGES_HU,,[hungarian])
+  elif test "x$withval" = "xcatalan" ; then
+    AC_DEFINE(MESSAGES_CA_ES,,[catalan])
+  else 
+    AC_MSG_WARN(--with-language=$withval is not recognized)
+  fi ])
+
+
+
+dnl Checks for libraries.
+
+AC_CHECK_LIB(crypt, crypt, , )
+
+AC_CHECK_LIB(sodium, crypto_pwhash_scryptsalsa208sha256_str)
+
+dnl Checks for library functions.
+AC_FUNC_ALLOCA
+AC_FUNC_MMAP
+AC_FUNC_MEMCMP
+AC_FUNC_STRFTIME
+AC_FUNC_STAT
+AC_FUNC_VPRINTF
+AC_FUNC_GETLOADAVG(src)
+AC_FUNC_GETGROUPS
+AC_FUNC_WAIT3
+AC_FUNC_UTIME_NULL
+AC_FUNC_STRTOD
+AC_FUNC_SELECT_ARGTYPES
+AC_FUNC_MKTIME
+AC_FUNC_LSTAT
+AC_FUNC_FORK
+AC_FUNC_ERROR_AT_LINE
+AC_FUNC_CLOSEDIR_VOID
+AC_FUNC_CHOWN
+AC_C_VOLATILE
+
+
+AC_CHECK_FUNCS(initgroups setrlimit waitpid setproctitle getopt_long)
+AC_CHECK_FUNCS(seteuid setreuid setresuid setegid setregid setresgid)
+AC_CHECK_FUNCS(statvfs statfs putenv setenv unsetenv getpagesize realpath)
+AC_CHECK_FUNCS(pread posix_fadvise ptrace)
+AC_CHECK_FUNCS(strtoull strtoq)
+AC_CHECK_FUNCS(strlcpy strlcat)
+AC_CHECK_FUNCS(memset munmap strdup fileno mapviewoffile madvise)
+AC_CHECK_FUNCS(getaddrinfo getnameinfo inet_ntop inet_pton)
+AC_CHECK_FUNCS(setusershell setgroups snprintf vsnprintf vfprintf gethostname)
+AC_CHECK_FUNCS(setlocale timegm)
+AC_CHECK_FUNCS(tzset utime utimes mknod mkfifo)
+AC_CHECK_FUNCS(random srandomdev arc4random arc4random_stir arc4random_addrandom)
+AC_CHECK_FUNCS(closefrom explicit_bzero getpwnam_shadow)
+
+AC_MSG_CHECKING([whether statvfs64() is defined])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#ifdef HAVE_SYS_STATVFS_H
+# include <sys/statvfs.h>
+#endif
+]], [[
+for (;;) {
+ struct statvfs64 a;
+ if (statvfs64(".", &a) == 0 || a.f_bsize != 0) {
+   break;
+ }
+} 
+]])],[
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(HAVE_STATVFS64,,[define if you have statvfs64])
+],[
+  AC_MSG_RESULT(no)
+])  
+
+AC_MSG_CHECKING(whether snprintf is C99 conformant)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+int main(void)
+{
+    char buf[4];
+    
+    (void) fprintf(fopen("conftestval", "w"), "%d\n",
+        (int) snprintf(buf, sizeof buf, "12345678"));
+    return 0;
+}
+]])],[CONF_SNPRINTF_TYPE=`cat conftestval`
+],[],[CONF_SNPRINTF_TYPE=8])
+AC_MSG_RESULT(done)
+if test "x$CONF_SNPRINTF_TYPE" = "x" ; then
+  AC_MSG_WARN(your operating system doesn't implement snprintf)
+else
+  AC_DEFINE_UNQUOTED(CONF_SNPRINTF_TYPE, $CONF_SNPRINTF_TYPE, [return value of an overflowed snprintf])
+fi
+
+
+AC_MSG_CHECKING(whether getgroups 0 is sane)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+int main(void)
+{
+    return getgroups(0, NULL) <= 0;
+}
+]])],[
+AC_MSG_RESULT(yes)
+AC_DEFINE(SAFE_GETGROUPS_0,,[Define is getgroups(0, NULL) works on your system])
+],[AC_MSG_RESULT(no)
+],[AC_MSG_RESULT(suppose that it doesnt)])
+
+AC_MSG_CHECKING(whether realpath likes unreadable directories)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#ifdef HAVE_LIMITS_H
+# include <limits.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+
+#ifndef PATH_MAX
+# define PATH_MAX MAXPATHLEN
+#endif
+
+int main(void)
+{
+    char x[PATH_MAX];
+    
+    if (mkdir("x", 0300) != 0) {
+        return 1;
+    }
+    if (mkdir("x/y", 0300) != 0) {
+        rmdir("x");
+        return 2;
+    }    
+    if (chdir("x") != 0) {
+        rmdir("x/y");    
+        rmdir("x");
+        return 3;
+    }
+    if (realpath("y", x) == NULL) {
+        rmdir("y");
+        rmdir("../x");
+        return 4;
+    }
+    rmdir("y");
+    rmdir("../x");
+    
+    return 0;    
+}
+]])],[
+AC_MSG_RESULT(yes)
+AC_DEFINE(REALPATH_WORKS_WITH_UNREADABLE_DIRECTORIES,,
+[Define if realpath() works on unreadable directories])
+],[AC_MSG_RESULT(no)
+AC_DEFINE(USE_BUILTIN_REALPATH)
+],[AC_MSG_RESULT(no)
+AC_DEFINE(USE_BUILTIN_REALPATH)])
+
+AC_MSG_CHECKING(whether you already have a standard MD5 implementation)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <md5.h>
+
+int main(void)
+{
+    MD5_CTX ctx;
+    char b[33];
+    
+    MD5Init(&ctx);
+    MD5Update(&ctx, (const unsigned char *) "test", 4U);
+    MD5End(&ctx, b);
+    b[32] = 0;
+
+    return strcasecmp(b, "098f6bcd4621d373cade4e832627b4f6");
+}
+]])],[
+AC_MSG_RESULT(yes)
+AC_DEFINE(USE_SYSTEM_CRYPT_MD5,,[Define if you already have standard
+MD5 functions])
+],[AC_MSG_RESULT(no)
+],[AC_MSG_RESULT(assuming no)])
+
+AC_MSG_CHECKING(whether you already have a standard SHA1 implementation)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sha1.h>
+
+int main(void)
+{
+    SHA1_CTX ctx;
+    char b[41];
+    
+    SHA1Init(&ctx);
+    SHA1Update(&ctx, (const unsigned char *) "test", 4U);
+    SHA1End(&ctx, b);
+    b[40] = 0;
+    
+    return strcasecmp(b, "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3");
+}
+]])],[
+AC_MSG_RESULT(yes)
+AC_DEFINE(USE_SYSTEM_CRYPT_SHA1,,[Define if you already have standard
+SHA1 functions])
+],[AC_MSG_RESULT(no)
+],[AC_MSG_RESULT(assuming no)])
+
+AC_MSG_CHECKING([whether we are inside a Virtuozzo virtual host])
+if test -d /proc/vz; then
+  AC_MSG_RESULT(yes)
+  AC_DEFINE(VIRTUOZZO,,[Define if you are inside a Virtuozzo virtual
+host])
+else
+  AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(default TCP send buffer size)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+int main(void)
+{
+    int fd,val=0,len=sizeof(int);
+    if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) return 1;
+        if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) return 1;
+    if (val <= 0) return 1;
+        fprintf (fopen("conftestval", "w"), "%d\n", val);
+    return 0;
+}
+]])],[CONF_TCP_SO_SNDBUF=`cat conftestval`],[CONF_TCP_SO_SNDBUF=65536],[CONF_TCP_SO_SNDBUF=65536])
+AC_MSG_RESULT($CONF_TCP_SO_SNDBUF)
+
+AC_DEFINE_UNQUOTED(CONF_TCP_SO_SNDBUF, $CONF_TCP_SO_SNDBUF, [default TCP send buffer])
+
+AC_MSG_CHECKING(default TCP receive buffer size)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+int main(void)
+{
+    int fd,val=0,len=sizeof(int);
+    if ((fd = socket(PF_INET, SOCK_STREAM, 0)) < 0) return 1;
+        if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) return 1;
+    if (val <= 0) return 1;
+        fprintf (fopen("conftestval", "w"), "%d\n", val);
+    return 0;
+}
+]])],[CONF_TCP_SO_RCVBUF=`cat conftestval`],[CONF_TCP_SO_RCVBUF=65536],[CONF_TCP_SO_RCVBUF=65536])
+AC_MSG_RESULT($CONF_TCP_SO_RCVBUF)
+
+AC_DEFINE_UNQUOTED(CONF_TCP_SO_RCVBUF, $CONF_TCP_SO_RCVBUF, [defaut TCP receive buffer])
+
+
+AC_ARG_WITH(ldap,
+[AS_HELP_STRING(--with-ldap,Users database is an LDAP directory (see doc))],
+[ if test "x$withval" != "xno" ; then
+    if test "x$withval" != "x" && test "x$withval" != "xyes" ; then
+      LD_RUN_PATH="${withval}/lib${LD_RUN_PATH:+:}${LD_RUN_PATH}"
+      LDFLAGS="$LDFLAGS -L${withval}/lib"
+      CPPFLAGS="$CPPFLAGS -I${withval}/include"
+    fi
+    with_ldap="yes"
+    AC_DEFINE(WITH_LDAP,,[with ldap])
+    AC_CHECK_LIB(resolv, res_query)
+    AC_CHECK_LIB(lber, ber_init, , 
+    [AC_MSG_ERROR(liblber is needed for LDAP support)])
+    AC_CHECK_LIB(ldap, ldap_init, ,
+     [AC_MSG_WARN(Initial check for -lldap failed! May need -lssl -lcrypto) 
+      AC_CHECK_LIB(ldap, ldap_bind, [ldap_ssl_libs=true], 
+      [AC_MSG_ERROR(libldap is needed for LDAP support)], -lssl -lcrypto)
+     ])
+    if test "x$ldap_ssl_libs" = "xtrue" ; then
+      LDAP_SSL_LIBS='-lssl -lcrypto'
+    fi
+  fi ])
+
+AC_SUBST(LDAP_SSL_LIBS)
+
+AC_ARG_WITH(mysql,
+[AS_HELP_STRING(--with-mysql,Users database is a MySQL database (see doc))],
+[ if test "x$withval" != "xno" ; then
+    if test "x$withval" != "x" && test "x$withval" != "xyes" ; then
+      LD_RUN_PATH="${withval}/lib${LD_RUN_PATH:+:}${LD_RUN_PATH}"    
+      LDFLAGS="$LDFLAGS -L${withval}/lib -L${withval}/lib/mysql -L${withval}/mysql/lib"
+      CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/mysql -I${withval}/mysql/include"
+    else
+      CFLAGS="$CFLAGS `mariadb_config --cflags 2> /dev/null || mysql_config --cflags`"
+      LDFLAGS="$LDFLAGS `mariadb_config --libs 2> /dev/null || mysql_config --libs`"
+    fi
+    AC_CHECK_LIB(m, floor)
+    AC_CHECK_LIB(z, gzclose)
+    with_mysql="yes"
+    AC_DEFINE(WITH_MYSQL,,[with mysql])
+    AC_CHECK_FUNC(mysql_init, , [
+      AC_CHECK_LIB(mariadb, mysql_init, , [
+        AC_CHECK_LIB(mysqlclient, mysql_init, ,
+          [AC_MSG_ERROR(libmysqlclient is needed for MySQL support)])
+      ])
+    ])
+    AC_MSG_CHECKING(whether mysql clients can run)
+    AC_LINK_IFELSE([AC_LANG_SOURCE([[
+      #include <stdio.h>
+      #include <mysql.h>    
+      int main(void)
+      {
+          MYSQL *a = mysql_init(NULL);
+          return 0;
+      }
+      ]])],[],[
+        AC_MSG_RESULT(no)
+        AC_MSG_ERROR(Your MySQL client libraries aren't properly installed)
+    ],[])
+    AC_MSG_RESULT(yes)
+  fi ])
+
+AC_ARG_WITH(pgsql,
+[AS_HELP_STRING(--with-pgsql,Users database is a PostgreSQL database (see doc))],
+[ if test "x$withval" != "xno" ; then
+    if test "x$withval" != "x" && test "x$withval" != "xyes" ; then
+      LD_RUN_PATH="${withval}/lib${LD_RUN_PATH:+:}${LD_RUN_PATH}"
+      LDFLAGS="$LDFLAGS -L${withval}/lib -L${withval}/lib/pgsql -L${withval}/lib/postgresql -L${withval}/pgsql/lib -L${withval}/postgresql/lib"
+      CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/pgsql -I${withval}/include/postgresql -I${withval}/pgsql/include -I${withval}/postgresql/include"
+    else
+      LD_RUN_PATH="`pg_config --libdir`${LD_RUN_PATH:+:}${LD_RUN_PATH}"
+      CPPFLAGS="$CPPFLAGS -I`pg_config --includedir`"
+      LDFLAGS="$LDFLAGS -L`pg_config --libdir`"
+    fi
+    AC_CHECK_LIB(m, floor)
+    AC_CHECK_LIB(z, gzclose)
+    with_pgsql="yes"
+    AC_DEFINE(WITH_PGSQL,,[with pgsql])
+    AC_CHECK_LIB(pq, PQconnectdb, ,
+      [AC_MSG_ERROR(libpq is needed for PostgreSQL support)])        
+    AC_MSG_CHECKING(whether postgresql clients can run)
+    AC_LINK_IFELSE([AC_LANG_SOURCE([[
+      #include <stdio.h>
+      #include <libpq-fe.h>
+      int main(void)
+      {
+          PGconn *a = PQconnectdb("");
+          return 0;
+      }
+      ]])],[],[
+        AC_MSG_RESULT(no)
+        AC_MSG_ERROR(Your PostgreSQL client libraries aren't properly installed)      
+    ],[])    
+    AC_MSG_RESULT(yes)
+  fi ])
+
+AC_ARG_WITH(tls,
+[AS_HELP_STRING(--with-tls,Enable TLS support)],
+[ if test "x$withval" = "xyes" ; then
+    with_tls="yes"
+  fi ])
+
+if test "x$with_tls" = "xyes" ; then
+  if test "x$ac_cv_header_openssl_ssl_h" != "xyes" ; then
+    AC_MSG_ERROR(OpenSSL headers not found.)  
+  fi
+  AC_CHECK_LIB(crypto, DH_new)
+  AC_CHECK_LIB(ssl, SSL_accept)
+  AC_CHECK_FUNCS(DH_get_2048_256 TLS_server_method)
+  AC_DEFINE(WITH_TLS,,[Enable TLS])
+fi
+
+AC_ARG_WITH(certfile,
+[AS_HELP_STRING(--with-certfile=,certificate file (default: /etc/ssl/private/pure-ftpd.pem))],
+[ if test "x$withval" != "x" ; then
+    certfile="$withval"
+    AC_SUBST(certfile)
+    CPPFLAGS="$CPPFLAGS -DTLS_CERTIFICATE_FILE='\"$certfile\"'"
+    if test ! -e "$certfile"; then
+      AC_MSG_WARN(No certificate is installed in $certfile yet)
+    fi
+  fi ])
+
+AC_ARG_WITH(keyfile,
+[AS_HELP_STRING(--with-keyfile=,certificate key file (default: /etc/ssl/private/pure-ftpd.pem))],
+[ if test "x$withval" != "x" ; then
+    keyfile="$withval"
+    AC_SUBST(keyfile)
+    CPPFLAGS="$CPPFLAGS -DTLS_KEY_FILE='\"$keyfile\"'"
+    if test ! -e "$keyfile"; then
+      AC_MSG_WARN(No certificate key is installed in $keyfile yet)
+    fi
+  fi ])
+
+AC_ARG_WITH(bonjour,
+[AS_HELP_STRING(--with-bonjour,Enable Bonjour support on MacOS X)],
+[ if test "x$withval" = "xyes" ; then
+    with_bonjour="yes"
+  fi ])
+
+if test "x$with_bonjour" = "xyes" ; then
+  if test "x$ac_cv_header_CoreFoundation_CoreFoundation_h" = "xyes" ; then
+    AC_DEFINE(WITH_BONJOUR,,[Enable Bonjour on MacOS X])
+    BONJOUR_LDADD='-framework CoreFoundation -framework CoreServices'
+  fi
+fi
+
+AC_SUBST(BONJOUR_LDADD)
+
+if test "x$sysconfdir" = 'xNONE' || test "x$sysconfdir" = 'x'; then
+  CONFDIR='/etc'
+else
+  if test "x$sysconfdir" = 'x${prefix}/etc'; then
+    if test "x$prefix" = 'xNONE' || test "x$prefix" = 'x/usr'; then
+      CONFDIR='/etc'
+    else
+      CONFDIR="$sysconfdir"
+    fi
+  else
+    CONFDIR="$sysconfdir"
+  fi
+fi  
+
+if test "x$localstatedir" = 'xNONE' || test "x$localstatedir" = 'x'; then
+  LOCALSTATEDIR='/var'
+else
+  if test "x$localstatedir" = 'x${prefix}/var'; then
+    if test "x$prefix" = 'xNONE' || test "x$prefix" = 'x/usr' || test "x$localstatedir" = 'x${prefix}/var' ; then
+      LOCALSTATEDIR='/var'
+    else
+      LOCALSTATEDIR="$localstatedir"
+    fi
+  else
+    LOCALSTATEDIR="$localstatedir"
+  fi
+fi  
+
+if test -r /dev/urandom; then
+  AC_MSG_NOTICE([You have /dev/urandom - Great])
+  AC_DEFINE(HAVE_DEV_URANDOM,,[Define if you have /dev/urandom])
+fi
+if test -r /dev/random; then
+  AC_MSG_NOTICE([You have /dev/random - Great])
+  AC_DEFINE(HAVE_DEV_RANDOM,,[Define if you have /dev/random])
+fi
+
+CONFDIR=`eval echo "$CONFDIR"`
+LOCALSTATEDIR=`eval echo "$LOCALSTATEDIR"`
+
+sysconfdir="$CONFDIR"
+AC_SUBST(sysconfdir)
+localstatedir="$LOCALSTATEDIR"
+AC_SUBST(localstatedir)
+
+CPPFLAGS="$CPPFLAGS -DCONFDIR=\\\"$sysconfdir\\\""
+CPPFLAGS="$CPPFLAGS -DSTATEDIR=\\\"$localstatedir\\\""
+
+AC_SUBST(CONFDIR)
+AC_SUBST(LOCALSTATEDIR)
+
+AH_VERBATIM([NDEBUG], [/* Never ever ignore assertions */
+#ifdef NDEBUG
+#/**/undef/**/ NDEBUG
+#endif])
+
+AC_CONFIG_FILES(Makefile src/Makefile pam/Makefile man/Makefile
+gui/Makefile m4/Makefile pure-ftpd.conf puredb/Makefile
+puredb/src/Makefile
+man/pure-ftpd.8 man/pure-ftpwho.8 man/pure-mrtginfo.8 man/pure-uploadscript.8
+man/pure-statsdecode.8 man/pure-quotacheck.8 man/pure-pw.8 man/pure-pwconvert.8
+man/pure-authd.8 man/pure-certd.8)
+
+AC_OUTPUT

EVSE/GPL/pure-ftpd-1.0.49/gui/Makefile.am

@@ -0,0 +1,3 @@
+EXTRA_DIST = \
+	build.sh
+

EVSE/GPL/pure-ftpd-1.0.49/gui/build.sh

@@ -0,0 +1,194 @@
+#! /bin/sh
+# Please have a TMP or TMPDIR environment variable if you don't trust /tmp.
+
+export PATH=/usr/local/bin:/usr/local/sbin:$PATH
+
+if [ -z "$dialog" ] ; then
+  if [ -n "$DISPLAY" ] ; then
+    Xdialog --msgbox 'Welcome to the Pure-FTPd configuration tool' 8 60 2> /dev/null && dialog='Xdialog'
+    gauge='--gauge'
+  fi
+fi  
+if [ -z "$dialog" ] ; then
+  dialog --msgbox 'Welcome to the Pure-FTPd configuration tool' 8 60 2> /dev/null && dialog='dialog'
+
+# Workaround for old versions of 'dialog' (Slackware)
+
+  if "$dialog" 2>&1 | grep gauge > /dev/null ; then
+    gauge='--gauge'
+  elif "$dialog" 2>&1 | grep guage > /dev/null ; then
+    gauge='--guage'
+  else
+    gauge=''
+  fi    
+fi  
+if [ -z "$dialog" ] ; then
+  lxdialog --msgbox 'Welcome to the Pure-FTPd configuration tool' 8 60 2> /dev/null && dialog='lxdialog'
+fi  
+if [ -z "$dialog" ] ; then
+  /usr/src/linux/scripts/lxdialog/lxdialog --msgbox 'Welcome to the Pure-FTPd configuration tool' 8 60 2> /dev/null && dialog='/usr/src/linux/scripts/lxdialog/lxdialog'
+fi  
+
+if [ -z "$dialog" ] ; then
+  echo "No 'dialog' found, GUI installation impossible"
+  exit 1
+fi  
+
+# Find a writable temporary directory
+tempdir=''
+for tmpdir in "$TMP" "$TMPDIR" /tmp /var/tmp; do
+  if [ -z "$tempdir" ] && [ -d "$tmpdir" ] && [ -w "$tmpdir" ]; then
+    tempdir="$tmpdir"
+  fi
+done
+if [ -z "$tempdir" ]; then
+  echo 'Unable to find a suitable temporary directory'
+  exit 1
+fi
+
+# Create a temporary file
+tmp=`mktemp $tempdir/build.gui.XXXXXX` || exit 1
+trap "rm -f $tmp; exit 1" 1 2 11 15
+
+$dialog \
+--title 'Compile-time options' \
+--separate-output \
+--checklist 'Defaults should be fine for most users' \
+20 78 10 \
+'without-standalone' "Don't compile the standalone server code" off \
+'without-inetd' "Don't support super-servers (like inetd)" off \
+'without-capabilities' "Don't use Linux capabilities (default=detect)" off \
+'without-shadow' "Don't use shadow passwords (default=detect)" off \
+'without-usernames' "Use only numerical UIDs/GIDs" off \
+'without-iplogging' "Never log remote IP addresses (confidentiality)" off \
+'without-humor' "Disable humor (enabled by default)" off \
+'without-ascii' "Don't support 7-bits (ASCII) transfers" off \
+'without-nonalnum' "Only allow minimal alpha-numeric characters" off \
+'without-unicode' "Disable utf8 non-latin characters" off \
+'without-globbing' "Don't include the globbing code" off \
+'without-sendfile' "Don't use zero-copy optimizations" off \
+'without-privsep' "Disable privilege separation" off \
+'with-brokenrealpath' "If your C library has a broken realpath()" off \
+'with-probe-random-dev' "To check for /dev/*random at run-time" off \
+'with-minimal' "Build only a minimal server for embedded systems" off \
+'with-paranoidmsg' "Use paranoid, but not admin-friendly messages" off \
+'with-sysquotas' "Use system (not virtual) quotas" off \
+'with-ldap' "Users database is an LDAP directory" off \
+'with-mysql' "Users database is a MySQL database" off \
+'with-altlog' "Support alternative log format (Apache-like)" on \
+'with-pam' 'Enable PAM authentication' off \
+'with-puredb' 'Support virtual (FTP-only) users' on \
+'with-extauth' 'Support external authentication modules' on \
+'with-cookie' "Support 'fortune' cookies" on \
+'with-throttling' "Support bandwidth throttling" on \
+'with-ftpwho' "Support the pure-ftpwho command" on \
+'with-ratios' "Support upload/download ratios" on \
+'with-quotas' "Support .ftpquota files" on \
+'with-welcomemsg' "welcome.msg files backward compatibility" off \
+'with-uploadscript' "Allow running scripts after upload (experimental)" on \
+'with-virtualhosts' "Allow a distinct content for each IP address" on \
+'with-virtualchroot' "Follow symlinks outside a chroot jail" off \
+'with-diraliases' "Support directory aliases" on \
+'with-peruserlimits' "Support per-user concurrency limits" on \
+'with-tls' "Support SSL/TLS security layer (experimental)" off \
+'with-bonjour' "Support Bonjour on MacOS X" off \
+2> $tmp
+
+cfgline='';
+for z in $(cat $tmp) ; do
+  cfgline="$cfgline --$z"
+done  
+
+$dialog \
+--title 'Compile-time options' \
+--radiolist 'Choose a language for server messages' \
+20 78 10 \
+'english' "This is the default" on \
+'albanian' "Contributed by Moisi Xhaferaj" off \
+'german' "Contributed by Mathias Gumz" off \
+'romanian' "Contributed by Claudiu Costin" off \
+'french' "Contributed by Ping" off \
+'french-funny' "Silly french messages" off \
+'polish' "Contributed by Arkadiusz Miskiewicz" off \
+'spanish' "Contributed by Luis Llorente Campo" off \
+'danish' "Contributed by Isak Lyberth" off \
+'dutch' "Contributed by Johan Huisman" off \
+'italian' "Contributed by Stefano F." off \
+'brazilian-portuguese' "Contributed by Roger C. Demetrescu" off \
+'slovak' "Contributed by Robert Varga" off \
+'korean' "Contributed by Im Eunjea" off \
+'swedish' "Contributed by Ulrik Sartipy" off \
+'norwegian' "Contributed by Kurt Inge Smadal" off \
+'russian' "Contributed by Andrey Ulanov" off \
+'traditional-chinese' "Contributed by Hether Fygul" off \
+'simplified-chinese' "Contributed by Hether Fygul" off \
+'czech' "Contributed by Martin Sarfy" off \
+'turkish' "Contributed by Mehmet Cokcevik" off \
+'hungarian' "Contributed by Banhalmi Csaba" off \
+'catalan' "Contributed by Oriol Magrano" off \
+2> $tmp
+
+z=$(cat $tmp)
+cfgline="$cfgline --with-language=$z"
+
+$dialog \
+--title 'Compile-time options' \
+--inputbox 'Installation prefix (/usr/local is not a bad idea)' \
+10 78 \
+'/usr/local' \
+2> $tmp
+
+prefix=$(cat $tmp)
+rm -f "$tmp" 2>/dev/null >&2
+if [ -n "$prefix" ] ; then
+  cfgline="$cfgline --prefix=$prefix"
+else
+  prefix='/usr/local'
+fi
+
+if [ ! -f "configure" ] ; then
+  cd ..
+  if [ ! -f "configure" ] ; then
+    echo 'Setup problem... try to install manually'
+    exit 1
+  fi
+fi
+
+if [ -n "$gauge" ] ; then
+(
+  echo "./configure $cfgline" > build.gui.log
+  echo 20
+  rm -f config.cache 2>/dev/null >&2
+  echo 30
+  ./configure $cfgline >&2 >> build.gui.log
+  echo 50
+  make clean >&2 >> build.gui.log
+  echo 60
+  make >&2 >> build.gui.log
+  echo 80
+  make install-strip >&2 >> build.gui.log
+  export instfailure
+  echo 100
+) | $dialog \
+  --title 'Compilation and installation' \
+  "$gauge" 'Please wait...' 10 78 10
+else
+  echo "./configure $cfgline" > build.gui.log
+  rm -f config.cache 2>/dev/null >&2
+  ./configure $cfgline >&2 >> build.gui.log
+  make clean >&2 >> build.gui.log
+  make >&2 >> build.gui.log
+  make install-strip >&2 >> build.gui.log
+  export instfailure
+fi
+
+touch "$prefix/pure-ftpd" 2> /dev/null || instfailure="yes"
+if [ -z "$instfailure" ] ; then
+  $dialog --msgbox \
+  "Congratulation, the server is now installed on your system.\nPlease read the documentation to know how to run it." \
+  10 78
+else
+  $dialog --msgbox \
+  "Compilation was successful, but you need to be root in\norder to install the files to the selected prefix.\nPlease run 'make install' as root." \
+  10 78
+fi

EVSE/GPL/pure-ftpd-1.0.49/m4/Makefile.am

@@ -0,0 +1,2 @@
+EXTRA_DIST = \
+	getloadavg.m4

EVSE/GPL/pure-ftpd-1.0.49/m4/ax_check_compile_flag.m4

@@ -0,0 +1,73 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_TRY_LINK([#include <stdio.h>],
+    [char x[42U], fodder = 0;if (fodder > -1000 && fgets(x,1000,stdin)) puts(x)],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS

EVSE/GPL/pure-ftpd-1.0.49/m4/ax_check_link_flag.m4

@@ -0,0 +1,72 @@
+# ===========================================================================
+#    http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the linker or gives an error.
+#   (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the linker's default flags
+#   when the check is done.  The check is thus made with the flags: "LDFLAGS
+#   EXTRA-FLAGS FLAG".  This can for example be used to force the linker to
+#   issue an error when a bad flag is given.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_CHECK_LINK_FLAG],
+[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
+AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
+  ax_check_save_flags=$LDFLAGS
+  LDFLAGS="$LDFLAGS $4 $1"
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
+  [[char x[42U];if (fgets(x,1000,stdin)) puts(x)]])],  
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  LDFLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_LINK_FLAGS

EVSE/GPL/pure-ftpd-1.0.49/m4/getloadavg.m4

@@ -0,0 +1,108 @@
+#serial 9
+
+# A replacement for autoconf's macro by the same name.  This version
+# accepts an optional argument specifying the name of the $srcdir-relative
+# directory in which the file getloadavg.c may be found.  It is unusual
+# (but justified, imho) that this file is required at ./configure time.
+
+undefine([AC_FUNC_GETLOADAVG])
+
+# AC_FUNC_GETLOADAVG
+# ------------------
+AC_DEFUN([AC_FUNC_GETLOADAVG],
+[ac_have_func=no # yes means we've found a way to get the load average.
+
+AC_CHECK_HEADERS(locale.h unistd.h mach/mach.h fcntl.h)
+AC_CHECK_FUNCS(setlocale)
+
+# By default, expect to find getloadavg.c in $srcdir/.
+ac_lib_dir_getloadavg=$srcdir
+# But if there's an argument, DIR, expect to find getloadavg.c in $srcdir/DIR.
+m4_ifval([$1], [ac_lib_dir_getloadavg=$srcdir/$1])
+# Make sure getloadavg.c is where it belongs, at ./configure-time.
+test -f $ac_lib_dir_getloadavg/getloadavg.c \
+  || AC_MSG_ERROR([getloadavg.c is not in $ac_lib_dir_getloadavg])
+# FIXME: Add an autoconf-time test, too?
+
+ac_save_LIBS=$LIBS
+
+# Check for getloadavg, but be sure not to touch the cache variable.
+(AC_CHECK_FUNC(getloadavg, exit 0, exit 1)) && ac_have_func=yes
+
+# On HPUX9, an unprivileged user can get load averages through this function.
+AC_CHECK_FUNCS(pstat_getdynamic)
+
+# Solaris has libkstat which does not require root.
+AC_CHECK_LIB(kstat, kstat_open)
+test $ac_cv_lib_kstat_kstat_open = yes && ac_have_func=yes
+
+# Some systems with -lutil have (and need) -lkvm as well, some do not.
+# On Solaris, -lkvm requires nlist from -lelf, so check that first
+# to get the right answer into the cache.
+# For kstat on solaris, we need libelf to force the definition of SVR4 below.
+if test $ac_have_func = no; then
+  AC_CHECK_LIB(elf, elf_begin, LIBS="-lelf $LIBS")
+fi
+if test $ac_have_func = no; then
+  AC_CHECK_LIB(kvm, kvm_open, LIBS="-lkvm $LIBS")
+  # Check for the 4.4BSD definition of getloadavg.
+  AC_CHECK_LIB(util, getloadavg,
+    [LIBS="-lutil $LIBS" ac_have_func=yes ac_cv_func_getloadavg_setgid=yes])
+fi
+
+if test $ac_have_func = no; then
+  # There is a commonly available library for RS/6000 AIX.
+  # Since it is not a standard part of AIX, it might be installed locally.
+  ac_getloadavg_LIBS=$LIBS
+  LIBS="-L/usr/local/lib $LIBS"
+  AC_CHECK_LIB(getloadavg, getloadavg,
+               [LIBS="-lgetloadavg $LIBS"], [LIBS=$ac_getloadavg_LIBS])
+fi
+
+# Make sure it is really in the library, if we think we found it,
+# otherwise set up the replacement function.
+AC_CHECK_FUNCS(getloadavg, [],
+               [_AC_LIBOBJ_GETLOADAVG])
+
+# Some definitions of getloadavg require that the program be installed setgid.
+AC_CACHE_CHECK(whether getloadavg requires setgid,
+               ac_cv_func_getloadavg_setgid,
+[AC_EGREP_CPP([Yowza Am I SETGID yet],
+[#include "$ac_lib_dir_getloadavg/getloadavg.c"
+#ifdef LDAV_PRIVILEGED
+Yowza Am I SETGID yet
+@%:@endif],
+              ac_cv_func_getloadavg_setgid=yes,
+              ac_cv_func_getloadavg_setgid=no)])
+if test $ac_cv_func_getloadavg_setgid = yes; then
+  NEED_SETGID=true
+  AC_DEFINE(GETLOADAVG_PRIVILEGED, 1,
+            [Define if the `getloadavg' function needs to be run setuid
+             or setgid.])
+else
+  NEED_SETGID=false
+fi
+AC_SUBST(NEED_SETGID)dnl
+
+if test $ac_cv_func_getloadavg_setgid = yes; then
+  AC_CACHE_CHECK(group of /dev/kmem, ac_cv_group_kmem,
+[ # On Solaris, /dev/kmem is a symlink.  Get info on the real file.
+  ac_ls_output=`ls -lgL /dev/kmem 2>/dev/null`
+  # If we got an error (system does not support symlinks), try without -L.
+  test -z "$ac_ls_output" && ac_ls_output=`ls -lg /dev/kmem`
+  ac_cv_group_kmem=`echo $ac_ls_output \
+    | sed -ne ['s/[ 	][ 	]*/ /g;
+	       s/^.[sSrwx-]* *[0-9]* *\([^0-9]*\)  *.*/\1/;
+	       / /s/.* //;p;']`
+])
+  AC_SUBST(KMEM_GROUP, $ac_cv_group_kmem)dnl
+fi
+if test "x$ac_save_LIBS" = x; then
+  GETLOADAVG_LIBS=$LIBS
+else
+  GETLOADAVG_LIBS=`echo "$LIBS" | sed "s!$ac_save_LIBS!!"`
+fi
+LIBS=$ac_save_LIBS
+
+AC_SUBST(GETLOADAVG_LIBS)dnl
+])# AC_FUNC_GETLOADAVG

EVSE/GPL/pure-ftpd-1.0.49/man/Makefile.am

@@ -0,0 +1,23 @@
+man_MANS = \
+	pure-ftpd.8 \
+	pure-ftpwho.8 \
+	pure-mrtginfo.8 \
+	pure-uploadscript.8 \
+	pure-statsdecode.8 \
+	pure-quotacheck.8 \
+	pure-pw.8 \
+	pure-pwconvert.8 \
+	pure-authd.8 \
+	pure-certd.8
+
+CLEANFILES = \
+	pure-ftpd.8 \
+	pure-ftpwho.8 \
+	pure-mrtginfo.8 \
+	pure-uploadscript.8 \
+	pure-statsdecode.8 \
+	pure-quotacheck.8 \
+	pure-pw.8 \
+	pure-pwconvert.8 \
+	pure-authd.8 \
+	pure-certd.8

EVSE/GPL/pure-ftpd-1.0.49/man/pure-authd.8.in

@@ -0,0 +1,146 @@
+.TH "pure-authd" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-authd \- External authentication agent for Pure\-FTPd.
+.SH "SYNTAX"
+.LP
+pure\-authd [\fI\-p\fP <\fI/path/to/pidfile\fP>] [\fI\-u\fP uid] [\fI\-g\fP gid] [\fI\-B\fP] <\fI\-s\fP /path/to/socket> \fI\-r\fP /program/to/run
+
+.SH "DESCRIPTION"
+.LP
+pure\-authd is a daemon that forks an authentication program, waits for an authentication reply, and feed them to an application server.
+.LP
+pure\-authd listens to a local Unix socket. A new connection to that socket should feed pure\-authd the following structure:
+.IP
+account:xxx
+
+password:xxx
+
+localhost:xxx
+
+localport:xxx
+
+peer:xxx
+
+end
+.LP
+(replace xxx with appropriate values) . localhost, localport and peer are numeric IP addresses and ports. peer is the IP address of the remote client.
+.LP
+These arguments are passed to the authentication program, as environment variables:
+.IP
+AUTHD_ACCOUNT
+
+AUTHD_PASSWORD
+
+AUTHD_LOCAL_IP
+
+AUTHD_LOCAL_PORT
+
+AUTHD_REMOTE_IP
+
+AUTHD_ENCRYPTED
+.LP
+The authentication program should take appropriate actions to fetch account info according to these arguments, and reply to the standard output a structure like the following one:
+.IP
+auth_ok:1
+
+uid:42
+
+gid:21
+
+dir:/home/j
+
+end
+
+.TP
+\fBauth_ok:\fRxxx
+If xxx is 0, the user was not found (the next authentication method passed to pure\-ftpd will be tried) . If xxx is \-1, the user was found, but there was a fatal authentication error: user is root, password is wrong, account has expired, etc (next authentication methods will not be tried) . If xxx is 1, the user was found and successfully authenticated.
+.TP
+\fBuid:\fRxxx
+The system uid to be assigned to that user. Must be > 0.
+.TP
+\fBgid:\fRxxx
+The primary system gid. Must be > 0.
+.TP
+\fBdir:\fRxxx
+The absolute path to the home directory. Can contain /./ for a chroot jail.
+.TP
+\fBslow_tilde_expansion:\fRxxx \fI(optional, default is 1)\fR
+When the command 'cd ~user' is issued, it's handy to go to that user's home directory, as expected in a shell environment. But fetching account info can be an expensive operation for non\-system accounts. If xxx is 0, 'cd ~user' will expand to the system user home directory. If xxx is 1, 'cd ~user' won't expand. You should use 1 in most cases with external authentication, when your FTP users don't match system users. You can also set xxx to 1 if you're using slow nss_* system authentication modules.
+.TP
+\fBthrottling_bandwidth_ul:\fRxxx \fI(optional)\fR
+The allocated bandwidth for uploads, in bytes per second.
+.TP
+\fBthrottling_bandwidth_dl:\fRxxx \fI(optional)\fR
+The allocated bandwidth for downloads, in bytes per second.
+.TP
+\fBuser_quota_size:\fRxxx \fI(optional)\fR
+The maximal total size for this account, in bytes.
+.TP
+\fBuser_quota_files:\fRxxx \fI(optional)\fR
+The maximal number of files for this account.
+.TP
+\fBratio_upload:\fRxxx \fI(optional)\fR
+.TP
+\fBradio_download:\fRxxx \fI(optional)\fR
+The user must match a ratio_upload:ratio_download ratio.
+.LP
+\fIOnly one authentication program is forked at a time. It must return quickly.\fR
+.SH "OPTIONS"
+.TP
+\fB\-u\fR <\fIuid\fP>
+Have the daemon run with that uid.
+.TP
+\fB\-g\fR <\fIgid\fP>
+Have the daemon run with that gid.
+.TP
+\fB\-B\fR
+Fork in background (daemonization).
+.TP
+\fB\-s\fR <\fI/path/to/socket\fP>
+Set the full path to the local Unix socket.
+.TP
+\fB\-r\fR <\fI/path/to/program\fP>
+Set the full path to the authentication program.
+.TP
+\fB\-h\fR
+Output help information and exit.
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-authd \-s @LOCALSTATEDIR@/run/ftpd.sock \-r /usr/bin/my\-auth\-program &
+.LP
+pure\-ftpd \-lextauth:@LOCALSTATEDIR@/run/ftpd.sock &
+.TP
+/usr/bin/my\-auth\-program can be as simple as:
+#! /bin/sh
+
+echo 'auth_ok:1'
+
+echo 'uid:42'
+
+echo 'gid:21'
+
+echo 'dir:/home/j'
+
+echo 'end'
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959",
+.BR "RFC 2389",
+.BR "RFC 2228" " and"
+.BR "RFC 2428".

EVSE/GPL/pure-ftpd-1.0.49/man/pure-certd.8.in

@@ -0,0 +1,98 @@
+.TH "pure-certd" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-certd \- TLS certificate agent for Pure\-FTPd.
+.SH "SYNTAX"
+.LP
+pure\-certd [\fI\-p\fP <\fI/path/to/pidfile\fP>] [\fI\-u\fP uid] [\fI\-g\fP gid] [\fI\-B\fP] <\fI\-s\fP /path/to/socket> \fI\-r\fP /program/to/run
+
+.SH "DESCRIPTION"
+.LP
+pure\-certd is a daemon that forks an authentication program, waits for a certificate path as a reply, and returns it to an application server.
+.LP
+pure\-certd listens to a local Unix socket. A new connection to that socket should send pure\-authd the following structure:
+.IP
+sni_name:xxx
+end
+.LP
+These content is passed to the authentication program, as an environment variable:
+.IP
+CERTD_SNI_NAME
+.LP
+The authentication program should take appropriate actions to select a TLS certificate, and reply to the standard output with the following format:
+.IP
+action:strict
+cert_file:/path/to/cert.pem
+key_file:/path/to/cert.pem
+end
+.TP
+\fBcert_file:\fRxxx
+Absolute path to the certificate in PEM format.
+.TP
+\fBkey_file:\fRxxx
+This is optional, as a certificate and its key can be concatenated in the same file.
+.TP
+\fBaction:\fRxxx
+If action is "deny", a certificate for that name was not found and access is denied.
+If xxx is "default", the default certificate will be used.
+If xxx is "strict", the certificate whose path is indicated in "cert_path" will be used. If absent or invalid, access will be denied.
+If xxx is "fallback", the certificate whose path is indicated in "cert_path" will be used. If absent or invalid, the default certificate will be used instead.
+.TP
+\fBuid:\fRxxx
+The system uid to be assigned to that user. Must be > 0.
+.TP
+\fBgid:\fRxxx
+The primary system gid. Must be > 0.
+.TP
+\fBdir:\fRxxx
+The absolute path to the home directory. Can contain /./ for a chroot jail.
+.LP
+\fIOnly one authentication program is forked at a time. It must return quickly.\fR
+.SH "OPTIONS"
+.TP
+\fB\-u\fR <\fIuid\fP>
+Have the daemon run with that uid.
+.TP
+\fB\-g\fR <\fIgid\fP>
+Have the daemon run with that gid.
+.TP
+\fB\-B\fR
+Fork in background (daemonization).
+.TP
+\fB\-s\fR <\fI/path/to/socket\fP>
+Set the full path to the local Unix socket.
+.TP
+\fB\-r\fR <\fI/path/to/program\fP>
+Set the full path to the authentication program.
+.TP
+\fB\-h\fR
+Output help information and exit.
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-certd \-s @LOCALSTATEDIR@/run/certd.sock \-r /usr/bin/my\-cert\-program &
+.LP
+pure\-ftpd \-lextauth:@LOCALSTATEDIR@/run/certd.sock &
+.TP
+/usr/bin/my\-cert\-program can be as simple as:
+#! /bin/sh
+
+echo 'action:strict'
+
+echo 'cert_file:/etc/ssl/private/pure-ftpd/cert.pem'
+
+echo 'end'
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"

EVSE/GPL/pure-ftpd-1.0.49/man/pure-ftpd.8.in

@@ -0,0 +1,1036 @@
+.\"
+.\" Troll-FTPd is Copyright 1995-2000 Trolltech AS, and Copyright 2001-2002 Arnt Gulbrandsen.
+.\" Pure-FTPd is (C)opyleft 2001-2019 by Frank DENIS <j at pureftpd dot org> and the Pure-FTPd team.
+.\"
+.\" Use, modification and distribution is allowed without limitation, warranty, or liability of any kind.
+.\"
+.TH "pure-ftpd" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+pure\-ftpd \- simple File Transfer Protocol server
+
+.SH "SYNOPSIS"
+.B pure\-ftpd [\-0] [\-1] [\-2 cert_file[,key_file]] [\-3 certd_socket] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
+
+.br
+Alternative style:
+.br
+\-0 \-\-notruncate
+.br
+\-1 \-\-logpid
+.br
+\-2 \-\-certfile
+.br
+\-3 \-\-extcert
+.br
+\-4 \-\-ipv4only
+.br
+\-6 \-\-ipv6only
+.br
+\-a \-\-trustedgid
+.br
+\-A \-\-chrooteveryone
+.br
+\-b \-\-brokenclientscompatibility
+.br
+\-B \-\-daemonize
+.br
+\-c \-\-maxclientsnumber
+.br
+\-C \-\-maxclientsperip
+.br
+\-d \-\-verboselog
+.br
+\-D \-\-displaydotfiles
+.br
+\-e \-\-anonymousonly
+.br
+\-E \-\-noanonymous
+.br
+\-f \-\-syslogfacility
+.br
+\-F \-\-fortunesfile
+.br
+\-g \-\-pidfile
+.br
+\-G \-\-norename
+.br
+\-h \-\-help
+.br
+\-H \-\-dontresolve
+.br
+\-i \-\-anonymouscantupload
+.br
+\-I \-\-maxidletime
+.br
+\-j \-\-createhomedir
+.br
+\-J \-\-tlsciphersuite
+.br
+\-k \-\-maxdiskusagepct
+.br
+\-K \-\-keepallfiles
+.br
+\-l \-\-login
+.br
+\-L \-\-limitrecursion
+.br
+\-m \-\-maxload
+.br
+\-M \-\-anonymouscancreatedirs
+.br
+\-n \-\-quota
+.br
+\-N \-\-natmode
+.br
+\-o \-\-uploadscript
+.br
+\-O \-\-altlog
+.br
+\-p \-\-passiveportrange
+.br
+\-P \-\-forcepassiveip
+.br
+\-q \-\-anonymousratio
+.br
+\-Q \-\-userratio
+.br
+\-r \-\-autorename
+.br
+\-R \-\-nochmod
+.br
+\-s \-\-antiwarez
+.br
+\-S \-\-bind
+.br
+\-t \-\-anonymousbandwidth
+.br
+\-T \-\-userbandwidth
+.br
+\-u \-\-minuid
+.br
+\-U \-\-umask
+.br
+\-v \-\-bonjour
+.br
+\-V \-\-trustedip
+.br
+\-w \-\-allowuserfxp
+.br
+\-W \-\-allowanonymousfxp
+.br
+\-x \-\-prohibitdotfileswrite
+.br
+\-X \-\-prohibitdotfilesread
+.br
+\-y \-\-peruserlimits
+.br
+\-Y \-\-tls
+.br
+\-z \-\-allowdotfiles
+.br
+\-Z \-\-customerproof
+
+.SH "DESCRIPTION"
+.B Pure\-FTPd
+is a small, simple server for the old and hairy File Transfer
+Protocol, designed to use less resources than older servers, be
+smaller and very secure, and to never execute any external program.
+.PP
+It support most\-used features and commands of FTP (including many modern
+extensions), and leaves out everything which is deprecated, meaningless,
+insecure, or correlates with trouble.
+.PP
+IPv6 is fully supported.
+
+.SH "OPTIONS"
+.TP
+.B \-0
+When a file is uploaded and there is already a previous version of the
+file with the same name, the old file will neither get removed nor truncated.
+Upload will take place in a temporary file and once the upload is complete,
+the switch to the new version will be atomic. This option should not be used
+together with virtual quotas.
+.TP
+.B \-1
+Add the PID to the syslog output. Ignored if 
+.B -f
+.B none
+is set.
+.TP
+.B \-2 cert_file[,key_file]
+When using TLS, set the path to the certificate file. The certificate
+and its key can be be bundled into a single file, or the key can be
+in a distinct file.
+.TP
+.B \-3 path
+Path to the pure-certd UNIX socket.
+.TP
+.B \-4
+Listen only to IPv4 connections.
+.TP
+.B \-6
+Listen only to IPv6 connections.
+.TP
+.B \-a gid
+Regular users will be chrooted to their home directories, unless
+they belong to the specified gid. Note that root is always trusted,
+and that chroot() occurs only for anonymous ftp without this option.
+.TP
+.B \-A
+Chroot() everyone, but root.
+.TP
+.B \-b
+Be broken. Turns on some compatibility hacks for shoddy clients, and for broken Netfilter gateways.
+.TP
+.B \-B
+Start the standalone server in background (daemonize).
+.TP
+.B \-c clients
+Allow a maximum of
+.I clients
+to be connected.
+.I clients
+must be at least 1, and if you combine it with
+.B \-p
+it will be forced down to half the number of ports specified by
+.B \-p.
+If more than
+.I clients
+are connected, new clients are rejected at once, even clients wishing
+to upload, or to log in as normal users. Therefore, it is advisable
+to use
+.B \-m
+as primary overload protection. The default value is 50.
+.TP
+.B \-C max connection per ip
+Limit the number of simultaneous connections
+coming from the same IP address. This is yet another very effective way to
+prevent stupid denial of services and bandwidth starvation by a single user.
+It works only when the server is launched in standalone mode (if you use a
+super\-server, it is supposed to do that). If the server is launched with
+.B \-C 2
+, it doesn't mean that the total number of connection is limited to 2.
+But the same client, coming from the same machine (or at least the same IP),
+can't have more than two simultaneous connections. This features needs some
+memory to track IP addresses, but it's recommended to use it.
+.TP
+.B \-d
+turns on debug logging. Every command is logged, except that the argument
+to PASS is changed to "<password>". If you repeat
+.B \-d
+, responses too are logged.
+.TP
+.B \-e
+Only allow anonymous users to log in.
+.TP
+.B \-E
+Only allow authenticated login. Anonymous users are prohibited.
+.TP
+.B \-f facility
+makes ftpd use
+.I facility
+for all
+.BR syslog (3)
+messages.
+.I facility
+defaults to
+.BR ftp .
+The facility names are normally listed in
+.IR /usr/include/sys/syslog.h .
+Note that if
+.B \-f
+is not the first option on the command line, a couple of messages may
+be logged to local2 before the
+.B \-f
+option is parsed.
+Use
+.B \-f none
+to disable logging.
+.TP
+.B \-F fortunes file
+Display a funny random message in the initial login banner. The
+random cookies are extracted from a text file, in the standard
+.B fortune
+format. If you installed the
+.B fortune
+package, you should have a directory
+(usually
+.B /usr/share/fortune
+) with binary files (
+.B xxxx.dat
+) and text files
+(without the
+.B .dat
+extension).
+.TP
+.B \-g pidfile
+In standalone mode, write the pid to that file in instead of
+@LOCALSTATEDIR@/run/pure-ftpd.pid .
+.TP
+.B \-G
+When this option is enabled, people can no more change the name of already
+uploaded files, even if they own those files or their directory.
+.TP
+.B \-H
+Don't resolve host names ("192.0.34.166" will be logged instead of
+"www.example.com"). It can significantly speed up connections and reduce
+bandwidth usage on busy servers. Use it especially on public FTP sites.
+.TP
+.B \-i
+Disallow upload for anonymous users, whatever directory permissions
+are. This option is especially useful for virtual hosting, to avoid your
+users create warez sites in their account.
+.TP
+.B \-I timeout
+Change the maximum idle time. The timeout is in minutes, and defaults to 15.
+.TP
+.B \-j
+If the home directory of a user doesn't exist, automatically
+create it. The newly created home directory belongs to the user, and
+permissions are set according to the current directory mask. To avoid local
+attacks, the parent directory should never belong to an untrusted user.
+.TP
+.B \-J ciphers
+Set the list of ciphers that will be accepted for TLS connections.
+.TP
+.B \-k percentage
+Disallow upload if the partition is more than
+.B percentage
+full. Example:
+\-k 95 will ensure that your disk will never get filled more than 95% by FTP
+users.
+.TP
+.B \-K
+Allow users to resume and upload files, but NOT to delete them. Directories
+can be removed, but only if they are empty.
+.TP
+.B \-l authentication:file
+Enable a new authentication method. It can be one of:
+.I -l unix
+For standard (/etc/passwd) authentication.
+.I -l pam
+For PAM authentication.
+.I -l ldap:LDAP config file
+For LDAP directories.
+.I -l mysql:MySQL config file
+For MySQL databases.
+.I -l pgsql:Postgres config file
+For Postgres databases.
+.I -l puredb:PureDB database file
+For PureDB databases.
+.I -l extauth:path to pure-authd socket
+For external authentication handlers.
+.br
+Different authentication methods can be mixed together. For instance if you
+run the server with
+.I -lpuredb:@CONFDIR@/pwd.pdb -lmysql:@CONFDIR@/my.cf -lunix
+Accounts will first be authenticated from a PureDB database. If it fails, a
+MySQL server will be asked. If the account is still not found is the
+database, standard unix accounts will be scanned. Authentication methods are
+tried in the order you give the -l options, if you do not give -l, then the
+decision comes from configure, if PAM is built in, it is used, if not,
+then UNIX (/etc/passwd) is used by default.
+.br
+See the
+.I README.LDAP
+and
+.I README.MySQL
+files for info about the built\-in LDAP and SQL directory support.
+.TP
+.B \-L max files:max depth
+Avoid denial\-of\-service attacks by limiting the number of displayed files
+in a 'ls' and the maximum depth of a recursive 'ls'. Defaults are 2000:5
+(2000 files displayed for a single 'ls' and walk through 5 subdirectories
+max).
+.TP
+.B \-m load
+Do not allow anonymous users to download files if the load is above
+.I load
+when the user connects. Uploads and file listings are still allowed,
+as are downloads by real users. The user is not told about this until
+he/she tries to download a file.
+.TP
+.B \-M
+Allow anonymous users to create directories.
+.TP
+.B \-n maxfiles:maxsize
+Enable
+.B virtual quotas
+When virtual quotas are enabled, .ftpquota files are created, and the
+number of files for a user is restricted to 'maxfiles'. The max total size
+of his directory is also restricted to 'maxsize' Megabytes. Members of the
+trusted group aren't subject to quotas.
+.TP
+.B \-N
+NAT mode. Force
+.B active
+mode. If your FTP server is behind a NAT box
+that doesn't support applicative FTP proxying, or if you use port
+redirection without a transparent FTP proxy, use this. Well... the previous
+sentence isn't very clear. Okay: if your network looks like this:
+.br
+FTP\-\-NAT.gateway/router\-\-Internet
+.br
+and if you want people coming from the internet to have access to your FTP
+server, please try without this option first. If Netscape clients can
+connect without any problem, your NAT gateway rulez. If Netscape doesn't
+display directory listings, your NAT gateway sucks. Use
+\fB\-N\fR
+as a workaround.
+.TP
+.B \-o
+Enable
+.IR pure\-uploadscript .
+.TP
+.B \-O format:log file
+Record all file transfers into a specific log
+file, in an alternative format. Currently, three formats are supported: CLF,
+Stats, W3C and xferlog.
+.br
+If you add
+.br
+\fB\-O clf:/var/log/pureftpd.log\fR
+.br
+to your starting options,
+Pure-FTPd will log transfers in
+\fB/var/log/pureftpd.log\fR
+in a format similar to
+the Apache web server in default configuration.
+.br
+If you add
+.br
+\fB\-O stats:/var/log/pureftpd.log\fR
+.br
+to your starting options,
+Pure-FTPd will create accurate log files designed for traffic analys
+software like ftpStats.
+.br
+If you add
+.br
+\fB\-O w3c:/var/log/pureftpd.log\fR
+.br
+to your starting options,
+Pure-FTPd will create W3C\-conformant log files.
+.br
+For security purposes, the path must be absolute
+(eg.
+\fB/var/log/pureftpd.log\fR, not \fB ../log/pureftpd.log\fR).
+.TP
+.B \-p first:last
+Use only ports in the range \fIfirst\fR to \fIlast\fR
+inclusive for passive\-mode downloads. This means that clients will
+not try to open connections to TCP ports outside the range \fIfirst \- last\fR,
+which makes pure\-ftpd more compatible with packet filters. Note that
+the maximum number of clients (specified with \fB\-c\fR)
+is forced down to \fI(last + 1 \- first)/2\fR
+if it is greater, as the default is. (The syntax for the port range
+is, conveniently, the same as that of
+.BR iptables).
+.TP
+.B \-P ip address or host name
+Force the specified IP address in reply to a
+.B PASV/EPSV/SPSV
+command. If the server is behind a masquerading (NAT) box that doesn't
+properly handle stateful FTP masquerading, put the ip address of that box
+here. If you have a dynamic IP address, you can use a symbolic host name
+(probably the one of your gateway), that will be resolved every time a new
+client will connect.
+.TP
+.B \-q upload:download
+Enable an upload/download ratio for anonymous users (ex:
+.I \-q 1:5
+means that 1 Mb of goodies have to be uploaded to leech 5 Mb).
+.TP
+.B \-Q upload:download
+Enable ratios for anonymous and non\-anonymous users. If the
+.I \-a
+option is also used, users from the trusted group have no ratio.
+.TP
+.B \-r
+Never overwrite existing files. Uploading a file whose name
+already exists cause an automatic rename. Files are called xyz.1, xyz.2,
+xyz.3, etc.
+.TP
+.B \-R
+Disallow users (even non-anonymous ones) usage of the CHMOD
+command. On hosting services, it may prevent newbies from doing mistakes,
+like setting bad permissions on their home directory. Only root can use
+CHMOD when this switch is enabled.
+.TP
+.B \-s
+Don't allow anonymous users to retrieve files owned by "ftp"
+(generally, files uploaded by other anonymous users).
+.TP
+.B \-S [{ip address|hostname}] [,{port|service name}]
+This option is
+only effective when the server is launched as a standalone server.
+Connections are accepted on the specified IP and port. IPv4 and IPv6 are
+supported. Numeric and fully\-qualified host names are accepted. A service
+name (see /etc/services) can be used instead of a numeric port number.
+.TP
+.B \-t bandwidth
+or
+.B \-t upload bandwidth:download bandwidth
+Enable process priority lowering and bandwidth throttling for anonymous
+users. Delay should be in kilobytes/seconds.
+.TP
+.B \-T bandwidth
+or
+.B \-T upload bandwidth:download bandwidth
+Enable process priority lowering and bandwidth throttling for *ALL*
+users.
+Pure\-FTPd should have been explicitly compiled with throttling support
+to have these flags work.
+It is possible to have different bandwidth limits for uploads and for
+downloads. '\-t' and '\-T' can indeed be followed by two numbers delimited by
+a column (':'). The first number is the upload bandwidth and the next one
+applies only to downloads. One of them can be left blank which means infinity.
+A single number without any column means that the same limit applies to upload
+and download.
+.TP
+.B \-u uid
+Do not allow uids below \fIuid\fR
+to log in (typically, low\-numbered \fIuid\fRs
+are used for administrative accounts).
+.B "\-u 100"
+is sufficient to deny access to all administrative accounts on many
+linux boxes, where 99 is the last administrative account. Anonymous
+FTP is allowed even if the uid of the ftp user is smaller than
+.IR uid .
+.B "\-u 1"
+denies access only to root accounts. The default is to allow FTP
+access to all accounts.
+.TP
+.B \-U umask files:umask dirs
+Change the mask for creation of new files and directories. The default are 133 (files are
+readable -but not writable- by other users) and 022 (same thing for directory, with the execute bit on).
+If new files should only be readable by the user, use 177:077. If you want uploaded files to be executable,
+use 022:022 (files will be readable by other people) or 077:077 (files will only be
+readable by their owner).
+.TP
+.B \-v bonjour name
+Set the Bonjour name of the service (only available on MacOS X when Bonjour support is compiled in).
+.TP
+.B \-V ip address
+Allow non-anonymous FTP access only on this specific
+local IP address. All other IP addresses are only anonymous. With that
+option, you can have routed IPs for public access, and a local IP (like
+10.x.x.x) for administration. You can also have a routable trusted IP
+protected by firewall rules, and only that IP can be used to login as a
+non-anonymous user.
+.TP
+.B \-w
+Enable support for the FXP protocol, for non\-anonymous users only.
+.TP
+.B \-W
+Enable the FXP protocol for everyone.
+\fIFXP IS AN UNSECURE PROTOCOL. NEVER ENABLE IT ON UNTRUSTED NETWORKS.\fR
+.TP
+.B \-x
+In normal operation mode, authenticated users can read/write files
+beginning with a dot ('.'). Anonymous users can't, for security reasons
+(like changing banners or a forgotten .rhosts). When '\-x' is used,
+authenticated users can download dot\-files, but not overwrite/create them,
+even if they own them. That way, you can prevent hosted users from messing
+\&.qmail files.
+.TP
+.B \-X
+This flag is identical to the previous one (writing dot\-files is
+prohibited), but in addition, users can't even *read* files and directories
+beginning with a dot (like "cd .ssh").
+.TP
+.B \-y per user max sessions:max anonymous sessions
+This switch enables per-user concurrency limits. Two values are separated by a
+column. The first one is the max number of concurrent sessions for a single
+login. The second one is the maximum number of anonoymous sessions.
+.TP
+.B \-Y tls behavior
+\fB\-Y 0\fR
+(default) disables TLS security mechanisms.
+.br
+\fB\-Y 1\fR
+Accept both normal sessions and TLS ones.
+.br
+\fB\-Y 2\fR
+refuses connections that aren't using TLS security mechanisms, including
+anonymous ones.
+.br
+\fB\-Y 3\fR
+refuses connections that aren't using TLS security mechanisms, and refuse
+cleartext data channels as well.
+.br
+The server must have been compiled with TLS support and a valid certificate
+must be in place to accept encrypted sessions.
+.TP
+.B \-z
+Allow anonymous users to read files and directories starting with a dot ('.').
+.TP
+.B \-Z
+Add safe guards against common customer mistakes (like chmod 0 on their own files) .
+
+
+.SH "AUTHENTICATION"
+Some of the complexities of older servers are left out.
+.PP
+This version of pure\-ftpd can use PAM for authentication. If you want it to
+consult any files like /etc/shells or /etc/ftpd/ftpusers consult pam
+docs. LDAP directories and SQL databases are also supported.
+.PP
+Anonymous users are authenticated in any of three ways:
+.PP
+1. The user logs in as "ftp" or "anonymous" and there is an
+account called "ftp" with an existing home directory. This server
+does not ask anonymous users for an email address or other password.
+.PP
+2. The user connects to an IP address which resolves to the name of a
+directory in
+.I @CONFDIR@/pure\-ftpd
+(or a symlink in that directory to a real directory), and there is an
+account called "ftp" (which does not need to have a valid home
+directory). See
+.B Virtual Servers
+below.
+.PP
+.B Ftpd
+does a
+.BR chroot (2)
+to the relevant base directory when an anonymous user logs in.
+.PP
+Note that
+.B ftpd
+allows remote users to log in as root if the password is known and \-u
+not used.
+
+.SH "UNUSUAL FEATURES"
+If a user's home directory is \fB/path/to/home/./\fR, FTP sessions under that UID will be chroot()ed. In addition, if a users's home directory is \fB/path/to/home/./directory\fR the session will be chroot()ed to /path/to/home and the FTP session will start in 'directory'.
+.PP
+As noted above, this
+.B pure\-ftpd
+omits several features that are required by the RFC or might be
+considered useful at first. Here is a list of the most important
+omissions.
+.PP
+On\-the\-fly tar is not supported, for several reasons. I feel that
+users who want to get many files should use a special FTP client such
+as "mirror," which also supports incremental fetch. I don't want to
+either add several hundred lines of code to create tar files or
+execute an external tar. Finally, on\-the\-fly tar distorts log files.
+.PP
+On\-the\-fly compression is left out too. Most files on an FTP site are
+compressed already, and if a file isn't, there presumably is a reason
+why. (As for decompression: Don't FTP users waste bandwidth enough
+without help from on\-the\-fly decompression?)
+
+.SH "DIRECTORY ALIASES"
+Shortcuts for the "cd" command can be set up if the server has been compiled
+with the \-\-with\-diraliases feature.
+.PP
+To enable directory aliases, create a file called
+.I @CONFDIR@/pureftpd\-dir\-aliases
+and alternate lines of alias names and associated directories.
+
+.SH "ANONYMOUS FTP"
+This server leaves out some of the commands and features that have
+been used to subvert anonymous FTP servers in the past, but still you
+have to be a little bit careful in order to support anonymous FTP
+without risk to the rest of your files.
+.PP
+Make
+.I ~ftp
+and all files and directories below this directory owned by some user
+other than "ftp," and only the
+.I .../incoming
+directory/directories writable by "ftp." It is probably best if all
+directories are writable only by a special group such as "ftpadmin"
+and "ftp" is not a member of this group.
+.PP
+If you do not trust the local users, put
+.I ~ftp
+on a separate partition, so local users can't hard\-link unapproved
+files into the anonymous FTP area.
+.PP
+Use of the
+.B \-s
+option is strongly suggested. (Simply add "\-s" to the end of the
+.B ftpd
+line in
+.I /etc/inetd.conf
+to enable it.)
+.PP
+Most other FTP servers require that a number of files such as
+.I ~ftp/bin/ls
+exist. This server does not require that any files or directories
+within
+.I ~/ftp
+whatsoever exist, and I recommend that all such unnecessary files are
+removed (for no real reason).
+.PP
+It may be worth considering to run the anonymous FTP service as a
+virtual server, to get automatic logins and to firewall off the FTP
+address/port to which real users can log in.
+.PP
+If your server is a public FTP site, you may want to allow only 'ftp' and 'anonymous' users to log in. Use the
+.B \-e
+option for this. Real accounts will be ignored and you will get a secure, anonymous\-only FTP server.
+
+.SH "MAGIC FILES"
+The files
+.I <ftproot>/.banner
+and
+.I .message
+are magical.
+.P
+If there is a file called
+.I .banner
+in the root directory of the anonymous FTP area, or in the root
+directory of a virtual host, and it is shorter than 1024 bytes, it is
+printed upon login. (If the client does not log in explicitly, and an
+implicit login is triggered by a CWD or CDUP command, the banner is
+not printed. This is regrettable but hard to avoid.)
+.P
+If there is a file called
+.I .message
+in any directory and it is shorter than 1024 bytes, that file is
+printed whenever a user enters that directory using CWD or CDUP.
+
+.SH "VIRTUAL SERVERS"
+You can run several different anonymous FTP servers on one host, by
+giving the host several IP addresses with different DNS names.
+.PP
+Here are the steps needed to create an extra server using an IP alias
+on linux 2.4.x, called "ftp.example.com" on address 10.11.12.13. on
+the IP alias eth0.
+.PP
+1. Create an "ftp" account if you do not have one. It it best if
+the account does not have a valid home directory and shell. I prefer
+to make
+.I /dev/null
+the ftp account's home directory and shell.
+.B Ftpd
+uses this account to set the anonymous users' uid.
+.PP
+2. Create a directory as described in
+.B Anonymous FTP
+and make a symlink called
+.I @CONFDIR@/pure\-ftpd/10.11.12.13
+which points to this directory.
+.PP
+3. Make sure your kernel has support for IP aliases.
+.PP
+4. Make sure that the following commands are run at boot:
+.PP
+.in +2
+/sbin/ifconfig eth0:1 10.11.12.13
+.PP
+That should be all. If you have problems, here are some things to
+try.
+.PP
+First, symlink
+.I @CONFDIR@/pure\-ftpd/127.0.0.1
+to some directory and say "ftp localhost". If that doesn't log you
+in, the problem is with
+.B ftpd.
+.PP
+If not, "ping \-v 10.11.12.13" and/or "ping \-v ftp.example.com" from the
+same host. If this does not work, the problem is with the IP alias.
+.PP
+Next, try "ping \-v 10.11.12.13" from a host on the local ethernet, and
+afterwards "/sbin/arp \-a". If 10.11.12.13 is listed among the ARP
+entries with the correct hardware address, the problem is probably
+with the IP alias. If 10.11.12.13 is listed, but has hardware address
+0:0:0:0:0:0, then proxy\-ARP isn't working.
+.PP
+If none of that helps, I'm stumped. Good luck.
+.PP
+.B Warning:
+If you setup a virtual hosts, normal users will not be able to login via
+this name, so
+.B don't
+create link/directory in
+.I @CONFDIR@/pure\-ftpd
+for your regular hostname.
+
+.SH "FILES"
+.I /etc/passwd
+is used via libc (and PAM is this case), to get the uid and home
+directory of normal users, the uid and home directory of "ftp" for
+normal anonymous ftp, and just the uid of "ftp" for virtual ftp hosts.
+.PP
+.I /etc/shadow
+is used like
+.I /etc/passwd
+if shadow support is enabled.
+.PP
+.I /etc/group
+is used via libc, to get the group membership of normal users.
+.PP
+.I /proc/net/tcp
+is used to count existing FTP connections, if the
+.B \-c
+or
+.B \-p
+options are used
+.PP
+.I @CONFDIR@/pure\-ftpd/<ip address>
+is the base directory for the <ip address> virtual ftp server, or a
+symbolic link to its base directory.
+.B Ftpd
+does a
+.BR chroot (2)
+into this directory when a user logs in to <ip address>, thus symlinks
+outside this directory will not work.
+.PP
+.I ~ftp
+is the base directory for "normal" anonymous FTP.
+.B Ftpd
+does a
+.BR chroot (2)
+into this directory when an anonymous user logs in, thus symlinks
+outside this directory will not work.
+
+.SH "LS"
+The behaviour of LIST and NLST is a tricky issue. Few servers send
+RFC\-compliant responses to LIST, and some clients depend on
+non\-compliant responses.
+.PP
+This server uses
+.BR glob (3)
+to do filename globbing.
+.PP
+The response to NLST is by default similar to that of
+.BR ls (1),
+and
+that to LIST is by default similar to that of
+.B "ls \-l"
+or
+.B "ls \-lg"
+on most Unix systems, except that the "total" count is meaningless.
+Only regular files, directories and symlinks are shown. Only important
+.B ls
+options are supported:
+.TP
+.B \-1
+Undoes
+.BR \-l " and " \-C .
+.TP
+.B \-a
+lists even files/directories whose names begin with ".".
+.TP
+.B \-C
+lists files in as many colums as will fit on the screen. Undoes
+.BR \-1 " and " \-l .
+.TP
+.B \-d
+lists argument directories' names rather their contents.
+.TP
+.B \-D
+List files beginning with a dot ('.') even when the client doesn't
+append the
+.B \-a
+option to the
+.B list
+command.
+.TP
+.B \-F
+appends '*' to executable regular files, '@' to symlinks and '/' to
+directories.
+.TP
+.B \-l
+shows various details about the file, including file group. See
+.BR ls (1)
+for details. Undoes
+.BR \-1 " and " \-C .
+.TP
+.B \-r
+reverses the sorting order (modifies
+.BR \-S " and " \-t " and the default alphabetical ordering)."
+.TP
+.B \-R
+recursively descends into subdirectories of the argument directories.
+.TP
+.B \-S
+Sorts by file size instead of by name. Undoes
+.BR \-t .
+.TP
+.B \-t
+Sorts by file modification time instead of by name. Undoes
+.BR \-S .
+
+.SH "PROTOCOL"
+Here are the FTP commands supported by this server.
+.br
+.B ABOR
+.B ALLO
+.B APPE
+.B AUTH TLS
+.B CCC
+.B CDUP
+.B CWD
+.B DELE
+.B EPRT
+.B EPSV
+.B ESTA
+.B ESTP
+.B FEAT
+.B HELP
+.B LIST
+.B MDTM
+.B MFMT
+.B MKD
+.B MLSD
+.B MLST
+.B MODE
+.B NLST
+.B NOOP
+.B PASS
+.B PASV
+.B PBSZ
+.B PORT
+.B PROT
+.B PWD
+.B QUIT
+.B REST
+.B RETR
+.B RMD
+.B RNFR
+.B RNTO
+.B SIZE
+.B SPSV
+.B STAT
+.B STOR
+.B STOU
+.B STRU
+.B SYST
+.B TYPE
+.B USER
+.B XCUP
+.B XCWD
+.B XDBG
+.B XMKD
+.B XPWD
+.B XRMD
+.B OPTS MLST
+.B OPTS UTF8
+.B SITE CHMOD
+.B SITE HELP
+.B SITE IDLE
+.B SITE TIME
+.B SITE UTIME
+
+.SH "BUGS"
+Please report bugs to the mailing\-list (see below).
+Pure\-FTPd looks very stable and is used on production servers. However it comes with no warranty and it can have nasty bugs or security flaws.
+
+.SH "HOME PAGE"
+http://www.pureftpd.org/
+.SH "NEW VERSIONS"
+See the mailing\-list on \fBhttp://www.pureftpd.org/ml/\fR.
+
+.SH "AUTHOR AND LICENSE"
+Troll\-FTPd was written by Arnt Gulbrandsen <agulbra@troll.no> and copyright 1995\-2002
+Troll Tech AS, Waldemar Thranes gate 98B, N\-0175 Oslo, Norway, fax +47
+22806380.
+.PP
+Pure\-FTPd is (C)opyleft 2001\-2019 by Frank DENIS <j at pureftpd dot org>.
+.PP
+This software is covered by the BSD license.
+.PP
+Contributors:
+.br
+ Arnt Gulbrandsen,
+ Troll Tech AS,
+ Janos Farkas,
+ August Fullford,
+ Ximenes Zalteca,
+ Patrick Michael Kane,
+ Arkadiusz Miskiewicz,
+ Michael K. Johnson,
+ Kelley Lingerfelt,
+ Sebastian Andersson,
+ Andreas Westin,
+ Jason Lunz,
+ Mathias Gumz,
+ Claudiu Costin,
+ Ping,
+ Paul Lasarev,
+ Jean\-Mathieux Schaffhauser,
+ Emmanuel Hocdet,
+ Sami Koskinen,
+ Sami Farin,
+ Luis Llorente Campo,
+ Peter Pentchev,
+ Darren Casey,
+ The Regents of the University of California,
+ Theo de Raadt (OpenBSD),
+ Matthias Andree,
+ Isak Lyberth,
+ Steve Reid,
+ RSA Data Security Inc,
+ Trilucid,
+ Dmtry Lebkov,
+ Johan Huisman,
+ Thorsten Kukuk,
+ Jan van Veen,
+ Roger Constantin Demetrescu,
+ Stefano F.,
+ Robert Varga,
+ Freeman,
+ James Metcalf,
+ Im Eunjea,
+ Philip Gladstone,
+ Kenneth Stailey,
+ Brad Smith,
+ Ulrik Sartipy, 
+ Cindy Marasco,
+ Nicolas Doye,
+ Thomas Briggs,
+ Stanton Gallegos,
+ Florin Andrei,
+ Chan Wilson,
+ Bjoern Metzdorf,
+ Ben Gertzfield,
+ Akhilesch Mritunjai,
+ Dawid Szymanski,
+ Kurt Inge Smadal,
+ Alex Dupre,
+ Gabriele Vinci,
+ Andrey Ulanov,
+ Fygul Hether,
+ Jeffrey Lim,
+ Ying-Chieh Liao,
+ Johannes Erdfelt,
+ Martin Sarfy,
+ Clive Goodhead,
+ Aristoteles Pagaltzis,
+ Stefan Hornburg,
+ Mehmet Cokcevik,
+ Brynjar Eide,
+ Torgnt Wernersson,
+ Banhalmi Csaba,
+ Volodin D,
+ Oriol Magrané,
+ Jui-Nan Lin,
+ Patrick Gosling,
+ Marc Balmer,
+ Rajat Upadhyaya / Novell,
+ Christian Cier-Zniewski,
+ Wilco Baan Hofman,
+ Clement Chauplannaz.
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389",
+.BR "RFC 2428" " and"
+.BR "RFC 4217" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-ftpwho.8.in

@@ -0,0 +1,87 @@
+.TH "pure-ftpwho" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-ftpwho \- Report current FTP sessions
+.SH "SYNTAX"
+.LP 
+pure\-ftpwho [\fI\-c\fP] [\fI\-h\fP] [\fI\-H\fP] [\fI\-n\fP] [\fI\-p\fP] [\fI\-s\fP] [\fI\-v\fP] [\fI\-w\fP] [\fI\-W\fP] [\fI\-x\fP]
+.SH "DESCRIPTION"
+.LP 
+pure\-ftpwho shows current Pure\-FTPd client sessions.
+Only the system administrator may run this.
+Output can be text (default), HTML, XML data and parser-optimized.
+The server has to be compiled with
+.B \-\-with\-ftpwho
+to support this command.
+.SH "OPTIONS"
+.TP 
+\fB\-c\fR
+the program is called via a web server (CGI interface) . Output is a
+full HTML page with the initial content\-type header. This option is
+automatically enabled if an environment variable called GATEWAY_INTERFACE is
+found. This is the default if you can the program from a CGI\-enabled web
+server.
+.TP 
+\fB\-h\fR
+Output help information and exit.
+.TP 
+\fB\-H\fR
+Don't resolve host names, and only show IP addresses (faster).
+.TP 
+\fB\-n\fR
+A synonym for \-H.
+.TP 
+\fB\-p\fR
+Output Mac OSX / GNUStep plist data.
+.TP 
+\fB\-s\fR
+Output only one line per client, with only numeric data, delimited by a | character.
+It's not very human-readable, but it's designed for easy parsing by shell scripts (cut/sed) .
+\&'|' characters in user names or file names are quoted (\e|) .
+.TP 
+\fB\-v\fR
+Output an ASCII table (just like the default mode), with more info.
+The verbose output includes the local IP, the local port, the total size of
+transferred files and the current number of transferred bytes.
+.TP 
+\fB\-w\fR
+Output a complete HTML page (web mode).
+.TP 
+\fB\-W\fR
+Output an HTML page with no header and no footer. This is an embedded
+mode, suitable for inline calls from CGI, SSI or PHP scripts.
+.TP 
+\fB\-x\fR
+Output well\-formed XML data for post\-processing.
+
+.SH "FILES"
+.LP 
+\fB@LOCALSTATEDIR@/run/pure-ftpd/\fP
+Scoreboard directory. Should always owned by root and on a lockable
+filesystem.
+
+.SH "ENVIRONMENT VARIABLES"
+.TP 
+\fBGATEWAY_INTERFACE\fP
+If found, automatically run in CGI mode and output HTML data.
+
+.SH "AUTHORS"
+.LP 
+Frank DENIS <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2389",
+.BR "RFC 2228" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-mrtginfo.8.in

@@ -0,0 +1,81 @@
+.\" 
+.\" Written by Arnt Gulbrandsen <agulbra@troll.no> and copyright 1995-1999
+.\" Troll Tech AS, Waldemar Thranes gate 98B, N-0175 Oslo, Norway, fax +47
+.\" 22806380.
+.\" Pure-FTPd (C)opyleft 2001-2019 Frank Denis.
+.\" 
+.\" Use, modification and distribution is allowed without limitation,
+.\" warranty, or liability of any kind.
+.\" 
+.\" 
+.TH "pure-mrtginfo" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+pure-mrtginfo \- provide an MRTG\-graphable user count for ftpd
+
+.SH "SYNOPSIS"
+\fBpure-mrtginfo [server port]\fR
+
+.SH "DESCRIPTION"
+.B Pure-Mrtginfo
+counts the number of clients currently connected to
+.BR ftpd (8)
+and output the format in a format graphable by MRTG.
+
+.SH "OPTIONS"
+\fBserver port\fR: defaults to 21.
+
+.SH "FILES"
+.TP 
+.I /proc/net/tcp
+is used to count the connectiont to port 21.
+.TP 
+.I /proc/sys/kernel/hostname
+is used to get the fully qualified hostname.
+.TP 
+.I /proc/uptime
+is used to get the uptime.
+
+.SH "MRTG"
+MRTG is a really nice package for graphing router traffic.  Mrtg can
+also graph other information is available via SNMP or by running a
+program such as
+.BR pure-mrtginfo .
+The author of this program uses it to graph CPU load, /var usage etc.,
+and naturally the number of users connected to his FTP servers.  See
+.nf
+http://oss.oetiker.ch/mrtg/
+.fi 
+for more information about MRTG.
+
+.SH "BUGS"
+This program only works on GNU/Linux systems yet.
+
+.SH "HOME PAGE"
+http://www.pureftpd.org/
+
+.SH "AUTHOR AND LICENSE"
+Written by Arnt Gulbrandsen <agulbra@troll.no> and copyright 1995\-2002
+Troll Tech AS, Waldemar Thranes gate 98B, N\-0175 Oslo, Norway, fax +47
+22806380.
+.PP 
+Pure\-FTPd (C)opyleft 2001\-2019 by Frank DENIS <j at pureftpd dot org>.
+.PP 
+Use, modification and distribution is allowed without limitation,
+warranty, or liability of any kind.
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-pw.8.in

@@ -0,0 +1,86 @@
+.TH "pure-pw" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-pw \- Manage virtual users files for Pure\-FTPd
+.SH "SYNTAX"
+.LP 
+pure\-pw useradd login [\-f passwd_file] [\-F puredb_file] \-u uid [\-g gid]
+                \-D/\-d home_directory [\-c gecos]
+                [\-t download_bandwidth] [\-T upload_bandwidth]
+                [\-n max number_of_files] [\-N max_Mbytes]
+                [\-q upload_ratio] [\-Q download_ratio]
+                [\-r <allow client host>/<mask>[,<ip>/<mask>]...] [\-R <deny client host>/<mask>[,<ip>/<mask>]...]
+                [\-i <allow local host>/<mask>[,<ip>/<mask>]...] [\-I <deny local host>/<mask>[,<ip>/<mask>]...]
+                [\-y <max number of concurrent sessions>]
+                [\-z <hhmm>\-<hhmm>] [\-m]
+.br 
+pure\-pw usermod login [\-f passwd_file] [\-F puredb_file] [\-u uid] [\-g gid]
+                \-D/\-d home_directory \-[c gecos]
+                [\-t download_bandwidth] [\-T upload_bandwidth]
+                [\-n max_number_of_files] [\-N max_Mbytes]
+                [\-q upload_ratio] [\-Q download_ratio]
+                [\-r <allow client host>/<mask>[,<ip>/<mask>]...] [\-R <deny client host>/<mask>[,<ip>/<mask>]...]
+                [\-i <allow local host>/<mask>[,<ip>/<mask>]...] [\-I <deny local host>/<mask>[,<ip>/<mask>]...]
+                [\-y <max number of concurrent sessions>]
+                [\-z <hhmm>\-<hhmm>] [\-m]
+.br 
+pure\-pw userdel login [\-f passwd_file] [\-F puredb_file] [\-m]
+.br 
+pure\-pw passwd  login [\-f passwd_file] [\-F puredb_file] [\-m]
+.br 
+pure\-pw show    login [\-f passwd_file] [\-m]
+.br 
+pure\-pw mkdb    [<puredb_database_file> [\-f passwd_file]] [\-F puredb_file] 
+.br 
+pure\-pw list    [\-f passwd_file]
+.SH "DESCRIPTION"
+.LP 
+Virtual users is a simple mechanism to store a list of users, with their
+password, name, uid, directory, etc. It's just like /etc/passwd. But it's
+not /etc/passwd. It's a different file, only for FTP.
+.br 
+It means that you can easily create FTP\-only accounts without messing your
+system accounts.
+.br 
+Additionnaly, virtual users files can store individual quotas, ratios,
+bandwidth, etc. System accounts can't do this.
+.br 
+Thousands of virtual users can share the same system user, as long as they
+all are chrooted, and they have their own home directory.
+.SH "FILES"
+.LP 
+\fI@CONFDIR@/pureftpd.passwd\fP
+.br
+\fI@CONFDIR@/pureftpd.pdb\fP 
+.SH "ENVIRONMENT VARIABLES"
+.LP 
+\fIPURE_PASSWDFILE\fP
+If this variable is defined, this is the default value for the text password
+file. Without this variable, @CONFDIR@/pureftpd.passwd is assumed.
+.br
+\fIPURE_DBFILE\fP 
+If this variable is defined, this is the default value for the PureDB password
+file. Without this variable, @CONFDIR@/pureftpd.pdb is assumed.
+.SH "EXAMPLES"
+.LP 
+Please read http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual\-Users
+.SH "AUTHORS"
+.LP 
+Frank DENIS <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-pwconvert.8.in

@@ -0,0 +1,39 @@
+.TH "pure-pwconvert" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-pwconvert \- Generate a virtual users file from system accounts
+.SH "SYNTAX"
+.LP 
+pure\-pwconvert
+.SH "DESCRIPTION"
+.LP 
+This program scans system accounts (\fB/etc/passwd\fR) and outputs a FTP virtual users list, suitable to the \fBpure\-pw\fR command.
+.SH "FILES"
+.LP
+\fI/etc/passwd\fP
+.br
+\fI/etc/shadow\fP
+.br
+\fI/etc/master.passwd\fP
+.br
+
+.SH "AUTHORS"
+.LP
+Frank Denis <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-quotacheck.8.in

@@ -0,0 +1,69 @@
+.TH "pure-quotacheck" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-quotacheck \- Update virtual quota files for Pure\-FTPd
+.SH "SYNTAX"
+.LP
+pure\-quotacheck \fI\-u username/gid\fP \fI\-d home directory\fP [\fI\-g group/gid\fP]
+.SH "DESCRIPTION"
+.LP
+pure\-quotacheck create a \fB.ftpquota\fR file in the specified directory.
+.br
+This file contains the current file and size of the directory, and it is used by Pure\-FTPd when virtual quotas are enabled.
+.br
+It's recommended to periodically run pure\-quotacheck for every user, in crontabs.
+.SH "OPTIONS"
+.TP
+\fB\-d\fR <\fIdirectory\fP>
+Scans the specified <\fIdirectory\fP>.
+.TP
+\fB\-g\fR <\fIgroup or gid\fP>
+Sets the group files will be scanned as. This is optional: if a user name is passed to \fB\-u</fR>, group are automatically retrieved.
+.TP
+\fB\-u\fR <\fIuser or uid\fP>
+Set the user name files will be scanned as. This is mandatory, and it can't be "root".
+.TP
+\fB\-h\fR
+Output usage information and exit.
+.SH "FILES"
+.LP
+\fI.ftpquota\fP
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-quotacheck \-u john \-d /home/john
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+.SH "SECURITY"
+pure\-quotacheck switches real and effective uids/gids as soon as possible. Root privileges are never given back.
+.br
+pure\-quotacheck refuses to scan directories with uid = 0 (root) or gid = 0 (wheel/root) .
+.br
+pure\-quotacheck performs a chroot() call to the home directory. It never traverses parent directories.
+.br
+pure\-quotacheck only scans real files (no socket, no pipe, etc) .
+.br
+pure\-quotacheck enforces read access on directories to prevent against people doing chmod 0 before a quota scan.
+.br
+pure\-quotacheck enforces write access on the home directory to properly write the .ftpquota file.
+.br
+pure\-quotacheck never scans the same inode/device pair twice.
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959",
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-statsdecode.8.in

@@ -0,0 +1,50 @@
+.TH "pure-statsdecode" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-statsdecode \- Show human\-readable dates from a "stats" logfile
+.SH "SYNTAX"
+.LP
+pure\-statsdecode \fIfilename\fP
+.br
+pure\-statsdecode \fI\-\fP
+.SH "DESCRIPTION"
+.LP
+This program decodes Pure\-FTPd's "stats" log files and converts timestamps into human\-readable dates.
+
+.SH "OPTIONS"
+.TP
+\fB\-\fR
+means to read the standard input.
+.TP
+\fBfilename\fR
+is a log file produced with pure\-ftpd \-O ftpstats:/path/to/logfile
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-statsdecode /var/log/pureftpd.log > /tmp/pureftpd.humanlog
+.LP
+Alternativly you can run it as:
+.LP
+cat /var/log/pureftpd.log | pure\-statsdecode \- | gzip \-\-best > /tmp/pureftpd.humanlog.gz
+
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/man/pure-uploadscript.8.in

@@ -0,0 +1,102 @@
+.TH "pure-uploadscript" "8" "@VERSION@" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-uploadscript \- Automatically run an external program after a successful upload
+.SH "SYNTAX"
+.LP 
+pure\-uploadscript [\fI\-p\fP <\fI/path/to/pidfile\fP>] [\fI\-B\fP] [\fI\-g\fP <\fIgid\fP>] [\fI\-h\fP] \fI\-r\fP <\fIprogram to run\fP> [\fI\-u\fP <\fIuid\fP>]
+.SH "DESCRIPTION"
+.LP 
+If Pure\-FTPd is compiled with \fB\-\-with\-uploadscript\fR (default in binary distributions), and if the \fB\-o\fR (or \fB\-\-uploadscript\fR) is passed to the server, a named pipe called \fB@LOCALSTATEDIR@/run/pure\-ftpd.upload.pipe\fR is created. You will also notice an important file called \fB@LOCALSTATEDIR@/run/pure\-ftpd.upload.lock\fR, used for locking.
+.br
+After a successful upload, the file name is written to the pipe.
+.br
+\fBpure\-uploadscript\fR reads this pipe to automatically run any program or script to process the newly uploaded file.
+.SH "OPTIONS"
+.TP
+\fB\-B\fR
+Daemonize the process and fork it in background.
+.TP
+\fB\-g\fR <\fIgid\fP>
+Switch the group ID to <\fIgid\fP>.
+.TP
+\fB\-h\fR or \fB\-\-help\fR
+Display available options.
+.TP
+\fB\-r\fR <\fIprogram to run\fP>
+Tell what program/script to run. It has to be \fIan absolute filename\fR, the \fBPATH\fR environment variable is ignored.
+The first argument of that program will be the \fIunquoted\fR name of the newly uploaded file.
+Environment variables aren't cleared. So don't put sensitive data in them before calling pure\-uploadscript if you switch uid.
+.TP
+\fB\-u\fR <\fIuid\fP>
+Switch the user ID to <\fIuid\fP>.
+.SH "ENVIRONMENT"
+.LP
+When the upload script is run, the name of the newly uploaded file is the
+first argument passed to the script (referenced as $1 by most shells) . Some
+environment variables are also filled by useful info about the file.
+\fB\UPLOAD_SIZE\fR
+The size of the file, in bytes.
+\fB\UPLOAD_PERMS\fR
+The permissions, as an octal integer.
+\fB\UPLOAD_UID\fR
+The numerical UID of the owner.
+\fB\UPLOAD_GID\fR
+The numerical GID of the owner.
+\fB\UPLOAD_USER\fR
+The login of the owner.
+\fB\UPLOAD_GROUP\fR
+The group name the files belongs to.
+\fB\UPLOAD_VUSER\fR
+The full user name, or the virtual user name (127 chars max) .
+.SH "FILES"
+.LP 
+\fI@LOCALSTATEDIR@/run/pure\-ftpd.upload.pipe\fP 
+\fI@LOCALSTATEDIR@/run/pure\-ftpd.upload.lock\fP 
+\fI@LOCALSTATEDIR@/run/pure\-uploadscript.pid\fP 
+.SH "SECURITY"
+.LP 
+\fBpure\-ftpd\fR and \fBpure\-uploadscript\fR are trying to limit security implications of such a feature.
+.TP 
+\- The pipe can only be created and opened by root. It must have perms 600, with uid 0, or it will be ignored.
+.TP 
+\- The argument passed to an external program/script is always an exact absolute path name. It doesn't get fooled by \fBchroot()\fRed environments, and by absolute or relative paths added to the STOR command.
+.TP 
+\- UID and GID are set just after parsing command\-line options, and \fBpure\-uploadscript\fR never gets back supervisor privileges.
+.TP 
+\- Descriptors to the pipe are never passed to external programs/scripts. So when UID switched, the target user can't mess the pipe.
+.TP 
+\- Only regular files are processed, control characters are rejected, and a header+footer avoid partial file names.
+.TP 
+\- Two external programs/scripts can't run at the same time. Uploads are always processed sequentially, in chronological order. This is to avoid denial\-of\-services by issuing a lot of simultaneous STOR commands in order to launch a fork bomb on the server. For this reason, your programs shouldn't take a long time to complete (but they can run themselves in background) .
+.SH "EXAMPLES"
+.LP 
+A sample script could be:
+.LP 
+#! /bin/sh
+.br 
+echo "$1 uploaded" | /usr/bin/mutt \-s "New upload: $1" \\
+ftpadmin@dom.ai.n
+.LP 
+Never forget to quote (\fB"variable"\fR) all variables in all your shell scripts to avoid security flaws.
+
+.SH "AUTHORS"
+.LP 
+Frank DENIS <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/pam/Makefile.am

@@ -0,0 +1,4 @@
+EXTRA_DIST = \
+	ftpusers \
+	pure-ftpd \
+	README

EVSE/GPL/pure-ftpd-1.0.49/pam/README

@@ -0,0 +1,8 @@
+'pure-ftpd' is a sample PAM configuration file, to be copied in your
+'/etc/pam.d/' directory, or if you don't have one, at the end of your
+/etc/pam.conf file.
+
+'ftpusers' is a list of users that aren't allowed to log in. Copy that file to
+'/etc/ftpusers'.
+
+To enable PAM, don't forget to configure with --with-pam.

EVSE/GPL/pure-ftpd-1.0.49/pam/ftpusers

@@ -0,0 +1,56 @@
+_fingerd
+_identd
+_portmap
+_rstatd
+_rusersd
+_x11
+adm
+alias
+apache
+at
+backup
+bin
+cron
+daemon
+games
+gdm
+gopher
+guest
+halt
+httpd
+irc
+list
+lp
+mail
+majordom
+majordomo
+man
+msql
+mysql
+named
+news
+nntp
+nobody
+operator
+popa3d
+postfix
+postgres
+postmaster
+proxy
+qmaild
+qmaill
+qmailp
+qmailq
+qmailr
+qmails
+root
+rsync
+shutdown
+smmsp
+squid
+sshd
+sync
+sys
+uucp
+www
+www-data

EVSE/GPL/pure-ftpd-1.0.49/pam/pure-ftpd

@@ -0,0 +1,15 @@
+#%PAM-1.0
+
+# Sample PAM configuration file for Pure-FTPd.
+# Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf
+
+auth       required     pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       required     pam_shells.so
+auth       required     pam_nologin.so
+
+account    required     pam_stack.so service=system-auth
+
+password   required     pam_stack.so service=system-auth
+
+session    required     pam_stack.so service=system-auth
+

EVSE/GPL/pure-ftpd-1.0.49/pure-ftpd.conf

@@ -0,0 +1,459 @@
+
+############################################################
+#                                                          #
+#             Configuration file for pure-ftpd             #
+#                                                          #
+############################################################
+
+# If you want to run Pure-FTPd with this configuration
+# instead of command-line options, please run the
+# following command :
+#
+# ${exec_prefix}/sbin/sbin/pure-ftpd /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure-ftpd.conf
+#
+# Online documentation:
+# https://www.pureftpd.org/project/pure-ftpd/doc
+
+
+# Restrict users to their home directory
+
+ChrootEveryone               yes
+
+
+
+# If the previous option is set to "no", members of the following group
+# won't be restricted. Others will be. If you don't want chroot()ing anyone,
+# just comment out ChrootEveryone and TrustedGID.
+
+# TrustedGID                   100
+
+
+
+# Turn on compatibility hacks for broken clients
+
+BrokenClientsCompatibility   no
+
+
+
+# Maximum number of simultaneous users
+
+MaxClientsNumber             50
+
+
+
+# Run as a background process
+
+Daemonize                    yes
+
+
+
+# Maximum number of simultaneous clients with the same IP address
+
+MaxClientsPerIP              8
+
+
+
+# If you want to log all client commands, set this to "yes".
+# This directive can be specified twice to also log server responses.
+
+VerboseLog                   no
+
+
+
+# List dot-files even when the client doesn't send "-a".
+
+DisplayDotFiles              yes
+
+
+
+# Disallow authenticated users - Act only as a public FTP server.
+
+AnonymousOnly                no
+
+
+
+# Disallow anonymous connections. Only accept authenticated users.
+
+NoAnonymous                  no
+
+
+
+# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
+# The default facility is "ftp". "none" disables logging.
+
+SyslogFacility               ftp
+
+
+
+# Display fortune cookies
+
+# FortunesFile                 /usr/share/fortune/zippy
+
+
+
+# Don't resolve host names in log files. Recommended unless you trust
+# reverse host names, and don't care about DNS resolution being possibly slow.
+
+DontResolve                  yes
+
+
+
+# Maximum idle time in minutes (default = 15 minutes)
+
+MaxIdleTime                  15
+
+
+
+# LDAP configuration file (see README.LDAP)
+
+# LDAPConfigFile               /etc/pureftpd-ldap.conf
+
+
+
+# MySQL configuration file (see README.MySQL)
+
+# MySQLConfigFile              /etc/pureftpd-mysql.conf
+
+
+# PostgreSQL configuration file (see README.PGSQL)
+
+# PGSQLConfigFile              /etc/pureftpd-pgsql.conf
+
+
+# PureDB user database (see README.Virtual-Users)
+
+# PureDB                       /etc/pureftpd.pdb
+
+
+# Path to pure-authd socket (see README.Authentication-Modules)
+
+# ExtAuth                      /var/run/ftpd.sock
+
+
+
+# If you want to enable PAM authentication, uncomment the following line
+
+# PAMAuthentication            yes
+
+
+
+# If you want simple Unix (/etc/passwd) authentication, uncomment this
+
+# UnixAuthentication           yes
+
+
+
+# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
+# UnixAuthentication can be used specified once, but can be combined
+# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
+# the SQL server will be used first. If the SQL authentication fails because the
+# user wasn't found, a new attempt will be done using system authentication.
+# If the SQL authentication fails because the password didn't match, the
+# authentication chain stops here. Authentication methods are chained in
+# the order they are given.
+
+
+
+# 'ls' recursion limits. The first argument is the maximum number of
+# files to be displayed. The second one is the max subdirectories depth.
+
+LimitRecursion               10000 8
+
+
+
+# Are anonymous users allowed to create new directories?
+
+AnonymousCanCreateDirs       no
+
+
+
+# If the system load is greater than the given value, anonymous users
+# aren't allowed to download.
+
+MaxLoad                      4
+
+
+
+# Port range for passive connections - keep it as broad as possible.
+
+# PassivePortRange             30000 50000
+
+
+
+# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
+# Symbolic host names are also accepted for gateways with dynamic IP
+# addresses.
+
+# ForcePassiveIP               192.168.0.1
+
+
+
+# Upload/download ratio for anonymous users.
+
+# AnonymousRatio               1 10
+
+
+
+# Upload/download ratio for all users.
+# This directive supersedes the previous one.
+
+# UserRatio                    1 10
+
+
+
+# Disallow downloads of files owned by the "ftp" system user;
+# files that were uploaded but not validated by a local admin.
+
+AntiWarez                    yes
+
+
+
+# IP address/port to listen to (default=all IP addresses, port 21).
+
+# Bind                         127.0.0.1,21
+
+
+
+# Maximum bandwidth for anonymous users in KB/s
+
+# AnonymousBandwidth           8
+
+
+
+# Maximum bandwidth for *all* users (including anonymous) in KB/s
+# Use AnonymousBandwidth *or* UserBandwidth, not both.
+
+# UserBandwidth                8
+
+
+
+# File creation mask. <umask for files>:<umask for dirs> .
+# 177:077 if you feel paranoid.
+
+Umask                        133:022
+
+
+
+# Minimum UID for an authenticated user to log in.
+# For example, a value of 100 prevents all users whose user id is below
+# 100 from logging in. If you want "root" to be able to log in, use 0.
+
+MinUID                       100
+
+
+
+# Allow FXP transfers for authenticated users.
+
+AllowUserFXP                 no
+
+
+
+# Allow anonymous FXP for anonymous and non-anonymous users.
+
+AllowAnonymousFXP            no
+
+
+
+# Users can't delete/write files starting with a dot ('.')
+# even if they own them. But if TrustedGID is enabled, that group
+# will exceptionally have access to dot-files.
+
+ProhibitDotFilesWrite        no
+
+
+
+# Prohibit *reading* of files starting with a dot (.history, .ssh...)
+
+ProhibitDotFilesRead         no
+
+
+
+# Don't overwrite files. When a file whose name already exist is uploaded,
+# it gets automatically renamed to file.1, file.2, file.3, ...
+
+AutoRename                   no
+
+
+
+# Prevent anonymous users from uploading new files (no = upload is allowed)
+
+AnonymousCantUpload          no
+
+
+
+# Only connections to this specific IP address are allowed to be
+# non-anonymous. You can use this directive to open several public IPs for
+# anonymous FTP, and keep a private firewalled IP for remote administration.
+# You can also only allow a non-routable local IP (such as 10.x.x.x) for
+# authenticated users, and run a public anon-only FTP server on another IP.
+
+# TrustedIP                    10.1.1.1
+
+
+
+# To add the PID to log entries, uncomment the following line.
+
+# LogPID                       yes
+
+
+
+# Create an additional log file with transfers logged in a Apache-like format :
+# fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
+# This log file can then be processed by common HTTP traffic analyzers.
+
+# AltLog                       clf:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in a format optimized
+# for statistic reports.
+
+# AltLog                       stats:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in the standard W3C
+# format (compatible with many HTTP log analyzers)
+
+# AltLog                       w3c:/var/log/pureftpd.log
+
+
+
+# Disallow the CHMOD command. Users cannot change perms of their own files.
+
+# NoChmod                      yes
+
+
+
+# Allow users to resume/upload files, but *NOT* to delete them.
+
+# KeepAllFiles                 yes
+
+
+
+# Automatically create home directories if they are missing
+
+# CreateHomeDir                yes
+
+
+
+# Enable virtual quotas. The first value is the max number of files.
+# The second value is the maximum size, in megabytes.
+# So 1000:10 limits every user to 1000 files and 10 MB.
+
+# Quota                        1000:10
+
+
+
+# If your pure-ftpd has been compiled with standalone support, you can change
+# the location of the pid file. The default is /var/run/pure-ftpd.pid
+
+# PIDFile                      /var/run/pure-ftpd.pid
+
+
+
+# If your pure-ftpd has been compiled with pure-uploadscript support,
+# this will make pure-ftpd write info about new uploads to
+# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
+# spawn a script to handle the upload.
+# Don't enable this option if you don't actually use pure-uploadscript.
+
+# CallUploadScript             yes
+
+
+
+# This option is useful on servers where anonymous upload is
+# allowed. When the partition is more that percententage full,
+# new uploads are disallowed.
+
+MaxDiskUsage                   99
+
+
+
+# Set to 'yes' to prevent users from renaming files.
+
+# NoRename                     yes
+
+
+
+# Be 'customer proof': forbids common customer mistakes such as
+# 'chmod 0 public_html', that are valid, but can cause customers to
+# unintentionally shoot themselves in the foot.
+
+CustomerProof                yes
+
+
+
+# Per-user concurrency limits. Will only work if the FTP server has
+# been compiled with --with-peruserlimits.
+# Format is: <max sessions per user>:<max anonymous sessions>
+# For example, 3:20 means that an authenticated user can have up to 3 active
+# sessions, and that up to 20 anonymous sessions are allowed.
+
+# PerUserLimits                3:20
+
+
+
+# When a file is uploaded and there was already a previous version of the file
+# with the same name, the old file will neither get removed nor truncated.
+# The file will be stored under a temporary name and once the upload is
+# complete, it will be atomically renamed. For example, when a large PHP
+# script is being uploaded, the web server will keep serving the old version and
+# later switch to the new one as soon as the full file will have been
+# transferred. This option is incompatible with virtual quotas.
+
+# NoTruncate                   yes
+
+
+
+# This option accepts three values:
+# 0: disable SSL/TLS encryption layer (default).
+# 1: accept both cleartext and encrypted sessions.
+# 2: refuse connections that don't use the TLS security mechanism,
+#    including anonymous sessions.
+# Do _not_ uncomment this blindly. Double check that:
+# 1) The server has been compiled with TLS support (--with-tls),
+# 2) A valid certificate is in place,
+# 3) Only compatible clients will log in.
+
+# TLS                          1
+
+
+# Cipher suite for TLS sessions.
+# The default suite is secure and setting this property is usually
+# only required to *lower* the security to cope with legacy clients.
+# Prefix with -C: in order to require valid client certificates.
+# If -C: is used, make sure that clients' public keys are present on
+# the server.
+
+# TLSCipherSuite               HIGH
+
+
+
+# Certificate file, for TLS
+# The certificate itself and the keys can be bundled into the same
+# file or split into two files.
+# CertFile is for a cert+key bundle, CertFileAndKey for separate files.
+# Use only one of these.
+
+# CertFile                     /etc/ssl/private/pure-ftpd.pem
+# CertFileAndKey               "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"
+
+
+
+# Unix socket of the external certificate handler, for TLS
+
+# ExtCert                      /var/run/ftpd-certs.sock
+
+
+# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV4Only                     yes
+
+
+
+# Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV6Only                     yes

EVSE/GPL/pure-ftpd-1.0.49/pure-ftpd.conf.in

@@ -0,0 +1,459 @@
+
+############################################################
+#                                                          #
+#             Configuration file for pure-ftpd             #
+#                                                          #
+############################################################
+
+# If you want to run Pure-FTPd with this configuration
+# instead of command-line options, please run the
+# following command :
+#
+# @sbindir@/sbin/pure-ftpd @sysconfdir@/pure-ftpd.conf
+#
+# Online documentation:
+# https://www.pureftpd.org/project/pure-ftpd/doc
+
+
+# Restrict users to their home directory
+
+ChrootEveryone               yes
+
+
+
+# If the previous option is set to "no", members of the following group
+# won't be restricted. Others will be. If you don't want chroot()ing anyone,
+# just comment out ChrootEveryone and TrustedGID.
+
+# TrustedGID                   100
+
+
+
+# Turn on compatibility hacks for broken clients
+
+BrokenClientsCompatibility   no
+
+
+
+# Maximum number of simultaneous users
+
+MaxClientsNumber             50
+
+
+
+# Run as a background process
+
+Daemonize                    yes
+
+
+
+# Maximum number of simultaneous clients with the same IP address
+
+MaxClientsPerIP              8
+
+
+
+# If you want to log all client commands, set this to "yes".
+# This directive can be specified twice to also log server responses.
+
+VerboseLog                   no
+
+
+
+# List dot-files even when the client doesn't send "-a".
+
+DisplayDotFiles              yes
+
+
+
+# Disallow authenticated users - Act only as a public FTP server.
+
+AnonymousOnly                no
+
+
+
+# Disallow anonymous connections. Only accept authenticated users.
+
+NoAnonymous                  no
+
+
+
+# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
+# The default facility is "ftp". "none" disables logging.
+
+SyslogFacility               ftp
+
+
+
+# Display fortune cookies
+
+# FortunesFile                 /usr/share/fortune/zippy
+
+
+
+# Don't resolve host names in log files. Recommended unless you trust
+# reverse host names, and don't care about DNS resolution being possibly slow.
+
+DontResolve                  yes
+
+
+
+# Maximum idle time in minutes (default = 15 minutes)
+
+MaxIdleTime                  15
+
+
+
+# LDAP configuration file (see README.LDAP)
+
+# LDAPConfigFile               /etc/pureftpd-ldap.conf
+
+
+
+# MySQL configuration file (see README.MySQL)
+
+# MySQLConfigFile              /etc/pureftpd-mysql.conf
+
+
+# PostgreSQL configuration file (see README.PGSQL)
+
+# PGSQLConfigFile              /etc/pureftpd-pgsql.conf
+
+
+# PureDB user database (see README.Virtual-Users)
+
+# PureDB                       /etc/pureftpd.pdb
+
+
+# Path to pure-authd socket (see README.Authentication-Modules)
+
+# ExtAuth                      /var/run/ftpd.sock
+
+
+
+# If you want to enable PAM authentication, uncomment the following line
+
+# PAMAuthentication            yes
+
+
+
+# If you want simple Unix (/etc/passwd) authentication, uncomment this
+
+# UnixAuthentication           yes
+
+
+
+# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
+# UnixAuthentication can be used specified once, but can be combined
+# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
+# the SQL server will be used first. If the SQL authentication fails because the
+# user wasn't found, a new attempt will be done using system authentication.
+# If the SQL authentication fails because the password didn't match, the
+# authentication chain stops here. Authentication methods are chained in
+# the order they are given.
+
+
+
+# 'ls' recursion limits. The first argument is the maximum number of
+# files to be displayed. The second one is the max subdirectories depth.
+
+LimitRecursion               10000 8
+
+
+
+# Are anonymous users allowed to create new directories?
+
+AnonymousCanCreateDirs       no
+
+
+
+# If the system load is greater than the given value, anonymous users
+# aren't allowed to download.
+
+MaxLoad                      4
+
+
+
+# Port range for passive connections - keep it as broad as possible.
+
+# PassivePortRange             30000 50000
+
+
+
+# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
+# Symbolic host names are also accepted for gateways with dynamic IP
+# addresses.
+
+# ForcePassiveIP               192.168.0.1
+
+
+
+# Upload/download ratio for anonymous users.
+
+# AnonymousRatio               1 10
+
+
+
+# Upload/download ratio for all users.
+# This directive supersedes the previous one.
+
+# UserRatio                    1 10
+
+
+
+# Disallow downloads of files owned by the "ftp" system user;
+# files that were uploaded but not validated by a local admin.
+
+AntiWarez                    yes
+
+
+
+# IP address/port to listen to (default=all IP addresses, port 21).
+
+# Bind                         127.0.0.1,21
+
+
+
+# Maximum bandwidth for anonymous users in KB/s
+
+# AnonymousBandwidth           8
+
+
+
+# Maximum bandwidth for *all* users (including anonymous) in KB/s
+# Use AnonymousBandwidth *or* UserBandwidth, not both.
+
+# UserBandwidth                8
+
+
+
+# File creation mask. <umask for files>:<umask for dirs> .
+# 177:077 if you feel paranoid.
+
+Umask                        133:022
+
+
+
+# Minimum UID for an authenticated user to log in.
+# For example, a value of 100 prevents all users whose user id is below
+# 100 from logging in. If you want "root" to be able to log in, use 0.
+
+MinUID                       100
+
+
+
+# Allow FXP transfers for authenticated users.
+
+AllowUserFXP                 no
+
+
+
+# Allow anonymous FXP for anonymous and non-anonymous users.
+
+AllowAnonymousFXP            no
+
+
+
+# Users can't delete/write files starting with a dot ('.')
+# even if they own them. But if TrustedGID is enabled, that group
+# will exceptionally have access to dot-files.
+
+ProhibitDotFilesWrite        no
+
+
+
+# Prohibit *reading* of files starting with a dot (.history, .ssh...)
+
+ProhibitDotFilesRead         no
+
+
+
+# Don't overwrite files. When a file whose name already exist is uploaded,
+# it gets automatically renamed to file.1, file.2, file.3, ...
+
+AutoRename                   no
+
+
+
+# Prevent anonymous users from uploading new files (no = upload is allowed)
+
+AnonymousCantUpload          no
+
+
+
+# Only connections to this specific IP address are allowed to be
+# non-anonymous. You can use this directive to open several public IPs for
+# anonymous FTP, and keep a private firewalled IP for remote administration.
+# You can also only allow a non-routable local IP (such as 10.x.x.x) for
+# authenticated users, and run a public anon-only FTP server on another IP.
+
+# TrustedIP                    10.1.1.1
+
+
+
+# To add the PID to log entries, uncomment the following line.
+
+# LogPID                       yes
+
+
+
+# Create an additional log file with transfers logged in a Apache-like format :
+# fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
+# This log file can then be processed by common HTTP traffic analyzers.
+
+# AltLog                       clf:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in a format optimized
+# for statistic reports.
+
+# AltLog                       stats:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in the standard W3C
+# format (compatible with many HTTP log analyzers)
+
+# AltLog                       w3c:/var/log/pureftpd.log
+
+
+
+# Disallow the CHMOD command. Users cannot change perms of their own files.
+
+# NoChmod                      yes
+
+
+
+# Allow users to resume/upload files, but *NOT* to delete them.
+
+# KeepAllFiles                 yes
+
+
+
+# Automatically create home directories if they are missing
+
+# CreateHomeDir                yes
+
+
+
+# Enable virtual quotas. The first value is the max number of files.
+# The second value is the maximum size, in megabytes.
+# So 1000:10 limits every user to 1000 files and 10 MB.
+
+# Quota                        1000:10
+
+
+
+# If your pure-ftpd has been compiled with standalone support, you can change
+# the location of the pid file. The default is /var/run/pure-ftpd.pid
+
+# PIDFile                      /var/run/pure-ftpd.pid
+
+
+
+# If your pure-ftpd has been compiled with pure-uploadscript support,
+# this will make pure-ftpd write info about new uploads to
+# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
+# spawn a script to handle the upload.
+# Don't enable this option if you don't actually use pure-uploadscript.
+
+# CallUploadScript             yes
+
+
+
+# This option is useful on servers where anonymous upload is
+# allowed. When the partition is more that percententage full,
+# new uploads are disallowed.
+
+MaxDiskUsage                   99
+
+
+
+# Set to 'yes' to prevent users from renaming files.
+
+# NoRename                     yes
+
+
+
+# Be 'customer proof': forbids common customer mistakes such as
+# 'chmod 0 public_html', that are valid, but can cause customers to
+# unintentionally shoot themselves in the foot.
+
+CustomerProof                yes
+
+
+
+# Per-user concurrency limits. Will only work if the FTP server has
+# been compiled with --with-peruserlimits.
+# Format is: <max sessions per user>:<max anonymous sessions>
+# For example, 3:20 means that an authenticated user can have up to 3 active
+# sessions, and that up to 20 anonymous sessions are allowed.
+
+# PerUserLimits                3:20
+
+
+
+# When a file is uploaded and there was already a previous version of the file
+# with the same name, the old file will neither get removed nor truncated.
+# The file will be stored under a temporary name and once the upload is
+# complete, it will be atomically renamed. For example, when a large PHP
+# script is being uploaded, the web server will keep serving the old version and
+# later switch to the new one as soon as the full file will have been
+# transferred. This option is incompatible with virtual quotas.
+
+# NoTruncate                   yes
+
+
+
+# This option accepts three values:
+# 0: disable SSL/TLS encryption layer (default).
+# 1: accept both cleartext and encrypted sessions.
+# 2: refuse connections that don't use the TLS security mechanism,
+#    including anonymous sessions.
+# Do _not_ uncomment this blindly. Double check that:
+# 1) The server has been compiled with TLS support (--with-tls),
+# 2) A valid certificate is in place,
+# 3) Only compatible clients will log in.
+
+# TLS                          1
+
+
+# Cipher suite for TLS sessions.
+# The default suite is secure and setting this property is usually
+# only required to *lower* the security to cope with legacy clients.
+# Prefix with -C: in order to require valid client certificates.
+# If -C: is used, make sure that clients' public keys are present on
+# the server.
+
+# TLSCipherSuite               HIGH
+
+
+
+# Certificate file, for TLS
+# The certificate itself and the keys can be bundled into the same
+# file or split into two files.
+# CertFile is for a cert+key bundle, CertFileAndKey for separate files.
+# Use only one of these.
+
+# CertFile                     /etc/ssl/private/pure-ftpd.pem
+# CertFileAndKey               "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"
+
+
+
+# Unix socket of the external certificate handler, for TLS
+
+# ExtCert                      /var/run/ftpd-certs.sock
+
+
+# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV4Only                     yes
+
+
+
+# Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV6Only                     yes

EVSE/GPL/pure-ftpd-1.0.49/puredb/Makefile.am

@@ -0,0 +1,6 @@
+SUBDIRS = \
+	src
+
+EXTRA_DIST = \
+	README.FIRST
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/README

@@ -0,0 +1,315 @@
+
+
+
+                              .:. PUREDB 2 .:.
+
+
+
+           ------------------------ BLURB ------------------------
+
+
+PureDB is a portable and tiny set of libraries for creating and reading
+constant databases. It manages data files that contains text or binary
+key/data pairs of arbitrary sizes. Lookups are very fast (normally only one
+disk access to match a hash value), overhead is low (a database is 1028
+bytes plus only 16 extra bytes per record), multiple concurrent read access
+are supported, databases can be up to 4 Gb long, and they are portable
+across architectures. 
+
+
+        ------------------------ COMPILATION ------------------------
+        
+
+Compiling PureDB is a simple matter of:
+
+./configure
+make install
+
+Static libraries, shared libraries and links are installed in
+/usr/local/lib/libpuredb_read* and /usr/local/lib/libpuredb_write* .
+
+Header files are installed as /usr/local/include/puredb_read.h and
+/usr/local/include/puredb_write.h .
+
+The library that creates databases is different from the library that reads
+them, because these different tasks are usually handled by separate
+applications. However, you can safely link both libraries together.
+
+
+           ------------------------ USAGE ------------------------
+
+
+To compile a program with puredb, you have to include the following headers:
+
+#include <puredb_read.h>
+
+and/or
+
+#include <puredb_write.h>
+
+If your application only reads PureDB databases, just include the first
+header. If it only writes databases, just include the second one. It it does
+both, include both.
+
+The same thing goes for linker options: you have to link against
+libpuredb_read and/or libpuredb_write:
+
+cc -o myapp1 myapp1.c -lpuredb_read
+cc -o myapp2 myapp2.c -lpuredb_write
+cc -o myapp3 myapp3.c -lpuredb_read -lpuredb_write
+
+
+------------------------ API FOR CREATING DATABASES ------------------------
+
+
+Creating a new database is usually a 4-step operation:
+
+1) Create the database files and initialize the internal structures with
+puredbw_open() .
+
+2) Feed key/data pairs with puredbw_add() or puredbw_add_s() .
+
+3) Complete and close the database files with puredbw_close() .
+
+4) Free the internal structures with puredbw_free() .
+
+Here are the functions:
+
+
+int puredbw_open(PureDBW * const dbw,
+                 const char * const file_index,
+                 const char * const file_data,
+                 const char * const file_final);
+
+This function takes a point to an already allocated PureDBW structure, and
+three file names. file_index and file_data are temporary files, needed to
+create the database. They will be automatically deleted, and the final
+database will atomically be stored in file_final.
+
+Return value: 0 if everything is ok, a negative value if something went wrong.
+
+
+
+int puredbw_add(PureDBW * const dbw,
+                const char * const key, const size_t key_len,
+                const char * const content, const size_t content_len);
+
+This function stores a new key/data pair in the database. key is a pointer
+to the key, that is key_len long. Same thing for content and content_len.
+These buffers can handle binary data, and can have any size up to 4 Gb.
+
+Return value: 0 if everything is ok, a negative value if something went wrong.
+
+
+
+int puredbw_add_s(PureDBW * const dbw,
+                  const char * const key, const char * const content);
+
+This function is a shortcut to puredbw_add(), designed to store 0-terminated
+strings. It's equivalent to call puredbw_add() with strlen(key) and
+strlen(content) as parameters 3 and 5.
+
+Return value: 0 if everything is ok, a negative value if something went wrong.
+
+
+
+int puredbw_close(PureDBW * const dbw);
+
+This function performs a quick sort of the hashed values, writes them to the
+disk, merges index and data files, rename the result to the final file name
+and delete the old files. You must call this after having inserted all
+values in the database. 
+
+Return value: 0 if everything is ok, a negative value if something went wrong.
+
+
+
+void puredbw_free(PureDBW * const dbw);
+
+This function frees all memory chunks allocated by puredbw_open(),
+puredbw_add() and puredbw_add_s() . You must call this either after a
+puredbw_close(), or after something went wrong if you decide to abort.
+
+
+Here's an example, that creates a new database, and inserts three key/data
+pairs into it.
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <puredb_write.h>
+
+int main(void)
+{
+    PureDBW dbw;
+    
+    if (puredbw_open(&dbw, "puredb.index", "puredb.data", "puredb.pdb") != 0) {
+        perror("Can't create the database");
+        goto end;
+    }
+    if (puredbw_add_s(&dbw, "key", "content") != 0 ||
+        puredbw_add_s(&dbw, "key2", "content2") != 0 ||
+        puredbw_add_s(&dbw, "key42", "content42") != 0) {
+        perror("Error while inserting key/data pairs");
+        goto end;
+    }
+    if (puredbw_close(&dbw) != 0) {
+        perror("Error while closing the database");
+    }
+    
+    end:
+    puredbw_free(&dbw);
+    
+    return 0;
+}
+
+
+ ------------------------ API FOR READING DATABASES ------------------------
+
+
+Reading the content of a database is usually a 5-step operation:
+
+1) Open the database files and initialize the internal structures with
+puredb_open() .
+
+2) Perform a lookup for a key with puredb_find() or puredb_find_s() .
+
+3) If the key is found, read the associated data with puredb_read() .
+
+[process the data]
+
+4) Free the data with puredb_read_free() .
+
+[repeat steps 2, 3 and 4 to read more key/data pairs]
+
+5) Close the database and free the internal structures with puredb_close() .
+
+Here are the functions:
+
+
+int puredb_open(PureDB * const db, const char *dbfile);
+
+This function opens an existing database, stored in a file named dbfile, and
+initializes a preallocated PureDB structure.
+
+Return value: 0 if everything is ok, a negative value if something went wrong.
+
+
+
+int puredb_find(PureDB * const db, const char * const tofind,
+                const size_t tofind_len, off_t * const retpos, 
+                size_t * const retlen);
+
+This function looks the database for a key matching tofind, whose length is
+tofind_len. After a successful match, retpos contains the offset to the
+first byte of the matching data, and retlen is the length of the data.
+
+Return value: 0 if the key was found.
+             -1 if the key was not found.
+             -2 if the database is corrupted.
+             -3 if a system error occurred.
+
+
+
+int puredb_find_s(PureDB * const db, const char * const tofind,
+                  off_t * const retpos, size_t * const retlen);
+
+This function is a shortcut to puredb_find() for text keys, which computes
+strlen(tofind) as a key length.
+
+Return value: 0 if the key was found.
+             -1 if the key was not found.
+             -2 if the database is corrupted.
+             -3 if a system error occurred.
+
+
+
+void *puredb_read(PureDB * const db, const off_t offset, const size_t len);
+
+This function reads len bytes in the database file, starting at offset. A
+large enough buffer is allocated, filled and returned. It is guaranteed to
+be terminated by an extra \0, so it's safe to process C-strings returned by
+that function.
+
+Return value: the address of a buffer with the data, or NULL if something
+went wrong (no memory, corrupted file, no permission, etc) .
+
+
+
+void puredb_read_free(void *data);
+
+Frees a buffer allocated by puredb_read() .
+
+
+
+int puredb_getfd(PureDB * const db);
+
+Returns the file descriptor opened for the database, just in case you want
+to read the data by yourself. It can be interesting if the data is too large
+to be stored in memory.
+
+Return value: a file descriptor. or -1 if none was allocated (error).
+
+
+
+off_t puredb_getsize(PureDB * const db);
+
+This function returns the size of the file handling the database, in bytes.
+
+Return value: the size of the file.
+
+
+
+int puredb_close(PureDB * const db);
+
+This function closes the database and frees all related internal structures.
+Don't forget to call this even if something went wrong, and you decide to
+abort.
+
+
+Here's an example, that reads a previously created database.
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <puredb_read.h>
+
+int main(void)
+{
+    PureDB db;
+    off_t retpos;
+    size_t retlen;
+    char *data;
+    
+    if (puredb_open(&db, "puredb.pdb") != 0) {
+        perror("Can't open the database");
+        goto end;
+    }
+    if (puredb_find_s(&db, "key42", &retpos, &retlen) != 0) {
+        fprintf(stderr, "The key wasn't found\n");
+        goto end;
+    }
+    if ((data = puredb_read(&db, retpos, retlen)) != NULL) {
+        printf("The maching data is: [%s]\n", data);
+        puredb_read_free(data);
+    }
+    end:
+    if (puredb_close(&db) != 0) {
+        perror("The database couldn't be properly closed");
+    }
+    
+    return 0;
+}
+
+
+If you have question, suggestions or patches, feel free to get in touch with
+me. Newbies and silly ideas are welcome.
+
+
+Thank you, 
+
+                     -Frank DENIS "Jedi/Sector One" <j at pureftpd dot org> .
+                                 
+
+
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/README.FIRST

@@ -0,0 +1,11 @@
+
+*****************************************************************************
+
+  This is a modified version of PureDB, that doesn't install any libraries
+nor headers.
+
+  A standalone version of PureDB can be downloaded from:
+http://download.pureftpd.org/pure-ftpd/pure-db/
+  
+*****************************************************************************  
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/Makefile.am

@@ -0,0 +1,23 @@
+
+noinst_LIBRARIES = libpuredb_read.a libpuredb_write.a
+
+noinst_HEADERS = puredb_read.h puredb_write.h
+
+noinst_PROGRAMS = example_read example_write regression
+
+libpuredb_read_a_SOURCES = puredb_read.c puredb_read.h puredb_p.h
+
+libpuredb_write_a_SOURCES = puredb_write.c puredb_write.h puredb_p.h
+
+example_read_LDADD = libpuredb_read.a
+
+example_write_LDADD = libpuredb_write.a
+
+regression_LDADD = libpuredb_read.a libpuredb_write.a
+
+example_read_SOURCES = example_read.c puredb_read.h
+
+example_write_SOURCES = example_write.c puredb_write.h
+
+regression_SOURCES = regression.c puredb_read.h puredb_write.h puredb_p.h
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/example_read.c

@@ -0,0 +1,36 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#include <config.h>
+
+#include "puredb_p.h"
+#include "puredb_read.h"
+
+int main(void)
+{
+    char *data;
+    PureDB db;
+    off_t retpos;
+    size_t retlen;
+    int err;
+
+    if (puredb_open(&db, "puredb.pdb") != 0) {
+        perror("Can't open the database");
+        goto end;
+    }
+    if ((err = puredb_find_s(&db, "key42", &retpos, &retlen)) != 0) {
+        fprintf(stderr, "The key wasn't found [err=%d]\n", err);
+        goto end;
+    }
+    if ((data = puredb_read(&db, retpos, retlen)) != NULL) {
+        printf("The maching data is : [%s]\n", data);
+        puredb_read_free(data);
+    }
+    end:
+    if (puredb_close(&db) != 0) {
+        perror("The database couldn't be properly closed");
+    }
+
+    return 0;
+}
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/example_write.c

@@ -0,0 +1,32 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#include <config.h>
+
+#include "puredb_p.h"
+#include "puredb_write.h"
+
+int main(void)
+{
+    PureDBW dbw;
+
+    if (puredbw_open(&dbw, "puredb.index", "puredb.data", "puredb.pdb") != 0) {
+        perror("Can't create the database");
+        goto end;
+    }
+    if (puredbw_add_s(&dbw, "key", "content") != 0 ||
+        puredbw_add_s(&dbw, "key2", "content2") != 0 ||
+        puredbw_add_s(&dbw, "key42", "content42") != 0) {
+        perror("Error while inserting key/data pairs");
+        goto end;
+    }
+    if (puredbw_close(&dbw) != 0) {
+        perror("Error while closing the database");
+    }
+
+    end:
+    puredbw_free(&dbw);
+
+    return 0;
+}
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/puredb_p.h

@@ -0,0 +1,107 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#ifndef __PUREDB_P_H__
+#define __PUREDB_P_H__ 1
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+# include <stdarg.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#if HAVE_STRING_H
+# if !STDC_HEADERS && HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#else
+# if HAVE_STRINGS_H
+#  include <strings.h>
+# endif
+#endif
+#include <limits.h>
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#elif defined(HAVE_SYS_FCNTL_H)
+# include <sys/fcntl.h>
+#endif
+#ifdef HAVE_IOCTL_H
+# include <ioctl.h>
+#elif defined(HAVE_SYS_IOCTL_H)
+# include <sys/ioctl.h>
+#endif
+#ifdef HAVE_NETINET_IN_SYSTM_H
+# include <netinet/in_systm.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+#ifdef HAVE_MMAP
+# include <sys/mman.h>
+#endif
+#ifdef HAVE_WINDOWS_H
+# include <windows.h>
+#endif
+#ifdef HAVE_IO_H
+# include <io.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+
+#ifdef HAVE_ALLOCA
+# ifdef HAVE_ALLOCA_H
+#  include <alloca.h>
+# endif
+# define ALLOCA(X) alloca(X)
+# define ALLOCA_FREE(X) do { } while (0)
+#else
+# define ALLOCA(X) malloc(X)
+# define ALLOCA_FREE(X) free(X)
+#endif
+
+#ifndef O_NOFOLLOW
+# define O_NOFOLLOW 0
+#endif
+
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
+
+#if !defined(O_NDELAY) && defined(O_NONBLOCK)
+# define O_NDELAY O_NONBLOCK
+#endif
+
+#ifndef FNDELAY
+# define FNDELAY O_NDELAY
+#endif
+
+#ifndef MAP_FILE
+# define MAP_FILE 0
+#endif
+
+#ifndef MAP_FAILED
+# define MAP_FAILED ((void *) -1)
+#endif
+
+#if defined(HAVE_MAPVIEWOFFILE) || defined(HAVE_MMAP)
+# define USE_MAPPED_IO 1
+#endif
+
+#ifndef errno
+extern int errno;
+#endif
+
+#endif
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/puredb_read.c

@@ -0,0 +1,337 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#include <config.h>
+
+#include "puredb_p.h"
+#include "puredb_read.h"
+
+static puredb_u32_t puredb_hash(const char * const msg, size_t len)
+{
+    puredb_u32_t j = (puredb_u32_t) 5381U;
+
+    while (len != 0) {
+        len--;
+        j += (j << 5);
+        j ^= ((unsigned char) msg[len]);
+    }
+    j &= 0xffffffff;
+
+    return j;
+}
+
+static ssize_t safe_read(const int fd, void * const buf_, size_t maxlen)
+{
+    unsigned char *buf = (unsigned char *) buf_;
+    ssize_t readnb;
+
+    do {
+        while ((readnb = read(fd, buf, maxlen)) < (ssize_t) 0 &&
+               errno == EINTR);
+        if (readnb < (ssize_t) 0 || readnb > (ssize_t) maxlen) {
+            return readnb;
+        }
+        if (readnb == (ssize_t) 0) {
+            ret:
+            return (ssize_t) (buf - (unsigned char *) buf_);
+        }
+        maxlen -= readnb;
+        buf += readnb;
+    } while (maxlen > (ssize_t) 0);
+    goto ret;
+}
+
+static int read_be_long(const PureDB * const db,
+                        const puredb_u32_t offset,
+                        puredb_u32_t * const result)
+{
+    unsigned char mapoffsetbuf[4];
+    unsigned char *mapoffset;
+
+#ifdef USE_MAPPED_IO
+    if (db->map != NULL) {
+        mapoffset = db->map + offset;
+    } else
+#endif
+    {
+        if (lseek(db->fd, offset, SEEK_SET) == (off_t) -1) {
+            return -1;
+        }
+        if (safe_read(db->fd, mapoffsetbuf, sizeof mapoffsetbuf) !=
+            (ssize_t) sizeof mapoffsetbuf) {
+            return -1;
+        }
+        mapoffset = mapoffsetbuf;
+    }
+    *result = mapoffset[0] << 24 | mapoffset[1] << 16 |
+        mapoffset[2] << 8 | mapoffset[3];
+
+    return 0;
+}
+
+static int read_memcmp(const PureDB * const db, const puredb_u32_t offset,
+                       const unsigned char *str, const puredb_u32_t len)
+{
+    unsigned char *mapoffsetbuf;
+    int cmp;
+
+#ifdef USE_MAPPED_IO
+    if (db->map != NULL) {
+        return memcmp(db->map + offset, str, (size_t) len) != 0;
+    }
+#endif
+    if ((mapoffsetbuf = (unsigned char *) ALLOCA(len)) == NULL) {
+        return -2;
+    }
+    if (lseek(db->fd, offset, SEEK_SET) == (off_t) -1) {
+        err:
+        ALLOCA_FREE(mapoffsetbuf);
+        return -2;
+    }
+    if (safe_read(db->fd, mapoffsetbuf, (size_t) len) != (ssize_t) len) {
+        goto err;
+    }
+    cmp = memcmp(mapoffsetbuf, str, (size_t) len) != 0;
+    ALLOCA_FREE(mapoffsetbuf);
+
+    return cmp;
+}
+
+int puredb_open(PureDB * const db, const char *dbfile)
+{
+    struct stat st;
+
+    db->map = NULL;
+    if ((db->fd = open(dbfile, O_RDONLY | O_BINARY)) == -1) {
+        return -1;
+    }
+    if (fstat(db->fd, &st) < 0 || st.st_size > (off_t) 0xffffffff ||
+        (db->size = (puredb_u32_t) st.st_size) <
+        ((size_t) (256U + 1U) * sizeof(puredb_u32_t) +
+         sizeof PUREDB_VERSION - (size_t) 1U)) {
+        close(db->fd);
+
+        return -2;
+    }
+#ifdef HAVE_MMAP
+    if ((char *) (db->map =
+                  (unsigned char *) mmap(NULL, db->size, PROT_READ,
+                                         MAP_FILE | MAP_SHARED, db->fd,
+                                         (off_t) 0)) == (char *) MAP_FAILED) {
+        db->map = NULL;
+    }
+#elif defined(HAVE_MAPVIEWOFFILE)
+    {
+        HANDLE fileh;
+
+        fileh = (HANDLE) _get_osfhandle(db->fd);
+        if (fileh != (HANDLE) -1) {
+            HANDLE fmh;
+
+            fmh = CreateFileMapping(fileh, 0, PAGE_READONLY, 0, 0, 0);
+            if (fmh) {
+                db->map = MapViewOfFile(fmh, FILE_MAP_READ, 0, 0, db->size);
+                CloseHandle(fmh);
+            }
+        }
+    }
+#endif
+    if (read_memcmp(db, (puredb_u32_t) 0U,
+                    (const unsigned char *) PUREDB_VERSION,
+                    sizeof PUREDB_VERSION - (size_t) 1U) != 0) {
+
+        return -3;
+    }
+    return 0;
+}
+
+int puredb_find(PureDB * const db, const char * const tofind,
+                const size_t tofind_len, off_t * const retpos,
+                size_t * const retlen)
+{
+    puredb_u32_t hash;
+    puredb_u32_t scanned_hash;
+    puredb_u32_t hash0;
+    puredb_u32_t hash1;
+    puredb_u32_t hash1e;
+    puredb_u32_t lastslot;
+    puredb_u32_t slotlo;
+    puredb_u32_t slothi;
+    puredb_u32_t sno;
+
+    *retpos = (off_t) -1;
+    *retlen = (size_t) 0U;
+    hash = puredb_hash(tofind, tofind_len);
+    hash0 = sizeof PUREDB_VERSION - (size_t) 1U +
+        (hash & 0xff) * sizeof(puredb_u32_t);
+
+    if ((hash0 + sizeof(puredb_u32_t) * 2U) > db->size) {
+        return -2;                     /* corrupted table */
+    }
+    if (read_be_long(db, hash0, &hash1) < 0) {
+        return -3;                     /* read error */
+    }
+    if (read_be_long(db, hash0 + sizeof(puredb_u32_t), &hash1e) < 0) {
+        return -3;                     /* read error */
+    }
+    if (hash1e <= hash1) {
+        return -2;                     /* corrupted table */
+    }
+    if (hash1 == (puredb_u32_t) 0U) {
+        return -1;                     /* not found (first table) */
+    }
+    if (hash1 > db->size) {
+        return -2;                     /* corrupted table */
+    }
+    lastslot = (hash1e - hash1) / (sizeof(puredb_u32_t) + sizeof(puredb_u32_t));
+    if (lastslot <= 0U) {
+        return -2;                     /* corrupted table */
+    }
+    lastslot--;
+#if !defined(MINIMAL) && !defined(NO_BINARY_LOOKUP)
+    slotlo = 0U;
+    slothi = lastslot;
+    sno = slothi / 2U;
+    while (slotlo <= slothi) {
+        if (read_be_long(db, hash1 + sno *
+                         (sizeof(puredb_u32_t) + sizeof(puredb_u32_t)),
+                         &scanned_hash) < 0) {
+            return -3;
+        }
+        if (scanned_hash == hash) {
+            while (sno > 0U) {
+                sno--;
+                if (read_be_long(db, hash1 + sno *
+                                 (sizeof(puredb_u32_t) + sizeof(puredb_u32_t)),
+                                 &scanned_hash) < 0) {
+                        return -3;
+                }
+                if (scanned_hash != hash) {
+                    sno++;
+                    break;
+                }
+            }
+            hash1 += sno * (sizeof(puredb_u32_t) + sizeof(puredb_u32_t));
+            goto shortcut;
+        }
+        if (scanned_hash > hash) {
+            if (sno <= 0U) {
+                break;
+            }
+            slothi = sno - 1;
+        } else {
+            if (sno >= lastslot) {
+                break;
+            }
+            slotlo = sno + 1;
+        }
+        sno = (slothi + slotlo) / 2U;
+    }
+    hash1 += sno * (sizeof(puredb_u32_t) + sizeof(puredb_u32_t));
+#endif
+    for(;;) {
+        if (read_be_long(db, hash1, &scanned_hash) < 0) {
+            return -3;
+        }
+        if (scanned_hash > hash) {
+            return -1;                     /* not found (too late) */
+        }
+        if (scanned_hash == hash) {
+            puredb_u32_t data;
+            puredb_u32_t key_size;
+            puredb_u32_t data_size;
+
+            shortcut:
+            if (read_be_long(db, hash1 + 4, &data) < 0) {
+                return -3;
+            }
+            if (data > db->size) {
+                return -2;             /* incorrect pointer */
+            }
+            if (read_be_long(db, data, &key_size) < 0) {
+                return -3;
+            }
+            if (key_size != (puredb_u32_t) tofind_len) {
+                goto trynext;
+            }
+            if (read_memcmp(db, data + sizeof(puredb_u32_t),
+                            (const unsigned char *) tofind, tofind_len) != 0) {
+                goto trynext;
+            }
+            data += sizeof(puredb_u32_t) + tofind_len;
+            if (read_be_long(db, data, &data_size) < 0) {
+                return -3;
+            }
+            data += sizeof(puredb_u32_t);
+            *retpos = (off_t) data;
+            *retlen = (size_t) data_size;
+
+            return 0;
+        }
+        trynext:
+        hash1 += sizeof(puredb_u32_t) + sizeof(puredb_u32_t);
+        if (lastslot == 0U) {
+            break;
+        }
+        lastslot--;
+    }
+
+    return -1;                     /* not found (end of table) */
+}
+
+int puredb_find_s(PureDB * const db, const char * const tofind,
+                  off_t * const retpos, size_t * const retlen)
+{
+    return puredb_find(db, tofind, strlen(tofind), retpos, retlen);
+}
+
+void *puredb_read(PureDB * const db, const off_t offset, const size_t len)
+{
+    void *buf;
+
+    if ((buf = malloc(len + (size_t) 1U)) == NULL) {
+        return NULL;
+    }
+#ifdef USE_MAPPED_IO
+    if (db->map != NULL) {
+        memcpy(buf, db->map + offset, len);
+    } else
+#endif
+    {
+        if (lseek(db->fd, offset, SEEK_SET) == (off_t) -1 ||
+            safe_read(db->fd, buf, len) != (ssize_t) len) {
+            free(buf);
+            return NULL;
+        }
+    }
+    ((unsigned char *) buf)[len] = 0U;
+
+    return buf;
+}
+
+int puredb_close(PureDB * const db)
+{
+    int ret = 0;
+
+#ifdef HAVE_MMAP
+    if (db->map != NULL) {
+# ifdef HAVE_MUNMAP
+        (void) munmap((void *) db->map, db->size);
+# endif
+        db->map = NULL;
+    }
+#elif defined(HAVE_MAPVIEWOFFILE)
+    if (db->map != NULL) {
+        (void) UnmapViewOfFile(db->map);
+        db->map = NULL;
+    }
+#endif
+    if (db->fd != -1) {
+        ret = close(db->fd);
+        db->fd = -1;
+    }
+
+    return ret;
+}
+
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/puredb_read.h

@@ -0,0 +1,48 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#ifndef __PUREDB_READ_H__
+#define __PUREDB_READ_H__ 1
+
+#include <limits.h>
+
+#define PUREDB_VERSION "PDB2"
+#define PUREDB_LIB_VERSION 1
+
+#ifndef PUREDB_U32_T
+# if SHRT_MAX >= 2147483647
+typedef unsigned short puredb_u32_t;
+# elif INT_MAX >= 2147483647
+typedef unsigned int puredb_u32_t;
+# else
+typedef unsigned long puredb_u32_t;
+# endif
+# define PUREDB_U32_T 1
+#endif
+
+typedef struct PureDB_ {
+    unsigned char *map;
+    int fd;
+    puredb_u32_t size;
+} PureDB;
+
+#define puredb_getfd(X) ((X)->fd)
+
+#define puredb_getsize(X) ((off_t) ((X)->size))
+
+#define puredb_read_free(X) if ((X) != NULL) free(X)
+
+int puredb_open(PureDB * const db, const char *dbfile);
+
+int puredb_close(PureDB * const db);
+
+int puredb_find(PureDB * const db, const char * const tofind,
+                const size_t tofind_len, off_t * const retpos,
+                size_t * const retlen);
+
+int puredb_find_s(PureDB * const db, const char * const tofind,
+                  off_t * const retpos, size_t * const retlen);
+
+void *puredb_read(PureDB * const db, const off_t offset, const size_t len);
+
+#endif

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/puredb_write.c

@@ -0,0 +1,336 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#include <config.h>
+
+#include "puredb_p.h"
+#include "puredb_write.h"
+
+#ifndef HAVE_STRDUP
+static char *strdup(const char *str)
+{
+    char *newstr;
+    size_t str_len_1;
+
+    if (str == NULL ||
+        (str_len_1 = strlen(str) + (size_t) 1U) <= (size_t) 0U ||
+        (newstr = malloc(str_len_1)) == NULL) {
+        return NULL;
+    }
+    memcpy(newstr, str, str_len_1);
+
+    return newstr;
+}
+#endif
+
+static puredb_u32_t puredbw_hash(const char * const msg, size_t len)
+{
+    puredb_u32_t j = (puredb_u32_t) 5381U;
+
+    while (len != 0) {
+        len--;
+        j += (j << 5);
+        j ^= ((unsigned char) msg[len]);
+    }
+    j &= 0xffffffff;
+
+    return j;
+}
+
+int puredbw_open(PureDBW * const dbw,
+                 const char * const file_index,
+                 const char * const file_data,
+                 const char * const file_final)
+{
+    dbw->file_index = NULL;
+    dbw->file_data = NULL;
+    dbw->file_final = NULL;
+    dbw->fpindex = NULL;
+    dbw->fpdata = NULL;
+    {
+        int z = (sizeof dbw->hash_table0) / (sizeof dbw->hash_table0[0]) - 1;
+
+        do {
+            dbw->hash_table0[z].hash1_list = NULL;
+            dbw->hash_table0[z].hash1_list_size = (size_t) 0U;
+            z--;
+        } while (z >= 0);
+    }
+    if ((dbw->file_index = strdup(file_index)) == NULL ||
+        (dbw->file_data = strdup(file_data)) == NULL ||
+        (dbw->file_final = strdup(file_final)) == NULL ||
+        (dbw->fpindex = fopen(file_index, "wb")) == NULL ||
+        (dbw->fpdata = fopen(file_data, "w+b")) == NULL) {
+
+        return -1;
+    }
+    dbw->data_offset_counter = (puredb_u32_t) 0U;
+    dbw->offset_first_data = (puredb_u32_t)
+        (sizeof PUREDBW_VERSION - (size_t) 1U +
+         (1U + sizeof dbw->hash_table0 / sizeof dbw->hash_table0[0]) *
+         sizeof(puredb_u32_t));
+    if (fwrite(PUREDBW_VERSION, (size_t) 1U,
+               sizeof PUREDBW_VERSION - (size_t) 1U,
+               dbw->fpindex) != (sizeof PUREDBW_VERSION - (size_t) 1U)) {
+        return -1;
+    }
+    return 0;
+}
+
+int puredbw_add(PureDBW * const dbw,
+                const char * const key, const size_t key_len,
+                const char * const content, const size_t content_len)
+{
+    const puredb_u32_t hash = puredbw_hash(key, key_len);
+    const puredb_u32_t hash_hi = hash & 0xff;
+    Hash0 * const hash0 = &dbw->hash_table0[hash_hi];
+    Hash1 *hash1;
+
+    if (hash0->hash1_list == NULL) {
+        hash0->hash1_list_size = sizeof(Hash1);
+        if ((hash0->hash1_list = malloc(hash0->hash1_list_size)) == NULL) {
+            return -1;
+        }
+    } else {
+        Hash1 *newpnt;
+
+        hash0->hash1_list_size += sizeof(Hash1);
+        if ((newpnt = realloc(hash0->hash1_list,
+                              hash0->hash1_list_size)) == NULL) {
+            return -1;
+        }
+        hash0->hash1_list = newpnt;
+    }
+    dbw->offset_first_data += sizeof(puredb_u32_t) + sizeof(puredb_u32_t);
+    hash1 = (Hash1 *) (void *) ((unsigned char *) hash0->hash1_list +
+                                hash0->hash1_list_size - sizeof(Hash1));
+    hash1->hash = hash;
+    hash1->offset_data = dbw->data_offset_counter;
+    dbw->data_offset_counter += sizeof(puredb_u32_t) + sizeof(puredb_u32_t) +
+        + key_len + content_len;
+    {
+        const puredb_u32_t key_len_ = htonl((puredb_u32_t) key_len);
+        if (fwrite(&key_len_, sizeof key_len_, (size_t) 1U, dbw->fpdata) !=
+            (size_t) 1U) {
+            return -1;
+        }
+    }
+    if (fwrite(key, (size_t) 1U, key_len, dbw->fpdata) != key_len) {
+        return -1;
+    }
+    {
+        const puredb_u32_t content_len_ = htonl((puredb_u32_t) content_len);
+        if (fwrite(&content_len_, sizeof content_len_, (size_t) 1U,
+                   dbw->fpdata) != (size_t) 1U) {
+            return -1;
+        }
+    }
+    if (fwrite(content, (size_t) 1U, content_len, dbw->fpdata)
+        != content_len) {
+
+        return -1;
+    }
+
+    return 0;
+}
+
+int puredbw_add_s(PureDBW * const dbw,
+                  const char * const key, const char * const content)
+{
+    return puredbw_add(dbw, key, strlen(key), content, strlen(content));
+}
+
+static int hash1_cmp_hook(const void * const a, const void * const b)
+{
+    puredb_u32_t ha = ((const Hash1 *) a)->hash;
+    puredb_u32_t hb = ((const Hash1 *) b)->hash;
+
+    if (ha < hb) {
+        return -1;
+    } else if (ha > hb) {
+        return 1;
+    }
+    ha = ((const Hash1 *) a)->offset_data;
+    hb = ((const Hash1 *) b)->offset_data;
+    if (ha < hb) {
+        return -1;
+    } else if (ha > hb) {
+        return 1;
+    }
+    return 0;
+}
+
+static int writekeys(PureDBW * const dbw)
+{
+    int hash_cnt = (int)
+        (sizeof dbw->hash_table0 / sizeof dbw->hash_table0[0]);
+    const Hash0 *hash0 = dbw->hash_table0;
+
+    puredb_u32_t offset = (puredb_u32_t)
+        ((1U + sizeof dbw->hash_table0 / sizeof dbw->hash_table0[0]) *
+         sizeof(puredb_u32_t) + sizeof PUREDBW_VERSION - (size_t) 1U);
+    do {
+        {
+            const puredb_u32_t offset_ = htonl((puredb_u32_t) offset);
+
+            if (fwrite(&offset_, sizeof offset_, (size_t) 1U, dbw->fpindex) !=
+                (size_t) 1U) {
+
+                return -1;
+            }
+        }
+        if (hash0->hash1_list_size <= 0U) {
+            offset += sizeof(puredb_u32_t);
+            dbw->offset_first_data += sizeof(puredb_u32_t);
+        } else {
+            offset += ((hash0->hash1_list_size / sizeof(Hash1)) *
+                       (sizeof(puredb_u32_t) + sizeof(puredb_u32_t)));
+        }
+        hash0++;
+        hash_cnt--;
+    } while (hash_cnt != 0);
+    {                                  /* extra hash0, filler */
+        const puredb_u32_t null_ = (puredb_u32_t) htonl(offset);
+        if (fwrite(&null_, sizeof null_, (size_t) 1U, dbw->fpindex) !=
+            (size_t) 1U) {
+                return -1;
+        }
+    }
+
+    hash_cnt = (int) (sizeof dbw->hash_table0 / sizeof dbw->hash_table0[0]);
+    hash0 = dbw->hash_table0;
+    do {
+        Hash1 *hash1 = hash0->hash1_list;
+        size_t list_size = hash0->hash1_list_size;
+
+        if (hash1 == NULL) {
+            const puredb_u32_t null_ =
+                (puredb_u32_t) htonl((hash0 - dbw->hash_table0) + 1U);
+
+            if (fwrite(&null_, sizeof null_, (size_t) 1U, dbw->fpindex) !=
+                (size_t) 1U) {
+                return -1;
+            }
+            goto next;
+        }
+        qsort((void *) hash1, hash0->hash1_list_size / sizeof(Hash1),
+              sizeof(Hash1), hash1_cmp_hook);
+        do {
+            {
+                const puredb_u32_t hash_ = htonl(hash1->hash);
+
+                if (fwrite(&hash_, sizeof hash_, (size_t) 1U, dbw->fpindex) !=
+                    (size_t) 1U) {
+                    return -1;
+                }
+            }
+            {
+                const puredb_u32_t offset_data_ = htonl(hash1->offset_data +
+                                                      dbw->offset_first_data);
+
+                if (fwrite(&offset_data_, sizeof offset_data_,
+                           (size_t) 1U, dbw->fpindex) != (size_t) 1U) {
+                    return -1;
+                }
+            }
+            hash1++;
+            list_size -= sizeof(Hash1);
+        } while (list_size > (size_t) 0U);
+        next:
+        hash0++;
+        hash_cnt--;
+    } while (hash_cnt != 0);
+
+    return 0;
+}
+
+static int freestructs(PureDBW * const dbw)
+{
+    Hash0 *hash0 = dbw->hash_table0;
+    int hash0_cnt = (int) (sizeof dbw->hash_table0 / sizeof dbw->hash_table0[0]);
+
+    do {
+        free(hash0->hash1_list);
+        hash0->hash1_list = NULL;
+        hash0++;
+        hash0_cnt--;
+    } while (hash0_cnt > 0);
+
+    return 0;
+}
+
+static int mergefiles(PureDBW * const dbw)
+{
+    size_t readnb;
+    char buf[4096];
+
+    rewind(dbw->fpdata);
+    while ((readnb = fread(buf, (size_t) 1U, sizeof buf, dbw->fpdata)) >
+           (size_t) 0U) {
+        if (fwrite(buf, (size_t) 1U, readnb, dbw->fpindex) != readnb) {
+            return -1;
+        }
+    }
+    if (fclose(dbw->fpdata) != 0) {
+        return -1;
+    }
+    dbw->fpdata = NULL;
+    fflush(dbw->fpindex);
+#ifdef HAVE_FILENO
+    fsync(fileno(dbw->fpindex));
+#endif
+    if (fclose(dbw->fpindex) != 0) {
+        return -1;
+    }
+    dbw->fpindex = NULL;
+    (void) unlink(dbw->file_data);
+    if (rename(dbw->file_index, dbw->file_final) < 0)
+    {
+        (void) unlink(dbw->file_final);
+        if (rename(dbw->file_index, dbw->file_final) < 0) {
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+static void freeall(PureDBW * const dbw)
+{
+    if (dbw->fpindex != NULL) {
+        fclose(dbw->fpindex);
+        dbw->fpindex = NULL;
+    }
+    if (dbw->fpdata != NULL) {
+        fclose(dbw->fpdata);
+        dbw->fpdata = NULL;
+    }
+    free(dbw->file_index);
+    dbw->file_index = NULL;
+    free(dbw->file_data);
+    dbw->file_data = NULL;
+    free(dbw->file_final);
+    dbw->file_final = NULL;
+}
+
+void puredbw_free(PureDBW * const dbw)
+{
+    freestructs(dbw);
+    freeall(dbw);
+}
+
+int puredbw_close(PureDBW * const dbw)
+{
+    if (writekeys(dbw) != 0) {
+        return -1;
+    }
+    freestructs(dbw);
+    if (mergefiles(dbw) != 0) {
+        return -1;
+    }
+    freeall(dbw);
+
+    return 0;
+}
+
+

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/puredb_write.h

@@ -0,0 +1,60 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#ifndef __PUREDB_WRITE_H__
+#define __PUREDB_WRITE_H__ 1
+
+#include <limits.h>
+
+#define PUREDBW_VERSION "PDB2"
+#define PUREDBW_LIB_VERSION 1
+
+#ifndef PUREDB_U32_T
+# if SHRT_MAX >= 2147483647
+typedef unsigned short puredb_u32_t;
+# elif INT_MAX >= 2147483647
+typedef unsigned int puredb_u32_t;
+# else
+typedef unsigned long puredb_u32_t;
+# endif
+# define PUREDB_U32_T 1
+#endif
+
+typedef struct Hash1_ {
+    puredb_u32_t hash;
+    puredb_u32_t offset_data;
+} Hash1;
+
+typedef struct Hash0_ {
+    Hash1 *hash1_list;
+    size_t hash1_list_size;
+} Hash0;
+
+typedef struct PureDBW_ {
+    FILE *fpindex;
+    FILE *fpdata;
+    char *file_index;
+    char *file_data;
+    char *file_final;
+    puredb_u32_t data_offset_counter;
+    puredb_u32_t offset_first_data;
+    Hash0 hash_table0[256];
+} PureDBW;
+
+int puredbw_open(PureDBW * const dbw,
+                 const char * const file_index,
+                 const char * const file_data,
+                 const char * const file_final);
+
+int puredbw_close(PureDBW * const dbw);
+
+void puredbw_free(PureDBW * const dbw);
+
+int puredbw_add(PureDBW * const dbw,
+                const char * const key, const size_t key_len,
+                const char * const content, const size_t content_len);
+
+int puredbw_add_s(PureDBW * const dbw,
+                  const char * const key, const char * const content);
+
+#endif

EVSE/GPL/pure-ftpd-1.0.49/puredb/src/regression.c

@@ -0,0 +1,117 @@
+
+/* (C)opyleft 2001-2019 Frank DENIS <j at pureftpd dot org> */
+
+#include <config.h>
+#ifdef HAVE_SNPRINTF
+
+#include "puredb_p.h"
+#include "puredb_read.h"
+#include "puredb_write.h"
+#include <time.h>
+
+int main(void)
+{
+    char key[42];
+    char data[42];
+    unsigned long long curkey = 0ULL;
+    unsigned long long nbrec = 0ULL;
+    PureDBW dbw;
+    PureDB db;
+    off_t retpos;
+    size_t retlen;
+    char *founddata;
+    int pass = 0;
+    unsigned int seed = 0U;
+    unsigned int randomrounds = 42000;
+
+    printf("Starting regression tests\n\nDatabase creation (wait) ... ");
+    fflush(stdout);
+    if (puredbw_open(&dbw, "puredb.index", "puredb.data", "puredb.pdb") != 0) {
+        perror("Can't create the database");
+        goto end;
+    }
+    seed = (unsigned int) time(NULL);
+    srand(seed);
+    do {
+        curkey += (rand() & 0x4fff);
+        snprintf(key, sizeof key, "%llu", curkey);
+        snprintf(data, sizeof data, "%llu", curkey ^ 0x12345678abcdefULL);
+        if (puredbw_add_s(&dbw, key, data) != 0) {
+            goto end;
+        }
+        nbrec++;
+    } while (curkey < (unsigned long long) 0xfffffff0);
+    if (puredbw_close(&dbw) != 0) {
+        goto end;
+    }
+    pass++;
+    end:
+    puredbw_free(&dbw);
+    if (pass == 0) {
+        puts("Failure :(");
+        unlink("puredb.index");
+        unlink("puredb.data");
+        unlink("puredb.pdb");
+        return -1;
+    } else {
+        printf("Success! %llu records have been written\n", nbrec);
+        pass = 0;
+    }
+    printf("Database lookups (wait) ... ");
+    fflush(stdout);
+    if (puredb_open(&db, "puredb.pdb") != 0) {
+        perror("Can't open the database");
+        goto end2;
+    }
+    curkey = 0ULL;
+    srand(seed);
+    do {
+        curkey += (rand() & 0x4fff);
+        snprintf(key, sizeof key, "%llu", curkey);
+        snprintf(data, sizeof data, "%llu", curkey ^ 0x12345678abcdefULL);
+        if (puredb_find_s(&db, key, &retpos, &retlen) != 0) {
+            fprintf(stderr, "The key wasn't found\n");
+            goto end2;
+        }
+        if ((founddata = puredb_read(&db, retpos, retlen)) != NULL) {
+            if (strcmp(founddata, data) != 0) {
+                fprintf(stderr, "Wrong data\n");
+                goto end2;
+            }
+            puredb_read_free(founddata);
+        }
+    } while (curkey < 0xfffffff0);
+    printf("also trying non-existent data ... ");
+    fflush(stdout);
+    do {
+        curkey <<= 1;
+        curkey ^= (unsigned long long) rand();
+        snprintf(key, sizeof key, "%llu", curkey);
+        if (puredb_find_s(&db, key, &retpos, &retlen) == 0) {
+            founddata = puredb_read(&db, retpos, retlen);
+            puredb_read_free(founddata);
+        }
+        randomrounds--;
+    } while (randomrounds > 0U);
+    pass++;
+    end2:
+    if (puredb_close(&db) != 0) {
+        perror("The database couldn't be properly closed");
+    }
+    unlink("puredb.pdb");
+    if (pass == 0) {
+        puts("Failure :(");
+        return -1;
+    } else {
+        puts("Success!");
+    }
+
+    return 0;
+}
+
+#else
+int main(void)
+{
+    return 0;
+}
+#endif

EVSE/GPL/pure-ftpd-1.0.49/pureftpd-ldap.conf

@@ -0,0 +1,88 @@
+
+#############################################
+#                                           #
+# Sample Pure-FTPd LDAP configuration file. #
+# See README.LDAP for explanations.         #
+#                                           #
+#############################################
+
+
+# Optional: scheme to connect with to LDAP server. Default: ldap
+# Other possible values: ldaps, ldapi, etc.
+# Remember to set LDAPPort accordingly.
+
+LDAPScheme ldap
+
+
+# Optional: name of the LDAP server. Default: localhost
+
+LDAPServer ldap.example.com
+
+
+# Optional: server port. Default: 389
+
+LDAPPort   389
+
+
+# Mandatory: the base DN to search accounts from. No default.
+
+LDAPBaseDN cn=Users,dc=c9x,dc=org
+
+
+# Optional: who we should bind the server as.
+# Default: binds anonymously or binds as 'ftp' user
+
+LDAPBindDN cn=Manager,dc=c9x,dc=org
+
+
+# Password if we don't bind anonymously
+# This configuration file should be only readable by root
+
+LDAPBindPW r00tPaSsw0rD
+
+
+# Optional: default UID, when there's no entry in a user object
+
+# LDAPDefaultUID 500
+
+
+# Optional: default GID, when there's no entry in a user object
+
+# LDAPDefaultGID 100
+
+
+# Filter to use to find the object that contains user info
+# \L is replaced by the login the user is trying to log in as
+# The default filter is (&(objectClass=posixAccount)(uid=\L))
+
+# LDAPFilter (&(objectClass=posixAccount)(uid=\L))
+
+
+# Attribute to get the home directory
+# Default is homeDirectory (the standard attribute from posixAccount)
+
+# LDAPHomeDir homeDirectory
+
+
+# LDAP protocol version to use
+# Version 3 (default) is mandatory with recent releases of OpenLDAP.
+
+# LDAPVersion 3
+
+
+# Optional: use TLS to connect to the LDAP server
+# Note: if ldaps scheme is used, this property has no effect
+# LDAPUseTLS  True
+
+
+# Can be PASSWORD or BIND.
+# PASSWORD retrieves objects and checks against the userPassword attribute
+# BIND tries to bind
+
+LDAPAuthMethod PASSWORD
+
+
+# Optional: default home directory if there's LDAPHomeDir entry
+
+# LDAPDefaultHomeDirectory /var/shared
+

EVSE/GPL/pure-ftpd-1.0.49/pureftpd-mysql.conf

@@ -0,0 +1,126 @@
+
+##############################################
+#                                            #
+# Sample Pure-FTPd Mysql configuration file. #
+# See README.MySQL for explanations.         #
+#                                            #
+##############################################
+
+
+# Optional : MySQL server name or IP. Don't define this for unix sockets.
+
+# MYSQLServer     127.0.0.1
+
+
+# Optional : MySQL port. Don't define this if a local unix socket is used.
+
+# MYSQLPort       3306
+
+
+# Optional : define the location of mysql.sock if the server runs on this host.
+
+MYSQLSocket     /var/run/mysqld/mysqld.sock
+
+
+# Mandatory : user to bind the server as.
+
+MYSQLUser       root
+
+
+# Mandatory : user password. You must have a password.
+
+MYSQLPassword   rootpw
+
+
+# Mandatory : database to open.
+
+MYSQLDatabase   pureftpd
+
+
+# Mandatory : how passwords are stored
+# Valid values are : "cleartext", "argon2", "scrypt", "crypt", "sha1", "md5", "password" and "any"
+# ("password" = MySQL password() function, which is sha1(sha1(password)))
+
+MYSQLCrypt      scrypt
+
+
+# In the following directives, parts of the strings are replaced at
+# run-time before performing queries :
+#
+# \L is replaced by the login of the user trying to authenticate.
+# \I is replaced by the IP address the user connected to.
+# \P is replaced by the port number the user connected to.
+# \R is replaced by the IP address the user connected from.
+# \D is replaced by the remote IP address, as a long decimal number.
+#
+# Very complex queries can be performed using these substitution strings,
+# especially for virtual hosting.
+
+# Query to execute in order to fetch the password
+
+MYSQLGetPW      SELECT Password FROM users WHERE User='\L'
+
+
+# Query to execute in order to fetch the system user name or uid
+MYSQLGetUID     SELECT Uid FROM users WHERE User='\L'
+
+
+# Optional : default UID - if set this overrides MYSQLGetUID
+
+#MYSQLDefaultUID 1000
+
+
+# Query to execute in order to fetch the system user group or gid
+
+MYSQLGetGID     SELECT Gid FROM users WHERE User='\L'
+
+
+# Optional : default GID - if set this overrides MYSQLGetGID
+
+#MYSQLDefaultGID 1000
+
+
+# Query to execute in order to fetch the home directory
+
+MYSQLGetDir     SELECT Dir FROM users WHERE User='\L'
+
+
+# Optional : query to get the maximal number of files 
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User='\L'
+
+
+# Optional : query to get the maximal disk usage (virtual quotas)
+# The number should be in Megabytes.
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# MySQLGetQTASZ  SELECT QuotaSize FROM users WHERE User='\L'
+
+
+# Optional : ratios. The server has to be compiled with ratio support.
+
+# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L'
+# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L'
+
+
+# Optional : bandwidth throttling.
+# The server has to be compiled with throttling support.
+# Values are in KB/s .
+
+# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\L'
+# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\L'
+
+
+# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
+# 1) You know what you are doing.
+# 2) Real and virtual users match.
+
+# MySQLForceTildeExpansion 1
+
+
+# If you're using a transactionnal storage engine, you can enable SQL
+# transactions to avoid races. Leave this commented if you are using the
+# traditional MyIsam engine.
+
+# MySQLTransactions On

EVSE/GPL/pure-ftpd-1.0.49/pureftpd-pgsql.conf

@@ -0,0 +1,110 @@
+
+###################################################
+#                                                 #
+# Sample Pure-FTPd PostgreSQL configuration file. #
+# See README.PGSQL for explanations.              #
+#                                                 #
+###################################################
+
+
+# If PostgreSQL listens to a TCP socket
+
+PGSQLServer     localhost
+PGSQLPort       5432 
+
+
+# *or* if PostgreSQL can only be reached through a local Unix socket
+
+# PGSQLServer     /tmp
+# PGSQLPort       .s.PGSQL.5432
+
+
+# Mandatory : user to bind the server as.
+
+PGSQLUser       postgres
+
+
+# Mandatory : user password. You *must* have a password.
+
+PGSQLPassword   rootpw
+
+
+# Mandatory : database to open.
+
+PGSQLDatabase   pureftpd
+
+
+# Mandatory : how passwords are stored
+# Valid values are : "cleartext", "argon2", "scrypt", "crypt", "md5", "sha1" and "any"
+
+PGSQLCrypt      scrypt
+
+
+# In the following directives, parts of the strings are replaced at
+# run-time before performing queries :
+#
+# \L is replaced by the login of the user trying to authenticate.
+# \I is replaced by the IP address the user connected to.
+# \P is replaced by the port number the user connected to.
+# \R is replaced by the IP address the user connected from.
+# \D is replaced by the remote IP address, as a long decimal number.
+#
+# Very complex queries can be performed using these substitution strings,
+# especially for virtual hosting.
+
+
+# Query to execute in order to fetch the password
+
+PGSQLGetPW      SELECT "Password" FROM users WHERE "User"='\L'
+
+
+# Query to execute in order to fetch the system user name or uid
+
+PGSQLGetUID     SELECT "Uid" FROM users WHERE "User"='\L'
+
+
+# Optional : default UID - if set this overrides PGSQLGetUID
+
+#PGSQLDefaultUID 1000
+
+
+# Query to execute in order to fetch the system user group or gid
+
+PGSQLGetGID     SELECT "Gid" FROM users WHERE "User"='\L'
+
+
+# Optional : default GID - if set this overrides PGSQLGetGID
+
+#PGSQLDefaultGID 1000
+
+
+# Query to execute in order to fetch the home directory
+
+PGSQLGetDir     SELECT "Dir" FROM users WHERE "User"='\L'
+
+
+# Optional : query to get the maximal number of files 
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# PGSQLGetQTAFS  SELECT "QuotaFiles" FROM users WHERE "User"='\L'
+
+
+# Optional : query to get the maximal disk usage (virtual quotas)
+# The number should be in Megabytes.
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# PGSQLGetQTASZ  SELECT "QuotaSize" FROM users WHERE "User"='\L'
+
+
+# Optional : ratios. The server has to be compiled with ratio support.
+
+# PGSQLGetRatioUL SELECT "ULRatio" FROM users WHERE "User"='\L'
+# PGSQLGetRatioDL SELECT "DLRatio" FROM users WHERE "User"='\L'
+
+
+# Optional : bandwidth throttling.
+# The server has to be compiled with throttling support.
+# Values are in KB/s .
+
+# PGSQLGetBandwidthUL SELECT "ULBandwidth" FROM users WHERE "User"='\L'
+# PGSQLGetBandwidthDL SELECT "DLBandwidth" FROM users WHERE "User"='\L'

EVSE/GPL/pure-ftpd-1.0.49/pureftpd.schema

@@ -0,0 +1,64 @@
+#
+# pureftpd.schema
+#
+# Pure-FTPd User LDAP Schema
+# See README.LDAP in the Pure-FTPd documentation for more information.
+#
+# Written by Ben Gertzfield <che =AT= debian -DOT- org>
+#
+
+## Pure-FTPd-related LDAP attributes
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
+        DESC 'Quota (in number of files) for an FTP user'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes'
+        DESC 'Quota (in megabytes) for an FTP user'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio'
+        DESC 'Ratio (compared with FTPRatioDown) for uploaded files'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio'
+        DESC 'Ratio (compared with FTPRatioUp) for downloaded files'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth'
+        DESC 'Bandwidth (in KB/s) to limit upload speeds to'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth'
+        DESC 'Bandwidth (in KB/s) to limit download speeds to'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus'
+        DESC 'Account status: enabled or disabled'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid'
+        DESC 'System uid (overrides uidNumber if present)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid'
+        DESC 'System uid (overrides gidNumber if present)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+## New Pure-FTPd object type
+
+objectclass ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser'
+        DESC 'PureFTPd user with optional quota, throttling and ratio'
+        SUP top AUXILIARY
+        MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ 
+              FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $
+              FTPuid $ FTPgid ) )

EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure-ftpd.conf

@@ -0,0 +1,459 @@
+
+############################################################
+#                                                          #
+#             Configuration file for pure-ftpd             #
+#                                                          #
+############################################################
+
+# If you want to run Pure-FTPd with this configuration
+# instead of command-line options, please run the
+# following command :
+#
+# ${exec_prefix}/sbin/sbin/pure-ftpd /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure-ftpd.conf
+#
+# Online documentation:
+# https://www.pureftpd.org/project/pure-ftpd/doc
+
+
+# Restrict users to their home directory
+
+ChrootEveryone               yes
+
+
+
+# If the previous option is set to "no", members of the following group
+# won't be restricted. Others will be. If you don't want chroot()ing anyone,
+# just comment out ChrootEveryone and TrustedGID.
+
+# TrustedGID                   100
+
+
+
+# Turn on compatibility hacks for broken clients
+
+BrokenClientsCompatibility   no
+
+
+
+# Maximum number of simultaneous users
+
+MaxClientsNumber             50
+
+
+
+# Run as a background process
+
+Daemonize                    yes
+
+
+
+# Maximum number of simultaneous clients with the same IP address
+
+MaxClientsPerIP              8
+
+
+
+# If you want to log all client commands, set this to "yes".
+# This directive can be specified twice to also log server responses.
+
+VerboseLog                   no
+
+
+
+# List dot-files even when the client doesn't send "-a".
+
+DisplayDotFiles              yes
+
+
+
+# Disallow authenticated users - Act only as a public FTP server.
+
+AnonymousOnly                no
+
+
+
+# Disallow anonymous connections. Only accept authenticated users.
+
+NoAnonymous                  no
+
+
+
+# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
+# The default facility is "ftp". "none" disables logging.
+
+SyslogFacility               ftp
+
+
+
+# Display fortune cookies
+
+# FortunesFile                 /usr/share/fortune/zippy
+
+
+
+# Don't resolve host names in log files. Recommended unless you trust
+# reverse host names, and don't care about DNS resolution being possibly slow.
+
+DontResolve                  yes
+
+
+
+# Maximum idle time in minutes (default = 15 minutes)
+
+MaxIdleTime                  15
+
+
+
+# LDAP configuration file (see README.LDAP)
+
+# LDAPConfigFile               /etc/pureftpd-ldap.conf
+
+
+
+# MySQL configuration file (see README.MySQL)
+
+# MySQLConfigFile              /etc/pureftpd-mysql.conf
+
+
+# PostgreSQL configuration file (see README.PGSQL)
+
+# PGSQLConfigFile              /etc/pureftpd-pgsql.conf
+
+
+# PureDB user database (see README.Virtual-Users)
+
+# PureDB                       /etc/pureftpd.pdb
+
+
+# Path to pure-authd socket (see README.Authentication-Modules)
+
+# ExtAuth                      /var/run/ftpd.sock
+
+
+
+# If you want to enable PAM authentication, uncomment the following line
+
+# PAMAuthentication            yes
+
+
+
+# If you want simple Unix (/etc/passwd) authentication, uncomment this
+
+# UnixAuthentication           yes
+
+
+
+# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
+# UnixAuthentication can be used specified once, but can be combined
+# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
+# the SQL server will be used first. If the SQL authentication fails because the
+# user wasn't found, a new attempt will be done using system authentication.
+# If the SQL authentication fails because the password didn't match, the
+# authentication chain stops here. Authentication methods are chained in
+# the order they are given.
+
+
+
+# 'ls' recursion limits. The first argument is the maximum number of
+# files to be displayed. The second one is the max subdirectories depth.
+
+LimitRecursion               10000 8
+
+
+
+# Are anonymous users allowed to create new directories?
+
+AnonymousCanCreateDirs       no
+
+
+
+# If the system load is greater than the given value, anonymous users
+# aren't allowed to download.
+
+MaxLoad                      4
+
+
+
+# Port range for passive connections - keep it as broad as possible.
+
+# PassivePortRange             30000 50000
+
+
+
+# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
+# Symbolic host names are also accepted for gateways with dynamic IP
+# addresses.
+
+# ForcePassiveIP               192.168.0.1
+
+
+
+# Upload/download ratio for anonymous users.
+
+# AnonymousRatio               1 10
+
+
+
+# Upload/download ratio for all users.
+# This directive supersedes the previous one.
+
+# UserRatio                    1 10
+
+
+
+# Disallow downloads of files owned by the "ftp" system user;
+# files that were uploaded but not validated by a local admin.
+
+AntiWarez                    yes
+
+
+
+# IP address/port to listen to (default=all IP addresses, port 21).
+
+# Bind                         127.0.0.1,21
+
+
+
+# Maximum bandwidth for anonymous users in KB/s
+
+# AnonymousBandwidth           8
+
+
+
+# Maximum bandwidth for *all* users (including anonymous) in KB/s
+# Use AnonymousBandwidth *or* UserBandwidth, not both.
+
+# UserBandwidth                8
+
+
+
+# File creation mask. <umask for files>:<umask for dirs> .
+# 177:077 if you feel paranoid.
+
+Umask                        133:022
+
+
+
+# Minimum UID for an authenticated user to log in.
+# For example, a value of 100 prevents all users whose user id is below
+# 100 from logging in. If you want "root" to be able to log in, use 0.
+
+MinUID                       100
+
+
+
+# Allow FXP transfers for authenticated users.
+
+AllowUserFXP                 no
+
+
+
+# Allow anonymous FXP for anonymous and non-anonymous users.
+
+AllowAnonymousFXP            no
+
+
+
+# Users can't delete/write files starting with a dot ('.')
+# even if they own them. But if TrustedGID is enabled, that group
+# will exceptionally have access to dot-files.
+
+ProhibitDotFilesWrite        no
+
+
+
+# Prohibit *reading* of files starting with a dot (.history, .ssh...)
+
+ProhibitDotFilesRead         no
+
+
+
+# Don't overwrite files. When a file whose name already exist is uploaded,
+# it gets automatically renamed to file.1, file.2, file.3, ...
+
+AutoRename                   no
+
+
+
+# Prevent anonymous users from uploading new files (no = upload is allowed)
+
+AnonymousCantUpload          no
+
+
+
+# Only connections to this specific IP address are allowed to be
+# non-anonymous. You can use this directive to open several public IPs for
+# anonymous FTP, and keep a private firewalled IP for remote administration.
+# You can also only allow a non-routable local IP (such as 10.x.x.x) for
+# authenticated users, and run a public anon-only FTP server on another IP.
+
+# TrustedIP                    10.1.1.1
+
+
+
+# To add the PID to log entries, uncomment the following line.
+
+# LogPID                       yes
+
+
+
+# Create an additional log file with transfers logged in a Apache-like format :
+# fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
+# This log file can then be processed by common HTTP traffic analyzers.
+
+# AltLog                       clf:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in a format optimized
+# for statistic reports.
+
+# AltLog                       stats:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in the standard W3C
+# format (compatible with many HTTP log analyzers)
+
+# AltLog                       w3c:/var/log/pureftpd.log
+
+
+
+# Disallow the CHMOD command. Users cannot change perms of their own files.
+
+# NoChmod                      yes
+
+
+
+# Allow users to resume/upload files, but *NOT* to delete them.
+
+# KeepAllFiles                 yes
+
+
+
+# Automatically create home directories if they are missing
+
+# CreateHomeDir                yes
+
+
+
+# Enable virtual quotas. The first value is the max number of files.
+# The second value is the maximum size, in megabytes.
+# So 1000:10 limits every user to 1000 files and 10 MB.
+
+# Quota                        1000:10
+
+
+
+# If your pure-ftpd has been compiled with standalone support, you can change
+# the location of the pid file. The default is /var/run/pure-ftpd.pid
+
+# PIDFile                      /var/run/pure-ftpd.pid
+
+
+
+# If your pure-ftpd has been compiled with pure-uploadscript support,
+# this will make pure-ftpd write info about new uploads to
+# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
+# spawn a script to handle the upload.
+# Don't enable this option if you don't actually use pure-uploadscript.
+
+# CallUploadScript             yes
+
+
+
+# This option is useful on servers where anonymous upload is
+# allowed. When the partition is more that percententage full,
+# new uploads are disallowed.
+
+MaxDiskUsage                   99
+
+
+
+# Set to 'yes' to prevent users from renaming files.
+
+# NoRename                     yes
+
+
+
+# Be 'customer proof': forbids common customer mistakes such as
+# 'chmod 0 public_html', that are valid, but can cause customers to
+# unintentionally shoot themselves in the foot.
+
+CustomerProof                yes
+
+
+
+# Per-user concurrency limits. Will only work if the FTP server has
+# been compiled with --with-peruserlimits.
+# Format is: <max sessions per user>:<max anonymous sessions>
+# For example, 3:20 means that an authenticated user can have up to 3 active
+# sessions, and that up to 20 anonymous sessions are allowed.
+
+# PerUserLimits                3:20
+
+
+
+# When a file is uploaded and there was already a previous version of the file
+# with the same name, the old file will neither get removed nor truncated.
+# The file will be stored under a temporary name and once the upload is
+# complete, it will be atomically renamed. For example, when a large PHP
+# script is being uploaded, the web server will keep serving the old version and
+# later switch to the new one as soon as the full file will have been
+# transferred. This option is incompatible with virtual quotas.
+
+# NoTruncate                   yes
+
+
+
+# This option accepts three values:
+# 0: disable SSL/TLS encryption layer (default).
+# 1: accept both cleartext and encrypted sessions.
+# 2: refuse connections that don't use the TLS security mechanism,
+#    including anonymous sessions.
+# Do _not_ uncomment this blindly. Double check that:
+# 1) The server has been compiled with TLS support (--with-tls),
+# 2) A valid certificate is in place,
+# 3) Only compatible clients will log in.
+
+# TLS                          1
+
+
+# Cipher suite for TLS sessions.
+# The default suite is secure and setting this property is usually
+# only required to *lower* the security to cope with legacy clients.
+# Prefix with -C: in order to require valid client certificates.
+# If -C: is used, make sure that clients' public keys are present on
+# the server.
+
+# TLSCipherSuite               HIGH
+
+
+
+# Certificate file, for TLS
+# The certificate itself and the keys can be bundled into the same
+# file or split into two files.
+# CertFile is for a cert+key bundle, CertFileAndKey for separate files.
+# Use only one of these.
+
+# CertFile                     /etc/ssl/private/pure-ftpd.pem
+# CertFileAndKey               "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"
+
+
+
+# Unix socket of the external certificate handler, for TLS
+
+# ExtCert                      /var/run/ftpd-certs.sock
+
+
+# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV4Only                     yes
+
+
+
+# Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV6Only                     yes

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/FAQ

@@ -0,0 +1,902 @@
+
+                         FREQUENTLY ASKED QUESTIONS
+                         
+             --------------------------------------------------
+
+
+* Users can delete root-owned files?
+
+-> I have a directory owned by 'john', but I've put some files owned by
+'root' (or another user) in it. However, I noticed that John can delete
+these files!
+
+Yes, this is the standard Unix behavior: the owner of a directory can do
+whatever he likes to do in his directory, regardless of who owns the file in
+it. If you want to have immutable files, check for such a feature in your
+operating system.
+
+For instance, on Linux filesystems, "chattr +i <file>" does the trick.
+On BSD systems, try "chflags schg <file>" .
+
+
+
+* Directories shared by multiple users.
+
+-> I have a "public" directory. All users can download and upload files
+from/to this directory. Permissions are 777 on it. But user 'john' can
+delete files owned by user 'joe'. How to prevent this?
+
+Put the sticky bit on that directory: chmod 1777 public. That way, the
+directory remains public (read/write), but people can only delete files they
+own.
+
+
+
+* Restricting directory visibility.
+
+-> I want that people only see their home directory and their own files. I
+don't want them to look at my systems files.
+
+This feature is called "chroot". You can enable this by running pure-ftpd
+with the "-A" switch to do this with ALL your users (but root) .
+
+You can alternatively use "-a <gid>" to have a "trusted group". Everyone
+will be caged, EXCEPT members of that group.
+
+Don't use -a <gid> and -A together.
+
+Another way is to selectively choose what users you want to chroot. This can
+be done with the /./ trick (see the README file about this) or with virtual
+users.
+
+
+
+* Shared directories and chroot.
+
+-> I have a directory, say /var/incoming, that I want to be shared by every
+user. But I want my users to be chrooted. So /var/incoming should be visible
+in 'joe' and 'john' accounts, but those are chrooted. So, how to have the
+content of /var/incoming visible in these accounts?
+
+Making a symbolic link won't work, because when you are chrooted, it means
+that everything outside a base directory (your user's home directory) won't
+be reachable, even though a symbolic link.
+
+But all modern operating systems can mount local directories to several
+locations. To have an exact duplicate of your /var/incoming directory
+available in /home/john/incoming and /home/joe/incoming, use one of these
+commands:
+
+* Linux   : mount --bind /var/incoming /home/john/incoming
+            mount --bind /var/incoming /home/joe/incoming
+
+* Solaris : mount -F lofs /var/incoming /home/john/incoming
+            mount -F lofs /var/incoming /home/joe/incoming
+
+* FreeBSD : mount_null /var/incoming /home/john/incoming
+            mount_null /var/incoming /home/joe/incoming
+
+Another alternative is to compile Pure-FTPd with --with-virtualchroot as a
+./configure option. With virtual chroot, symbolic links pointing outside a
+chroot jail *are* followed.
+
+Binary packages are compiled with this feature turned on.
+
+
+* Tar and/or gzip on the fly
+
+-> Is it possible to use a command like "get directory.tar" as with Wu-FTPd
+? (Sven Goldt)
+
+Unfortunately, no. Server-side gzip/tar creation is not a present nor a
+planned feature. It has been responsible of severe security flaws in Wu-ftpd
+and BSD ftpd, it can take a lot of server resource (denial-of-service) and
+it's a pain to set up (chrooted environment => need to add /etc /lib /bin
+directories, /dev on some platforms, etc) .
+
+
+
+* How to restrict access to dot files ?
+
+-> Is there an option to prevent people from accessing "." files/dirs (such
+as .bash_history, .profile, .ssh ...) EVEN if they are owned by the user ?
+(William Kern)
+
+Yes. '-x' (--prohibitdotfileswrite) denies write/delete/chmod/rename of
+dot-files, even if they are owned by the user. They can be listed, though,
+because security through obscurity is dumb and software shouldn't lie to
+you. But users can't change the content of these files.
+
+Alternatively, you can use '-X' (--prohibitdotfilesread) to also prevent
+users from READING these files and going into directories that begin with
+"." .
+
+
+
+* Log files
+
+-> Where does logging info go ? How to redirect it to a specific file ? How
+to suppress logging ?
+
+Log messages are sent to the syslog daemon. The syslog daemon is often
+called syslogd or syslog-ng. He's in charge of dispatching logging events
+from various programs to log files, according to a "facility" (category) and
+a "priority" (urgency: debug, info, warning, error, critical...) .
+
+Pure-FTPd logging messages are send with the "ftp" facility by default (or
+"local2" on some older systems without the "ftp" facility) . Unless you told
+the syslogd to redirect messages with the "ftp" facility to a specific file,
+the messages will be merged into /var/adm/messages, /var/log/messages,
+/var/adm/syslog or /var/log/syslog.
+
+Check /etc/syslogd.conf. You should have a line like:
+
+*.*;mail.none;news.none -/var/log/messages
+
+just add ftp.none:
+
+*.*;ftp.none;mail.none.news.none -/var/log/messages
+
+And if you want FTP info go in a specific file, just add:
+
+ftp.* /var/log/ftp
+
+and all FTP messages will go in /var/log/ftp . And only there.
+
+The facility can be changed if you add the -f <facility> option to pure-ftpd
+(or --facility=<facility>) .
+To completely disable logging, use -f none (or --facility=none) . If you
+don't read your log files, it's recommended: it will improve performance
+and reduce disk I/O.
+
+
+
+* How to prevent your partitions to be filled
+
+-> Is it possible to forbid new uploads when the disk is almost full ?
+(Cyberic)
+
+Use the "-k" (--maxdiskusagepct) flag. If you add -k 95 , no new upload can
+occur if your partition if more than 95% full.
+
+
+
+* Firewalling
+
+-> My FTP server is behind a firewall. What ports should I open?
+
+First, you have to open port 21 TO the FTP server. You also have to allow
+connections FROM (not to) ports <= 20 (of the FTP server) to everywhere.
+That's enough to handle the "active" mode. But that's not enough to handle all
+types of clients. Most clients will use another mode to transmit data called
+'passive' mode. It's a bit more secure than 'active' mode, but you need to
+open more ports on your firewall to have it work.
+
+So, open some ports TO the FTP server. These ports should be > 1023. It's
+recommended to use at least twice the max number of clients you are
+expecting. So, if you accept 200 concurrent sessions, opening ports 50000 to
+50400 is ok.
+
+Then, run pure-ftpd with the '-p' switch followed by the range configured in
+your firewall. Example: /usr/local/sbin/pure-ftpd -p 50000:50400 &
+
+Unlike some popular belief, the MORE opened ports you have for passive FTP,
+the MORE your FTP server will be secure, because the LESS you are vulnerable
+to data hijacking.
+
+If your firewall also does network translation (NAT), you have to enable
+port forwarding for all passive ports.
+
+On the client side, if a client if behind a firewall, that firewall must
+understand the FTP protocol. On Linux firewalls (iptables), just load
+the ip_conntrack_ftp and ip_nat_ftp modules. On OpenBSD, ISOS and
+FreeBSD 5 firewalls (PF), redirect all traffic to port 21, to ftp-proxy.
+
+
+
+* Unable to log in (unix authentication)
+
+-> I'm using simple Unix authentication. No PAM, no puredb, no MySQL, no
+LDAP. Anonymous FTP works, but I can't log in as any other user. It keeps
+saying "authentication failed".
+
+To log in, the shell assigned to your users must be listed in the
+/etc/shells file. The exact path should be there, even for fake shells like
+/etc or /bin/true.
+
+Also double check that you have a carriage return after the last line in
+/etc/shells.
+
+
+
+* Network filesystems.
+
+-> I have a strange problem on Linux or FreeBSD. Uploading a file works
+fine, but downloading a file only create 0-byte files. On the server, these
+files are on NFS/Novell shares/Appletalk shares/Coda/Intermezzo/SMB volumes.
+
+By default, pure-ftpd uses zero-copy networking in order to increase
+throughput and reduce the CPU load. But zero-copy doesn't work with all
+filesystems, especially network filesystems.
+
+You have to disable zero-copy if you want to serve files from a network FS
+or from a TMPFS virtual disk.
+
+To disable zero-copy, recompile pure-ftpd with ./configure --without-sendfile
+
+
+
+* Solaris and chroot.
+
+-> When I ftp to my Solaris server, I get this as an answer to 'ls':
+"425 Can't create the data socket: Bad file number."
+
+On Solaris, to get chroot to work with pure-ftpd you need a dev directory
+in your new rootdir with these:
+
+crw-rw-rw-   1 root     other     11, 42 Dec 10 15:02 tcp
+crw-rw-rw-   1 root     other    105,  1 Dec 10 15:02 ticotsord
+crw-rw-rw-   1 root     other     11, 41 Dec 10 15:03 udp
+crw-rw-rw-   1 root     other     13, 12 Dec 10 15:03 zero
+
+(Reported by Kenneth Stailey)
+
+
+
+* Upgrading.
+
+-> Can anyone explain how to update Pureftpd (from source), without having
+to change all my settings etc. (Simon H)
+
+1) get the source code and unpack it. 
+2) ./configure it with your favorite options 
+3) make 
+4) rm -f /usr/local/sbin/pure-ftpd 
+5) make install-strip 
+6) if you run pure-ftpd from inetd,tcpserver,xinetd, etc: nothing left to do. You have it upgraded. 
+7) if you run it standalone, stop the server: 
+                     kill $(cat /var/run/pure-ftpd.pid)
+then launch it again: 
+                         /usr/local/sbin/pure-ftpd &
+                         
+
+
+* FTP over SSH.
+
+-> How to run Pure-FTPd over SSH? I want to encrypt all connection data
+(including passwords) .
+
+FTP-over-SSH is a nice alternative over FTP-over-TLS (impossible to securely
+firewall) and SFTP (which is slower, but only uses one port) .
+
+Customers using Windows can use FTP-over-SSH with the excellent Van Dyke's
+SecureFX client (http://www.vandyke.com) . It doesn't require any special
+knowledge: just tell your customer to check "FTP-over-SSH2" in the
+"Protocol" listbox when creating an account for your FTP server.
+
+On the server side, here's how to manage FTP-over-SSH accounts:
+
+1) Add /usr/bin/false to your /etc/shells file (on some systems, it's
+/bin/false) .
+
+2) To create a FTP-over-SSH account, create a system account with /dev/null
+as a home directory and /usr/bin/false as a shell. You don't need a
+dedicated uid: the same uid can be reused for every FTP-over-SSH account.
+
+3) Create a virtual user account for that user (either with PureDB, SQL or
+LDAP) . Give that virtual user a real home directory and only allow
+connections coming from 127.0.0.1 (all FTP-over-SSH sessions will come from
+localhost, due to SSH tunneling) .
+
+People with no home directory (/dev/null) and no valid shell
+(/usr/bin/false) won't be able to get a shell nor to run any command on your
+server. But they will be granted FTP-over-SSH sessions.
+
+Here are examples (Linux/OpenBSD/ISOS commands, translate them if necessary) .
+
+1) Creating a regular FTP account:
+
+pure-pw useradd customer1 -m -d /home/customer1 -u ftpuser
+
+2) Creating a FTP-over-SSH account (non-encrypted sessions are denied):
+
+useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer2
+pure-pw useradd customer2 -m -d /home/customer2 -u ftpuser -r 127.0.0.1/32
+
+3) Creating an account who can use regular (unencrypted) FTP from the
+internal network (192.168.1.x), but who must use FTP-over-SSH when coming
+from an external network (internet):
+
+useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer3
+pure-pw useradd customer3 -m -d /home/customer3 -u ftpuser \
+        -r 127.0.0.1/32,192.168.1.0/24
+
+
+
+* Virtual users: /etc/pureftpd.pdb .
+
+-> I made changes to /etc/pureftpd.passwd but the server doesn't understand
+them: I can't access any account I just created.
+
+The server never reads /etc/pureftpd.passwd directly. Instead, it reads
+/etc/pureftpd.pdb (or whatever file name you gave after -lpuredb:...) .
+
+This file is a copy of /etc/pureftpd.passwd, but in a binary format,
+optimized for fast lookups.
+
+After having made a manual change to /etc/pureftpd.passwd, you must rebuild
+/etc/pureftpd.pdb with the following commands:
+
+pure-pw mkdb
+
+If you add/delete/modify user accounts with pure-pw useradd/usermod/userdel/
+passwd, don't forget the '-m' option to automatically rebuild
+/etc/pureftpd.pdb and not only update /etc/pureftpd.passwd .
+
+
+
+* Giving access to dot-files.
+
+-> I don't want my users to read files beginning with a dot. Except one file
+I'd like to give 'John' read (and maybe write) access to.
+
+Create a symbolic link in John's account, pointing to the dot-file. Example:
+
+ln -s .bashrc bashrc
+
+John will be able to access ".bashrc" through the symbolic link, "bashrc".
+
+
+
+* Initial banner.
+
+-> How do I display a customized message before the login prompt?
+
+Compile with --with-cookie and run the server with -F <file name> . In that
+file, put a nice customized banner message.
+
+
+
+* Internet Explorer.
+
+-> Internet Explorer doesn't show any login box.
+
+IE does a very strange trick to detect whether an FTP server does accept
+anonymous connections or not. Basically, it connects to the server and logs
+in as 'anonymous'. But if you say 'no' at this point, it drops the
+connections with an error. You have to say 'ok, anonymous users are
+allowed' and then, when a dummy password ('IE@') is sent, you say 'ah
+ehm... finally... no... anonymous users aren't allowed' . Silly. To play
+that game, you must run pure-ftpd with the -E (non-anonymous server) and -b
+(compatibility with broken clients) flags. Then, the magic popup will show
+up. But please note that IE (and browsers at large) are usually bad FTP
+clients.
+
+-> Internet Explorer doesn't want to log in. (Matthew Enger)
+
+Check that the max number of connections (either per user or per IP) is at
+least 2. IE needs two connections to connect to an FTP server.
+
+
+
+* Passwords and pure-pw scripting.
+
+-> I would like to create virtual users with a shell-script.  if i us
+pure-pw useradd ..... it always asks for the new password. is there any
+command-line option which tells pure-pw the password (like useradd ftp-user
+ftp-password -m) ? (at1ce) .
+
+Giving cleartext (and badly one-way hashed) passwords through command-line
+switches is a bad idea. Because users could issue a simple 'ps' command and
+discover these passwords.
+
+One way to enter a password (not from the keyboard) is to put the password
+twice in a temporary file, then redirect that file to stdin. Example:
+
+pure-pw useradd john -d /tmp/john -u ftpuser -m < ~/tmp/passfile
+
+And in ~/tmp/passfile, have something like:
+
+john's password
+john's password
+
+If you really need to avoid a temporary file and if nobody but you can log
+on the machine, you can always do this:
+
+(echo blahblah; echo blahblah) | pure-pw useradd john -d /tmp/john -u ftpuser
+
+
+
+* Altlog and pure-uploadscript don't work.
+
+-> pure-uploadscript doesn't run anything. Alternative logging methods (CLF,
+stats, W3C...) create a logfile, but it always stays empty.
+
+Maybe your operating system has a buggy realpath() implementation. Some
+old Solaris and Linux versions are known to have such a bug.
+Try to recompile pure-ftpd, but run ./configure with the --with-brokenrealpath
+switch first.
+
+
+
+* The server starts, but doesn't listen to any port?
+
+-> The server is properly running, I see it in the process list, but any try
+to connect to the configured port (or port 21 by default) fails. The socket
+isn't even open.
+
+Check two things :
+
+- If you are running a BSD system and you want to listen to IPv4 addresses,
+check that the "-4" switch ("IPV4Only" in config file) is enabled.
+
+- If you upload script are enabled ("-o", or "CallUploadScript"), make sure
+that the pure-uploadscript is started. Or the FTP server will actually wait
+until pure-uploadscript is actually ready to process new uploads. If you don't
+need the uploadscript facility, remove "-o".
+
+
+
+* Double slash.
+
+-> Why do I see double slashes in log files? For instance, the path of a
+downloaded file looks like /home/john//pictures/zok.jpg .
+
+'//' is a symbol for the limit of the chroot jail. In that example, it means
+that John is caged in /home/john/ .
+
+
+
+* ftpwho as a non-root user.
+
+-> How do I give access to the 'pure-ftpwho' command to non-root users?
+
+The 'pure-ftpwho' command is restricted to root by default, because users
+probably shouldn't be given the ability to spy what other users are doing on
+the same host. However, it's safe to put the setuid bit on that command, in
+order to have it work as any user:
+
+                   chmod 4711 /usr/local/sbin/pure-ftpwho
+
+
+
+* Changing bandwidth throttling on-the-fly.
+
+-> Is it possible to change the bandwidth allocated to a user during a
+transfer, so that the change takes place immediately?
+
+Unfortunately, no. Or at least not at pure-ftpd level. Doing so would need
+to re-read user's parameters all the time and it would be horribly slow.
+Other mechanisms would work, like signals to interrupt transfers, re-read
+parameters, then resume. But it would introduce a lot of complexity to the
+code.
+
+If you're using a modern operating system like OpenBSD, ISOS or Linux,
+your kernel already includes a fair TCP/IP traffic shaper. And because it
+works at kernel-level, you can easily change the bandwidth allowed to IPs or
+services on-the-fly. Have a look at pf.conf(5) OpenBSD, ISOS and FreeBSD 5,
+and at tc (or read the Linux networking HOWTO) on Linux.
+Also see the 'Global bandwidth limitation' section later in this document.
+
+
+
+* KERBEROS_V4 rejected as an authentication type.
+
+-> It works and I can log in, but I receive these strange error messages at
+log in, even in a non-chrooted environment: 
+
+220 FTP server ready. 
+502 Security extensions not implemented 
+502 Security extensions not implemented 
+KERBEROS_V4 rejected as an authentication type 
+
+Why and what do they mean?
+
+This is a Linux-specific instllation issue. It means that your command-line
+FTP client isn't a normal one, but a Kerberos FTP client. You probably
+installed RPMs for Kerberos, although you don't use it.  These messages are
+harmless as Kerberos clients will fallback to normal FTP (after these
+errors), but you just have to deinstall Kerberos on your client host to have
+'ftp' work without these messages.
+
+
+
+* Wrong group ownership.
+
+-> I have a user called 'john' whose group is 'johngroup'. When John
+uploads a file, that one belongs to 'john', but to another group like
+'wheel' (whose John isn't a member of). What's wrong?
+
+This is a BSD standard behavior (verified on OpenBSD, ISOS, DragonflyBSD and
+FreeBSD): when a new file is created, the group is inherited from the parent
+directory. On other systems (like GNU/Linux), files are owned by the primary
+group of the user, unless the directory has the setgid bit set.
+
+If you want new files uploaded in John's directory to belong to group
+'johngroup', have that directory (and probably also subdirectories) belong
+to 'johngroup':
+
+chgrp -R johngroup /home/john
+
+
+
+* Compilation with MySQL.
+
+-> I can't compile with MySQL. ./configure says that MySQL libraries aren't
+properly installed.
+
+The libmysqlclient.so file should be in a path known by your dynamic linker.
+For instance, on a GNU/Linux system, add the path to libmysqlclient.so file
+(only the path, not the file itself) to /etc/ld.so.conf . Then, run
+'ldconfig' .
+
+
+
+* "Sorry, I can't trust you".
+
+-> When a user tries to log in, he gets "Sorry, I can't trust you". But his
+login/password pair is right. What wrong?
+
+That message can means two things:
+
+- The user has a shell that isn't listed in /etc/shells. You must add it,
+even if it's a fake shell like /bin/false . Also make sure that you have a
+carriage return after the last entry in /etc/shells.
+
+- You are using the -u <uid> option to deny access to users whose uid is
+below <uid> . But the user you are trying to log in as, has an uid in the
+forbidden range.
+
+
+
+* Customer-friendly configuration.
+
+-> What switches do you recommend to start the server, for an hosting service?
+
+Here's a good start:
+
+--chrooteveryone \
+--maxclientsperip=5 \
+--displaydotfiles \
+--noanonymous \
+--minuid=100 \
+--umask=022:022 \
+--limitrecursion=10000:3 \
+--customerproof
+
+
+
+* Anonymous FTP with virtual users.
+
+-> I successfully created a virtual user called 'ftp' or 'anonymous', but
+anonymous FTP doesn't work.
+
+Pure-FTPd never fetch any info from the virtual users backends (puredb,
+MySQL, LDAP, etc) for anonymous sessions. There are three reasons not to do
+so: - Speed: do we need to query a database just to get the anonymous
+user's home directory? We don't need to retrieve any password for anonymous
+sessions.
+     - Consistency: with the virtual hosting mechanism.
+
+To run an anonymous FTP server you must have a *system* account called
+'ftp'. Don't give it any valid shell, just a home directory. That home
+directory is the anonymous area.
+
+
+
+* A basic setup.
+
+-> I'm trying to set up a ftp server just for me and my family so we can get
+and upload files when on the road. How can I make two users, say Jane and
+Joe, who share the directory /home/ftp and /home/ftp/incoming. In /home/ftp
+they only have read privs. and in /home/ftp/incoming they have read and
+write privs.
+
+Add a group for all FTP users (not mandatory, but more secure):
+
+groupadd ftpgroup
+
+Add an uid for all FTP users (idem, not mandatory, but better):
+
+useradd -g ftpgroup -d /dev/null -s /etc ftpuser
+
+Now, let's create /home/ftp and /home/ftp/incoming:
+
+mkdir -p /home/ftp/incoming
+chown -R root:ftpgroup /home/ftp/incoming
+chmod -R 755 /home/ftp
+chmod -R 1775 /home/ftp/incoming
+
+Let's add Jane:
+
+pure-pw useradd jane -m -u ftpuser -d /home/ftp
+
+Let's add Joe:
+
+pure-pw useradd joe -m -u ftpuser -d /home/ftp
+
+Let's start the FTP server:
+
+/usr/local/sbin/pure-ftpd -lpuredb:/etc/pureftpd.pdb -H -B
+
+Everything should be ok now.
+
+For more info about how to create new users, change passwords, etc.:
+http://www.pureftpd.org/README.Virtual-Users
+
+
+
+
+* Slow pure-ftpwho or slow login.
+
+-> Sometimes, pure-ftpwho is slow to show the result. And sometimes, when an
+user logs in, the session stucks a bit before he can get a directory listing.
+
+This is probably caused by a slow DNS resolver. In order to display full
+host names, pure-ftpd has indeed to make DNS queries that can be slow if you
+link is slow, or if the client link is slow.
+
+You can speed up pure-ftpwho and pure-ftpd with the -H switch. Names won't
+be resolved, you will see IP addresses instead.
+
+
+
+* Chrooted users can follow symlinks outside the chroot jail?
+
+-> People can create symbolic links to '/' and escape their home directory!
+
+There are two chroot implementations in pure-ftpd:
+
+  - The traditional one, based upon your kernel chroot() system call. This
+is the default. With that one, symbolic links can only point inside the
+chroot jail, or they won't be followed.
+
+  - The 'virtual chroot' implementation. With that feature, users *can*
+follow all symbolic links, even when they don't point inside the jail. This
+is very handy to set up directories shared by multiple users. Binary
+packages are compiled with virtual chroot by default.
+
+To enable the virtual chroot feature when you are compiling the server, use
+the --with-virtualchroot with ./configure . If you want a restricted chroot,
+don't include --with-virtualchroot.
+
+Please note that the FTP server will never let people create new symbolic
+links. Symbolic links have to be already there to be followed. Or if your
+users can create symbolic links through Perl or PHP scripts, your hosting
+platform is really badly configured. People can install any web file
+browser, they don't need FTP to look at your system files. Recompile PHP
+without POSIX functions and run all Perl scripts chrooted.
+
+
+
+* How to start Pure-FTPd in background.
+
+-> I start 'pure-ftpd' from an X terminal and the server properly
+answers. However, as soon as I close the terminal, the server stops.
+
+This is a shell dependent issue. Your shell is configured to close all
+background jobs when leaving. You can change your shell options
+(probably with a 'set' directive) or detach background jobs with the
+'disown' keyword. Alternatively, you can just start pure-ftpd with the
+-B switch in order to have it detach at startup time:
+
+/usr/local/sbin/pure-ftpd -B
+
+
+
+* Windows command-line FTP client and 'ls'.
+
+-> With the command-line Windows FTP client, 'ls -la' doesn't return
+any file.
+
+The 'ls' command of an FTP client has nothing to do with the 'ls' command
+started from an Unix shell.
+
+With the command-line Windows client, typing 'ls' really sends the FTP
+command 'NLST'. So when you type 'ls -la', it doesn't mean 'verbosely
+list all files'. According to RFCs, it means 'list the file called -la' .
+So you get what you asked for. If no file is called '-la', you get nothing.
+
+If you want to play with regular expressions and switches, you should
+type 'dir' (which is translated to 'LIST') instead. 'dir -la' is ok.
+
+This is a bit illogical and that brain damage is specific to
+Microsoft's command-line FTP client.
+
+If you really want 'ls' to parse options, you can start pure-ftpd with
+the -b (broken) switch.
+
+
+
+* Global bandwidth limitation.
+
+-> How do I limit the *total* bandwidth for FTP?
+
+Pure-FTPd can limit bandwidth usage of every session. But limiting the total
+bandwidth is intentionally not implemented, because most operating systems
+already have very efficient algorithms to handle bandwidth throttling.
+
+Here's an example with Linux.
+
+1) Have a look at /proc/sys/net/ipv4/ip_local_port_range. You will see two
+numbers: this is the interval of local ports your Linux kernel will use for
+regular outgoing connections. The FTP ports you have to reserve for passive
+FTP must *not* be in this range. So if:
+"cat /proc/sys/net/ipv4/ip_local_port_range" returns "32768-61000", you can
+reserve ports 10000 to 20000 for your FTP server, but not 30000 to 40000.
+(alternatively, you can change the local port range) .
+
+2) Change the first lines and save the following script:
+
+  ---------------------------- Cut here ----------------------------
+  
+#! /bin/sh
+# Simple bandwidth limiter - <j at pureftpd.org>
+
+# Change this to your link bandwidth
+# (for cable modem, DSL links, etc. put the maximal bandwidth you can
+# get, not the speed of a local Ethernet link)
+REAL_BW='10Mbit'
+
+# Change this to the bandwidth you want to allocate to FTP.
+# We're talking about megabits, not megabytes, so 80Kbit is
+# 10 Kilobytes/s
+FTP_BW='80Kbit'
+
+# Change this to your physical network device (or 'ppp0')
+NIC='eth0'
+
+# Change this to the ports you assigned for passive FTP
+FTP_PORT_LOW="10000"
+FTP_PORT_HIGH="20000"
+
+tc qdisc add dev "$NIC" root handle 1: cbq \
+bandwidth "$REAL_BW" avpkt 1000
+
+tc class add dev "$NIC" parent 1: classid 1:1 cbq bandwidth "$REAL_BW" \
+rate "$REAL_BW" maxburst 5 avpkt 1000
+
+tc class add dev "$NIC" parent 1:1 classid 1:10 cbq \
+bandwidth "$REAL_BW" rate "$FTP_BW" maxburst 5 avpkt 1000 bounded
+
+tc qdisc add dev "$NIC" parent 1:10 sfq quantum 1514b
+
+tc filter add dev "$NIC" parent 1: protocol ip handle 1 fw flowid 1:10
+
+iptables -t mangle -A OUTPUT -p tcp --sport 20:21 -j MARK --set-mark 1
+
+iptables -t mangle -A OUTPUT -p tcp \
+--sport "$FTP_PORT_LOW":"$FTP_PORT_HIGH" -j MARK --set-mark 1
+
+  ---------------------------- Cut here ----------------------------
+  
+3) Make sure that you have the 'tc' command installed. If your Linux distro
+doesn't ship 'ip' and 'tc' commands, it really sucks and you must install a
+package called 'iproute2' to get them.
+
+4) Start Pure-FTPd with the passive port range you assigned:
+
+/usr/local/sbin/pure-ftpd -p 10000:20000 -HBA
+
+5) Run the script you created in step 2. It it doesn't work, check that QOS
+support was compiled in your Linux kernel.
+
+6) Enjoy :)
+
+Also have a look at :
+http://www.docum.org
+http://www.shorewall.net/traffic_shaping.htm and
+http://talk.trekweb.com/~jasonb/articles/linux_tc_minihowto.shtml
+
+
+* Linux, NTFS and Pure-FTPd.
+
+-> On Linux, I can't transfer files from an NTFS partition.
+
+Keep in mind that the NTFS filesystem is still an experimental beast in
+Linux. Some basic operations are not implemented yet. Fortunately, a big
+effort is being made and Linux 2.5 has a new NTFS implementation that fully
+works with Pure-FTPd (try ./configure --without-sendfile, though) . And it
+is more reliable and really faster than the old one. And even more
+fortunately, the new NTFS implementation has been backported to recent 2.4.x
+kernels. Have a look at http://linux-ntfs.sf.net/ .
+
+
+
+* Slowdowns and lags.
+
+-> Some users complains that transferring large files doesn't work. Transfers
+are starting as expected, with a decent rate. But then, the speed dramatically
+decreases, there are some serious lags and they often must disconnect (or the
+client force them to do it, after a timeout) . The server is behind a firewall
+that filters incoming ICMP, but let FTP ports in.
+
+Don't, don't, don't filter ICMP. At least not blindly without understanding
+what you are filtering. ICMP is part of the TCP/IP specifications. Filtering
+it can have nasty side effects with no real win. If you even filter ICMP types
+3 and 4, your firewall is definitely broken and this is probably why you have
+such troubles with transfers of large files.
+
+Please read these documents about ICMP filtering :
+http://www.phildev.net/mss/index.html
+http://alive.znep.com/~marcs/mtu/
+http://www.freelabs.com/~whitis/isp_mistakes.html
+
+Also some hardware routers don't properly handle window scaling. Try
+to turn it off, for instance on Linux:
+sysctl -w net.ipv4.tcp_window_scaling=0
+sysctl -w net.ipv4.tcp_bic=0
+
+
+
+* Firewalls and TLS.
+
+-> My client is behind a stateful firewall doing applicative filtering (like
+IPTables with ip_conntrack_ftp or ip_nat_ftp) . Connections to an TLS
+enabled server doesn't work. Authentication works, but I'm unable to download
+files nor list directories.
+
+First, try to force your client to use the passive mode. In active mode, the
+server has to connect to the client (or the NAT gateway) on a dynamic port
+that is negotiated on the connection socket. But when TLS is used, that
+connection socket is encrypted, therefore no man-in-the middle can see what
+ports will be used to transfer data, including the firewall. There are some
+proposals to work around this problem, but neither popular clients nor common
+firewalls are aware of these tricks. Therefore, use the passive mode or switch
+to SSH.
+
+
+
+* TLS and error 00000000.
+
+-> My TLS-enabled client doesn't work. It outputs something like :
+"SSL connect: error:00000000:lib(0):func(0):reason(0)". What does it mean?
+
+This error is not very explicit. You get it from some Unix clients like LFTP.
+It actually means that there is a firewall or a NAT box between a TLS-enabled
+server and a TLS-enabled client, but that firewall is unable to handle
+encrypted FTP sessions. Unfortunately, there's no simple workaround against
+this. Try to switch your client to active mode and use 1:1 NAT, but TLS,
+firewalls and FTP don't mix very well.
+
+
+
+* Slow TLS operations.
+
+-> When clients connect with TLS encryption, listing directories and
+downloading files are slow operations. Nothing happens after a command is
+sent, things only start moving after a 5 secondes delay.
+
+Check the host name of your certificate. It should be a fully-qualified host
+name and if possible, it shouldn't be a CNAME entry.
+
+Also check your DNS cache servers.
+
+
+
+* Files getting renamed automatically
+(submitted by C. Jon Larsen)
+
+-> Sometimes when files get uploaded they are getting renamed to something
+like "pureftpd.3f3300d2.33.0001". What is causing this ?
+
+The ftp client that is being used to upload the files is using the STOU (Store
+Unique) FTP command instead of the STOR FTP command. If you check the ftp
+logfile you should see something like this in the logs:
+
+(user@a.b.c.d) [DEBUG] Command [stou] [file_name_from_the_client.ext]
+/var/ftp/ftpcustomer/pureftpd.3f3300d2.33.0001 uploaded (218168 bytes,
+127.79KB/sec)
+
+The STOU command tells the ftp client to begin the transmission of the file to
+the remote site; the remote filename picked by the ftp server will be unique
+within in the current directory that the ftp client is using. The response
+from the server will include the filename.
+
+The ftp client has an option like "create unique files" or "upload file with a
+temporary name" enabled. You should have the ftp user uncheck this option.
+
+Trying to disable the STOU command on the server side is not a good idea or
+solution as some ftp clients will use STOU to upload a file with the
+temporary, unique name, and then rename the file once the upload is complete.
+This helps prevent failed uploads from leaving partial files around.

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.Authentication-Modules

@@ -0,0 +1,150 @@
+
+
+  ------------------------ AUTHENTICATION MODULES ------------------------
+
+
+Anybody can add new custom authentication methods to Pure-FTPd without
+recompiling anything, using "authentication modules".
+
+To enable it, you must ./configure with --with-extauth, or
+--with-everything. Linux binary packages have it enabled by default.
+
+Here's how they work:
+
+1) A client connects to the FTP server and issues a login/password pair.
+
+2) The FTP server connects to a local separate daemon, called 'pure-authd'.
+Data transmitted to that daemon is: user's login, user's password, the IP
+address that user connected to, the local port that user connected to and
+the user's remote IP address.
+
+3) pure-authd spawns an authentication program. It can be anything,
+including a shell script. The program is given the collected info (login,
+password, IP addresses, etc) as environment variables.
+
+4) The authentication program replies (to the standard output) with the
+user's home directory, quota, ratio, bandwidth and if authentication was
+successful or not.
+
+5) pure-authd relays this info to pure-ftpd.
+
+This method is a bit slower than built-in authentication methods. But it's
+very flexible as anyone can easily write his own authentication programs.
+And they can run non-root, chrooted, with limited capabilities, etc.
+
+Communication between pure-ftpd and pure-authd is done through a local Unix
+socket. It's recommended to put that socket in a directory where non-trusted
+users have no write access to.
+
+Authentication programs can read the following environment variables to get
+info about the user trying to authenticate:
+
+AUTHD_ACCOUNT
+AUTHD_PASSWORD
+AUTHD_LOCAL_IP
+AUTHD_LOCAL_PORT
+AUTHD_REMOTE_IP
+AUTHD_ENCRYPTED
+AUTHD_CLIENT_SNI_NAME
+
+They are self-explanatory. Previous global environment variables aren't
+cleared when the script is called. The content of these variables is
+_not_ quoted. They may contain special characters. They are under the
+control of a possibly malicious remote user.
+
+The program must respond on the standard output with lines like:
+
+auth_ok:1
+uid:42
+gid:21
+dir:/home/j
+end
+
+Note the final 'end' keyword. It's mandatory.
+
+Here's the list of recognized tokens ('xxx' has of course to be filled):
+
+* auth_ok:xxx
+
+If xxx is 0, the user was not found (the next authentication method passed
+to pure\-ftpd will be tried) . If xxx is \-1, the user was found, but there
+was a fatal authentication error: user is root, password is wrong, account
+has expired, etc (next authentication methods will not be tried) . If xxx is
+1, the user was found and successfully authenticated.
+ 
+* uid:xxx
+
+The system uid to be assigned to that user. Must be > 0.
+ 
+* gid:xxx
+
+The primary system gid. Must be > 0.
+ 
+* dir:xxx
+
+The absolute path to the home directory. Can contain /./ for a chroot jail.
+ 
+*slow_tilde_expansion:xxx (optional, default is 1)
+
+When the command 'cd ~user' is issued, it's handy to go to that user's home
+directory, as expected in a shell environment. But fetching account info can
+be an expensive operation for non-system accounts. If xxx is 0, 'cd ~user'
+will expand to the system user home directory. If xxx is 1, 'cd ~user' won't
+expand. You should use 1 in most cases with external authentication, when
+your FTP users don't match system users. You can also set xxx to 1 if you're
+using slow nss_* system authentication modules.
+ 
+* throttling_bandwidth_ul:xxx (optional)
+
+The allocated bandwidth for uploads, in bytes per second.
+ 
+* throttling_bandwidth_dl:xxx (optional)
+
+The allocated bandwidth for downloads, in bytes per second.
+ 
+*user_quota_size:xxx (optional)
+
+The maximal total size for this account, in bytes.
+ 
+* user_quota_files:xxx (optional)
+
+The maximal number of files for this account.
+ 
+* ratio_upload:xxx and radio_download:xxx (optional)
+
+The user must match a ratio_upload:ratio_download ratio.
+
+* per_user_max:xxx (optional)
+
+The maximal authorized number of concurrent sessions.
+
+
+          ------------------------ EXAMPLE ------------------------
+          
+          
+Here's a very basic example. Our sample authentication program will only
+accept user 'john' with any password and return a fixed home directory and
+uid/gid.
+
+#! /bin/sh
+
+if test "$AUTHD_ACCOUNT" = "john"; then
+  echo 'auth_ok:1'
+  echo 'uid:69'
+  echo 'gid:42'
+  echo 'dir:/tmp'
+else
+  echo 'auth_ok:0'
+fi
+echo 'end'
+
+Let's say we save this file as /usr/bin/ftp-auth-handler
+
+Now, we have to run pure-authd and pure-ftpd, to connect them through a
+local socket and to tell pure-ftpd to use our external authentication module:
+
+pure-authd -s /var/run/ftpd.sock -r /usr/bin/ftp-auth-handler &
+pure-ftpd  -lextauth:/var/run/ftpd.sock &
+
+That's all. Now, we can only log in as 'john', as all FTP authentication is
+done by the shell script.

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.Configuration-File

@@ -0,0 +1,31 @@
+Pure-FTPd strives to remain simple to operate, and keeps the number of
+knobs down to a minimum.
+
+Virtually everything can be set using command-line switches, so that a
+configuration file is not required.
+
+For example, the '-H' switch is recommended and avoids DNS lookups.
+
+To enable this feature, just add it right after the executable name:
+
+    /usr/local/sbin/pure-ftpd -H
+
+Long options are also supported. This is equivalent to the previous
+command:
+
+    /usr/local/sbin/pure-ftpd --dontresolve
+
+As an alternative to command-line switches, Pure-FTPd can use a
+configuration file. The set of supported features is the same no
+matter what way of configuring the server is beind used.
+
+A sample configuration file named pure-ftpd.conf should have been installed
+in /etc/, /usr/local/etc/ or another standard location derived from
+the package installation prefix.
+
+Tweak it according to your needs, and start the server using that file:
+
+    /usr/local/sbin/pure-ftpd /etc/pure-ftpd.conf
+
+Note the absence of switches. In order to avoid confusion, either a
+configuration file or a set of command-line switches can be used.

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.LDAP

@@ -0,0 +1,283 @@
+
+If you never heard about LDAP before, *DON'T* enable LDAP support in
+Pure-FTPd. LDAP is useless if you don't have to manage many shared accounts.
+But well... if you want to learn about LDAP anyway, here's a good starting
+point: http://www.openldap.org/
+
+
+       ------------------------ LDAP SUPPORT ------------------------
+
+
+Pure-FTPd has a built-in support for LDAP directories. When LDAP is
+enabled, all account info is fetched from a central LDAP directory.
+
+To compile the server with LDAP support, you first have to build and install
+OpenLDAP. OpenLDAP is freely available from http://www.openldap.org/ and
+binary packages are included in many major distributions. But if you choose
+a binary form, don't forget to also install the development packages if they
+are available separately.
+
+Then, configure Pure-FTPd with --with-ldap and your favorite extra gadgets:
+
+
+    ./configure --with-ldap --with-everything
+
+
+If your LDAP libraries are installed in a special path, you can specify it
+like this:
+
+
+    ./configure --with-ldap=/usr/local/openldap
+
+
+In this example, headers (ldap.h and lber.h files) will be searched in
+/usr/local/openldap/include, while related libraries will be searched in
+/usr/local/openldap/lib .
+
+Then, install the server as usual:
+
+
+                                 make install
+
+
+  ------------------------ LDAP CONFIGURATION FILE ------------------------
+  
+  
+Before running the server, you have to create a configuration file. Why a
+configuration file instead of simple command-line options? you may ask.
+Because for security reasons, you may want to hide how to connect to your
+LDAP server. And as command-line options can be discovered by local users
+(with 'ps auxwww' for instance), it's more secure to use a configuration
+file for sensitive data. Keep the file only readable by root (chmod 600) .
+
+Here's a sample configuration file:
+
+
+LDAPServer ldap.c9x.org
+LDAPPort   389
+LDAPBaseDN cn=Users,dc=c9x,dc=org
+LDAPBindDN cn=Manager,dc=c9x,dc=org
+LDAPBindPW r00tPaSsw0rD
+LDAPDefaultUID 500
+LDAPForceDefaultUID False
+LDAPDefaultGID 100
+LDAPForceDefaultGID False
+
+Well... the keywords should be self-explanatory, but here we go for some
+details anyway:
+
+- LDAPScheme is the scheme (aka protocol) to connect with to the LDAP server.
+It defaults to 'ldap'. To connect to a server listening on TLS port, set it
+to 'ldaps' (and change the port below).
+
+- LDAPServer is the LDAP server name (hey!) . It defaults to 'localhost'.
+
+- LDAPPort is the connection port. It defaults to 389, the standard port.
+Port value should be changed for 'ldaps' connection (the TLS port for an
+LDAP server is usually 636).
+
+- LDAPBaseDN is the search starting point for users accounts. Your tree must
+have posixAccount objects under that node.
+
+- LDAPBindDN is the DN we should bind the server for simple authentication.
+If you don't need authentication (ie. anonymous users can browse that part
+of the LDAP directory), just remove that line.
+
+- LDAPBindPW is the plaintext password to bind the previous DN. The
+configuration file should be only readable by root if you are using
+LDAPBindDN/LDAPBindPW.
+
+- LDAPDefaultUID and LDAPDefaultGID are default values for objects without
+any entry for them.
+
+- LDAPForceDefaultUID and LDAPForceDefaultGID - These options both default to
+`False`. Any value other than `True` (case insensitive) is also treated as
+`False`.  When set these options cause the respective uid or gid value returned
+by the LDAP server for a username to be ignored and instead use the value set
+by `LDAPDefaultUID` or `LDAPDefaultGID`.  If the appropriate `LDAPDefaultXID`
+option is not set, these options have no effect.
+
+This is useful for allowing users to authenticate against LDAP but access or
+create content with common a set of ownership/permissions.  It also provides a
+measure of security in that it prevents pure-ftpd processes from being created
+with arbitrary uid/gids that may conflict with local accounts.
+
+- LDAPFilter is the filter to use in order to find the object to authenticate
+against. The special sequence \L is replaced with the login of the user. The
+default filter is (&(objectClass=posixAccount)(uid=\L)) .
+
+- LDAPHomeDir is the attribute to get the home directory ('homeDirectory' by
+default) .
+
+- LDAPVersion is the protocol version to use. Version 3 is recommended and
+needed with OpenLDAP servers. It is the default.
+
+- LDAPUseTLS can be True or False. True means that the server should use TLS
+to connect to the LDAP server over ldap protocol. This property has no effect
+when ldaps protocol is used, as the connection is inherently secured with TLS.
+This was introduced in pure-ftpd 1.0.37.
+
+- LDAPAuthMethod can be BIND (experimental, but default if there is no
+LDAPBindDN) or PASSWORD (default if a LDAPBindDN is set). The former tries
+to authenticate users by binding, thus allowing to use an unprivileged LDAP
+account. The later requires a privileged LDAP accounts and the FTP server
+itself checks against the userPassword attribute.
+
+In fact, the only mandatory keyword is LDAPBaseDN. Other keywords are
+optional and defaults are ok for local testing.
+
+Save the configuration file anywhere. Let's say /etc/pureftpd-ldap.conf .
+
+Then, you have to run the pure-ftpd command with '-l ldap:' (it's an 'ell'
+not a 'one') followed by the path of that configuration file. Here's an
+example:
+
+
+pure-ftpd -l ldap:/etc/pureftpd-ldap.conf -B
+
+You can mix different authentication methods. For instance, if you want to
+use system (/etc/passwd) accounts when an account is not found in a LDAP
+directory, use -l ldap:/etc/pureftpd-ldap.conf -l unix
+
+
+      ------------------------ THE LDAP SCHEMA ------------------------
+
+
+Pure-FTPd uses the standard 'posixAccount' class to locate accounts. With
+OpenLDAP, that class is defined in the 'nis' schema.
+
+FTP login names should match 'uid' attributes of 'posixAccount' instances.
+When a user logs in as 'joe', the following filter is used to locate Joe's
+account:
+
+
+                   (&(objectClass=posixAccount)(uid=joe))
+
+
+Here's a sample entry in LDIF format:
+
+
+dn: cn=Joe,dc=rtchat,dc=com
+objectClass: posixAccount
+cn: Joe
+uid: joe
+uidNumber: 500
+gidNumber: 100
+homeDirectory: /home/joe
+userPassword: {scrypt}$7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+
+
+'userPassword' is the password hashed with the system 'crypt' function,
+MD5, SHA, SMD5, SSHA, SCRYPT or ARGON2.
+
+Do not use MD5, SHA, SMD5 or SSHA except if you really have to. Use {crypt}
+with the strongest algorithm supported by your implementation. Or better,
+use {scrypt} or {argon2}.
+
+Please note that a login can only contains common characters: A...Z, a...z,
+0...9, -, ., _, space, :, @ and ' . For paranoia purposes, other characters
+are forbidden.
+
+If you don't want to use posixAccount objects, you can edit src/log_ldap.h
+to customize attribute names.
+
+
+  ----------- EXTENDED LDAP SCHEMA (QUOTAS, THROTTLING, RATIOS) ----------
+
+
+To enable quotas, download/upload rate throttling and/or download/upload
+ratios, an extended LDAP schema is needed.  This modified schema also allows
+you to completely enable and disable users' FTP access by simply changing
+the "FTPStatus" field in their LDAP entry.
+
+Simply copy the included pureftpd.schema file to your OpenLDAP schema
+directory (/usr/local/etc/openldap/schema in this example) and add the
+appropriate line to your slapd.conf, like so:
+
+
+include         /usr/local/etc/openldap/pureftpd.schema
+
+
+This schema defines a new objectClass, PureFTPdUser, which contains the
+*OPTIONAL* status, quota, throttling and ratio fields as in the example
+below:
+
+
+dn: uid=Ichiro,dc=gmo,dc=jp
+objectClass: PureFTPdUser
+objectClass: posixAccount
+cn: Ichiro
+uid: Ichiro
+uidNumber: 888
+gidNumber: 888
+homeDirectory: /home/ichiro
+userPassword: {crypt}$1$w58NLo5z$NHhr6GzSPw0qxaxs3PAaK/
+FTPStatus: enabled
+FTPQuotaFiles: 50
+FTPQuotaMBytes: 10
+FTPDownloadBandwidth: 50
+FTPUploadBandwidth: 50
+FTPDownloadRatio: 5
+FTPUploadRatio: 1
+
+The example is mostly self-explanatory. FTPQuotaMBytes is the quota size in
+megabytes. FTPDownloadBandwidth and FTPUploadBandwidth are in KB/sec.
+
+FTPStatus should be either "enabled" or "disabled". If the FTPStatus field
+exists and is set to anything except "enabled", the user will not be
+permitted to log in. If the FTPStatus field does not exist, the user *WILL*
+be allowed to log in as normal, to allow LDAP users without the PureFTPdUser
+objectClass.
+
+There are also optional FTPuid and FTPgid attributes. If present, they will
+override uidNumber and gidNumber values, so that you can have different
+uid/gid mapping for FTP and for other services.
+
+Please note that all of the FTP* LDAP fields are optional for the
+PureFTPdUser objectClass. You can have a user with just FTPQuotaFiles and
+FTPQuotaMBytes set, for example, if you only wish to enforce a quota, but
+not throttle the user's bandwidth or enforce ratios.
+
+Of course, you must make sure to enable the features you wish to use at
+compile time (--with-quotas, --with-throttling, --with-ratios) .
+
+
+      ------------------------ ANONYMOUS USERS ------------------------
+
+
+If you want to accept anonymous users on your FTP server, you don't need to
+have any 'ftp' user in the LDAP directory. But you need to have a system
+'ftp' account on the FTP server.
+
+
+        ------------------------ ROOT USERS ------------------------
+
+
+If an LDAP user entry has a root (0) uidNumber and/or gidNumber, Pure-FTPd
+will refuse to log them in.
+
+Without this preventive restriction, if your LDAP server ever gets
+compromised, the attacker could also easily compromise the FTP server.
+
+
+           ------------------------ ARGON2 ------------------------
+
+
+Password hashed with argon2i and argon2id can be used, provided that pure-ftpd
+was linked to libsodium.
+
+They are expected to be provided as a string, as returned by the
+crypto_pwhash_str() function or by its bindings.
+
+
+           ------------------------ SCRYPT ------------------------
+
+
+Password hashed with scrypt can be used, provided that pure-ftpd was linked to
+libsodium.
+
+They are expected to be provided in escrypt format, as returned by the
+crypto_pwhash_scryptsalsa208sha256_str() function or by its bindings.
+
+For example, the string $7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+would verify the password "test".

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.MacOS-X

@@ -0,0 +1,40 @@
+
+
+     ------------------------ OSX SPECIFIC NOTES ------------------------
+
+The easiest way to install Pure-FTPd is to use Homebrew:
+
+$ brew install pure-ftpd
+
+Available options are:
+
+--with-mysql
+	Build with mysql support
+--with-postgresql
+	Build with postgresql support
+--with-virtualchroot
+	Follow symbolic links even for chrooted accounts
+
+
+To get Pure-FTPd authenticate against system users on OSX, you have to
+use PAM.
+       
+$ ./configure --with-pam <your other favorite options like --with-everything>
+$ make install-strip
+
+  Create a /etc/pam.d/pure-ftpd file:
+ 
+# pure-ftpd: auth account password session
+auth       required       pam_opendirectory.so
+account    required       pam_permit.so
+password   required       pam_deny.so
+session    required       pam_permit.so
+
+  Start the FTP server:
+
+$ /usr/local/sbin/pure-ftpd -lpam -B
+ 
+
+To take advantage of Bonjour, please add --with-bonjour to ./configure
+switches and give the server a Bonjour service name with the -v (--bonjour=)
+switch.

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.MySQL

@@ -0,0 +1,271 @@
+
+
+    ------------------------ MYSQL/MARIADB SUPPORT ------------------------
+
+
+When MySQL is enabled, all account info is fetched from a central MySQL
+or MariaDB database.
+
+To compile the server with MySQL/MariaDB support, you first have to build and
+install the MySQL client libraries. MariaDB is freely available from
+https://mariadb.org/ and binary packages are included in many major
+distributions. But if you choose a binary form, don't forget to also install
+the development packages if they are available separately. For example, on
+Debian/Ubuntu systems, the package to install is called
+libmariadb-client-lgpl-dev.
+
+Then, configure Pure-FTPd with --with-mysql and your favorite extra gadgets:
+
+
+    ./configure --with-mysql --with-everything
+
+
+If your MySQL libraries are installed in a special path, you can specify it
+like this:
+
+
+    ./configure --with-mysql=/opt/mysql
+
+
+In this example, headers (like mysql.h) will be searched in
+/opt/mysql/include and /opt/mysql/include/mysql, while related libraries
+will be searched in /opt/mysql/lib and /opt/mysql/lib/mysql .
+
+Then, install the server as usual:
+
+
+                                 make install
+
+
+ ------------------------ MYSQL CONFIGURATION FILE ------------------------
+           
+
+Before running the server, you have to create a configuration file. Why a
+configuration file instead of simple command-line options? you may ask.
+For security reasons, you may want to hide how to connect to your
+MySQL server. And as command-line options can be discovered by local users
+(with 'ps auxwww' for instance), it's more secure to use a configuration
+file for sensitive data. Keep it readable only by root (chmod 600) .
+
+Here's a sample configuration file:
+
+#MYSQLServer     localhost
+#MYSQLPort       3306
+MYSQLSocket     /tmp/mysql.sock
+MYSQLUser       root
+MYSQLPassword   rootpw
+MYSQLDatabase   pureftpd
+MYSQLCrypt      cleartext
+MYSQLGetPW      SELECT Password FROM users WHERE User="\L"
+MYSQLGetUID     SELECT Uid FROM users WHERE User="\L"
+MYSQLGetGID     SELECT Gid FROM users WHERE User="\L"
+MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"
+
+Have a look at the sample pureftpd-mysql.conf configuration file for
+explanations of every keyword.
+
+Save the configuration file anywhere. Let's say /etc/pureftpd-mysql.conf .
+
+Then, you have to run the pure-ftpd command with '-l mysql:' (it's an 'ell'
+not a 'one') followed by the path of that configuration file.
+
+Example:
+
+pure-ftpd -l mysql:/etc/pureftpd-mysql.conf -B
+
+You can mix different authentication methods. For instance, if you want to
+use system (/etc/passwd) accounts when an account is not found in a MySQL
+database, use -l mysql:/etc/pureftpd-mysql.conf -l unix
+
+
+     ------------------------ TABLES STRUCTURES ------------------------
+     
+     
+Pure-FTPd is very flexible and users can be stored in any way in SQL tables.
+You just have to have fields with the following info:
+
+- The user's login.
+
+- The user's password, hashed using argon2 (argon2id or argon2i), scrypt or
+crypt(3). SHA1, MD5, and MySQL's password() format are supported for legacy
+reasons, but shouldn't be used any more. Pure-FTPd also accepts the "any"
+value for the MySQLCrypt field. With "any", all hash functions are
+sequentially tried.
+
+* RECOMMENDATION: Do not use SHA1, MD5, or, obviously, plaintext. Unless your
+system provides a decent crypt() function, use a MySQL function to verify
+the hashed password or use argon2/scrypt.
+
+- The system uid to map the user to. This can be a numeric id or a user
+name, looked up at run-time.
+
+- The system gid (numeric or not) .
+
+- The home directory.
+
+Here's a dump of a simple table to handle this:
+
+CREATE TABLE users (
+  User VARCHAR(255) BINARY NOT NULL,
+  Password VARCHAR(255) BINARY NOT NULL,
+  Uid INT NOT NULL default '-1',
+  Gid INT NOT NULL default '-1',
+  Dir VARCHAR(255) BINARY NOT NULL,
+  PRIMARY KEY (User)
+);
+
+Uid and Gid can be char() instead of int() if you want to use names instead
+of values.
+
+Then, in the pureftpd-mysql.conf configuration file, you have to provide SQL
+templates to fetch the needed info.
+
+Let's take the previous example:
+
+MYSQLGetPW      SELECT Password FROM users WHERE User="\L"
+MYSQLGetUID     SELECT Uid FROM users WHERE User="\L"
+MYSQLGetGID     SELECT Gid FROM users WHERE User="\L"
+MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"
+
+For each query:
+
+\L is replaced by the login of a user trying to authenticate.
+\I is replaced by the IP address the client connected to.
+\P is replaced by the port number the client connected to.
+\R is replaced by the remote IP address the client connected from.
+\D is replaced by the remote IPv4 address, as a long decimal number.
+
+You can mix all of these to store info in various tables. For instance, with
+\I, you can have a different table for every domain, so that joe@domain1
+won't be the same account as joe@domain2 . And with \R, you can restrict
+one account to one specific address.
+
+Multiple statements can be used using a semicolon (";") as a delimiter.
+
+Please note that a login can only contain common characters: A...Z, a...z,
+0...9, -, ., _, space, :, @ and ' . For security purposes, other characters
+are forbidden.
+
+You can also remove uid and gid fields in your tables and use default
+values instead (thus saving useless lookups) . Two directives are
+useful to serve that purpose: MYSQLDefaultUID and MYSQLDefaultGID.
+
+Obvious example:
+
+MYSQLDefaultUID 1000
+MYSQLDefaultGID 1000
+
+Using these directives overrides MYSQLGetUID and MYSQLGetGID.
+
+
+           ------------------------ ARGON2 ------------------------
+
+
+Password hashed with argon2i and argon2id can be used, provided that pure-ftpd
+was linked to libsodium.
+
+They are expected to be provided as a string, as returned by the
+crypto_pwhash_str() function or by its bindings.
+
+
+           ------------------------ SCRYPT ------------------------
+
+
+Password hashed with scrypt can be used, provided that pure-ftpd was linked to
+libsodium.
+
+They are expected to be provided in escrypt format, as returned by the
+crypto_pwhash_scryptsalsa208sha256_str() function or by its bindings.
+
+For example, the string $7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+would verify the password "test".
+
+
+     ------------------------ PER-USER SETTINGS ------------------------
+
+
+Individual settings can be set for every user, using optional queries.
+
+- MySQLGetQTAFS is the maximal number of files a user can store in his home
+directory.
+
+Example:
+MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User="\L"
+
+- MySQLGetQTASZ is the maximal disk usage, in Megabytes.
+
+Example:
+MySQLGetQTASZ  SELECT QuotaSize FROM users WHERE User="\L"
+
+- MySQLGetRatioUL and MySQLGetRatioDL are optional ratios.
+
+Example:
+MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
+MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
+
+- MySQLGetBandwidthUL and MySQLGetBandwidthDL are optional upload and
+download bandwidth restrictions. Returned values should be in KB/s.
+
+Example:
+MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
+MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
+
+- MySQLForceTildeExpansion is yet another optional feature, to enable "~"
+expansion in paths. 0 disables it (default), 1 enables it. Only enable this
+if real (system) users and virtual (MySQL) users match. In all other cases,
+don't enable it blindly.
+
+
+       ------------------------ TRANSACTIONS ------------------------
+
+
+If you upgraded your tables to transaction-enabled tables, you can configure
+Pure-FTPd to take advantage of transactions. That way, you can be sure that
+all info parsed by the server is complete even if you're updating it at the
+same time.
+
+To enable transactions, add this line:
+
+MySQLTransactions On
+
+Don't enable transactions on tables that still are in ISAM or MyISAM
+formats. Transactions are only working with newer backends (Gemini, InnoDB,
+BerkeleyDB...) and in recent MySQL versions.
+
+
+     ------------------------ STORED PROCEDURES ------------------------
+
+
+Mike Goins says:
+
+To get pure-ftp to use a MySQL 5 stored procedure, use statements like:
+
+MYSQLGetDir   CALL get_path_from_name("\L")
+instead of
+MYSQLGetDir   SELECT user_dir FROM user WHERE user_name="\L"
+
+Note that this requires the type of Stored Procedure that returns a result set
+in a single call as opposed to the two call method:
+CALL sp('value', @a); SELECT @a
+
+
+      ------------------------ ANONYMOUS USERS ------------------------
+
+
+If you want to accept anonymous users on your FTP server, you don't need to
+have any 'ftp' user in the MySQL directory. But you need to have a system
+'ftp' account on the FTP server.
+
+
+        ------------------------ ROOT USERS ------------------------
+
+
+If a MySQL user entry has a root (0) uid and/or gid, Pure-FTPd will refuse
+to log them in.
+
+Without this preventive restriction, if your MySQL server ever gets
+compromised, the attacker could also easily compromise the FTP server.
+
+Security barriers are also implemented to avoid bad implications if wrong
+data types (eg. binary blobs instead of plain text) are fetched with SQL
+queries.

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.PGSQL

@@ -0,0 +1,245 @@
+
+       ----------------------- PostgreSQL SUPPORT ------------------------
+
+
+When PostgreSQL is enabled, all account info are fetched from a central
+Postgres database.
+
+To compile the server with PostgreSQL support, you first have to build and
+install the PostgreSQL client libraries. PostgreSQL is freely available from
+http://www.postgresql.org/ and binary packages are included in many major
+distributions. But if you choose a binary form, don't forget to also install
+the development packages if they are available separately.
+
+Then, configure Pure-FTPd with --with-pgsql and your favorite extra gadgets:
+
+
+    ./configure --with-pgsql --with-everything
+
+
+If your PostgreSQL libraries are installed in a special path, you can specify
+it like this:
+
+
+    ./configure --with-pgsql=/opt/pgsql
+
+
+In this example, headers (like pgsql.h) will be searched in
+/opt/pgsql/include and /opt/pgsql/include/pgsql, while related libraries
+will be searched in /opt/pgsql/lib and /opt/pgsql/lib/pgsql .
+
+Then, install the server as usual:
+
+
+                                 make install
+
+
+ ------------------------ PGSQL CONFIGURATION FILE ------------------------
+           
+
+Before running the server, you have to create a configuration file. Why a
+configuration file instead of simple command-line options? you may ask.
+Because for security reasons, you may want to hide how to connect to your
+PostgreSQL server. And as command-line options can be discovered by local users
+(with 'ps auxwww' for instance), it's more secure to use a configuration
+file for sensitive data. Keep it readable only by root (chmod 600) .
+
+Here's a sample configuration file:
+
+PGSQLServer     localhost
+PGSQLPort       5432
+PGSQLUser       root
+PGSQLPassword   rootpw
+PGSQLDatabase   pureftpd
+PGSQLCrypt      cleartext
+PGSQLGetPW      SELECT "Password" FROM "users" WHERE "User"='\L'
+PGSQLGetUID     SELECT "Uid" FROM "users" WHERE "User"='\L'
+PGSQLGetGID     SELECT "Gid" FROM "users" WHERE "User"='\L'
+PGSQLGetDir     SELECT "Dir" FROM "users" WHERE "User"='\L'
+
+Have a look at the sample pureftpd-pgsql.conf configuration file for
+explanations of every keyword.
+
+Save the configuration file anywhere. Let's say /etc/pureftpd-pgsql.conf .
+
+Then, you have to run the pure-ftpd command with '-l pgsql:' (it's an 'ell'
+not a 'one') followed by the path of that configuration file. Here's an
+example:
+
+pure-ftpd -l pgsql:/etc/pureftpd-pgsql.conf -B
+
+
+You can mix different authentication methods. For instance, if you want to
+use system (/etc/passwd) accounts when an account is not found in a PostgreSQL
+database, use -l pgsql:/etc/pureftpd-pgsql.conf -l unix
+
+
+     ------------------------ TABLES STRUCTURES ------------------------
+     
+     
+Pure-FTPd is very flexible and users can be stored in any way in SQL tables.
+You just have to have fields with the following info:
+
+- The user's login.
+
+- The user's password, hashed using argon2, scrypt or crypt(3). SHA1 and MD5
+are also supported for legacy reasons, but shouldn't be used any more.
+Pure-FTPd also accepts the "any" value for the PGSQLCrypt field.
+With "any", all hash functions are sequentially tried.
+
+* RECOMMENDATION: Do not use SHA1, MD5, or, obviously, plaintext. Unless your
+system provides a decent crypt() function, use a PostgreSQL function to verify
+the hashed password or use argon2/scrypt.
+
+- The system uid to map the user to. This can be a numeric id or a user
+name, looked up at run-time.
+
+- The system gid (numeric or not) .
+
+- The home directory.
+
+Here's a dump of a simple table to handle this:
+
+CREATE TABLE "users" (
+  "User" TEXT NOT NULL,
+  "Password" TEXT NOT NULL,
+  "Uid" INTEGER NOT NULL default '-1',
+  "Gid" INTEGER NOT NULL default '-1',
+  "Dir" TEXT NOT NULL,
+  PRIMARY KEY ("User")
+) WITHOUT OIDS;
+
+Uid and Gid can be VARCHAR instead of INTEGER if you want to use names instead
+of values.
+
+Then, in the pureftpd-pgsql.conf configuration file, you have to provide SQL
+templates to fetch the needed info.
+
+Let's take the previous example:
+
+PGSQLGetPW      SELECT "Password" FROM "users" WHERE "User"='\L'
+PGSQLGetUID     SELECT "Uid" FROM "users" WHERE "User"='\L'
+PGSQLGetGID     SELECT "Gid" FROM "users" WHERE "User"='\L'
+PGSQLGetDir     SELECT "Dir" FROM "users" WHERE "User"='\L'
+
+For each query:
+
+\L is replaced by the login of a user trying to authenticate.
+\I is replaced by the IP address the client connected to.
+\P is replaced by the port number the client connected to.
+\R is replaced by the remote IP address the client connected from.
+\D is replaced by the remote IPv4 address, as a long decimal number.
+
+You can mix all of these to store info in various tables. For instance, with
+\I, you can have a different table for every domain, so that joe@domain1
+won't be the same account than joe@domain2 . And with \R, you can restrict
+one account to one specific address.
+
+Please note that a login can only contains common characters: A...Z, a...z,
+0...9, -, ., _, space, :, @ and ' . For security purposes, other characters
+are forbidden.
+
+You can also remove uid and gid fields in your tables and use default
+values instead (thus saving useless lookups) . Two directives are
+useful to serve that purpose: PGSQLDefaultUID and PGSQLDefaultGID.
+
+Obvious example:
+
+PGSQLDefaultUID 1000
+PGSQLDefaultGID 1000
+
+Using these directives overrides PGSQLGetUID and PGSQLGetGID.
+
+
+           ------------------------ ARGON2 ------------------------
+
+
+Password hashed with argon2i and argon2id can be used, provided that pure-ftpd
+was linked to libsodium.
+
+They are expected to be provided as a string, as returned by the
+crypto_pwhash_str() function or by its bindings.
+
+
+           ------------------------ SCRYPT ------------------------
+
+
+Password hashed with scrypt can be used, provided that pure-ftpd was linked to
+libsodium.
+
+They are expected to be provided in escrypt format, as returned by the
+crypto_pwhash_scryptsalsa208sha256_str() function or by its bindings.
+
+For example, the string $7$C6..../....YzvCLmJDYJpH76BxlZB9fCpCEj2AbGQHoLiG9I/VRO1$/enQ.o1BNtmxjxNc/8hbZq8W0JAqR5YpufJXGAdzmf3
+would verify the password "test".
+
+
+     ------------------------ PER-USER SETTINGS ------------------------
+
+
+Individual settings can be set for every user, using optional queries.
+
+- PGSQLGetQTAFS is the maximal number of files a user can store in his home
+directory.
+
+Example:
+PGSQLGetQTAFS SELECT "QuotaFiles" FROM "users" WHERE "User"='\L'
+
+- PGSQLGetQTASZ is the maximal disk usage, in Megabytes.
+
+Example:
+PGSQLGetQTASZ SELECT "QuotaSize" FROM "users" WHERE "User"='\L'
+
+- PGSQLGetRatioUL and PGSQLGetRatioDL are optional ratios.
+
+Example:
+PGSQLGetRatioUL SELECT "ULRatio" FROM "users" WHERE "User"='\L'
+PGSQLGetRatioDL SELECT "DLRatio" FROM "users" WHERE "User"='\L'
+
+- PGSQLGetBandwidthUL and PGSQLGetBandwidthDL are optional upload and
+download bandwidth restrictions. Returned values should be in KB/s.
+
+Example:
+PGSQLGetBandwidthUL SELECT "ULBandwidth" FROM "users" WHERE "User"='\L'
+PGSQLGetBandwidthDL SELECT "DLBandwidth" FROM "users" WHERE "User"='\L'
+
+
+
+      ------------------------ ANONYMOUS USERS ------------------------
+
+
+If you want to accept anonymous users on your FTP server, you don't need to
+have any 'ftp' user in the PGSQL directory. But you need to have a system
+'ftp' account on the FTP server.
+
+
+        ------------------------ ROOT USERS ------------------------
+
+
+If a PGSQL user entry has a root (0) uid and/or gid, Pure-FTPd will refuse
+to log them in.
+
+Without this preventive restriction, if your PGSQL server ever gets
+compromised, the attacker could also easily compromise the FTP server.
+
+Security barriers are also implemented to avoid bad implications if wrong
+data types (eg. binary blobs instead of plain text) are fetched with SQL
+queries.
+
+
+Hint:
+
+PostgreSQL supports views and it's common practice to define a new DB
+user, e.g., ftpd and a view of the 'real' user database with just the
+bits that the server needs. E.g., if you have virtual domains you
+could use:
+
+create view vftpd as select u.vuser, u.domain, u.passwd, d.uid, d.gid,
+'/virtual/' || u.domain || '/' || u.vuser || '/./' as homedir
+from vusers as u, vdomains as d where u.domain = v.domain;
+
+grant select on vftpd to ftpd;
+
+The definition of homedir shows how views can be used to enforce a
+canonical form for home directories - nothing short of defining this
+view will allow a user to drop the chroot from their home directory.

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.TLS

@@ -0,0 +1,314 @@
+
+
+         ------------------------ TLS SUPPORT ------------------------
+
+Pure-FTPd supports encryption of the control and data channels using
+TLS security mechanisms.
+
+When this extra security layer is enabled, login and passwords are no more
+sent as cleartext. Neither are other commands sent by your client nor replies
+made by the server.
+
+
+         ------------------------ COMPILATION ------------------------
+
+To support TLS, the OpenSSL library must already be installed on your
+system. This is a common requirement so your operating system probably
+already ships with it.
+
+Pure-FTPd also has to be configured with the --with-tls switch before
+compilation :
+
+  ./configure --with-tls ...
+  make install-strip
+
+If something goes wrong, try to bring your OpenSSL library up-to-date.
+
+
+        ------------------------ CERTIFICATES ------------------------
+
+
+TLS connections require certificates, as well as their key.
+
+Both can be bundled into a single file. If you have both a `.pem` file
+and a `.key` file, just concatenate the content of the `.key` file to
+the `.pem` file.
+
+By default, Pure-FTPd will look for a cert+key bundle in the
+/etc/ssl/private/pure-ftpd.pem file.
+
+The location can be changed at compile-time with the --with-certfile
+and --with-keyfile options passed to ./configure.
+
+It can also be changed at runtime, with the CertFile option in the
+configuration file:
+
+CertFile                     /etc/ssl/private/pure-ftpd.pem
+or
+CertFileAndKey               /etc/pure-ftpd.pem /etc/pure-ftpd.key
+
+The former is for a bundle, the later loads two files.
+
+If you already have a certificate for another service on the same host
+(commonly for HTTPS), you can use it as well with Pure-FTPd and other
+TLS-enabled services.
+
+Both RSA and ECDSA signatures are supported, but not simultaneously.
+
+For testing purposes, a self-signed certificate can be created as follows:
+
+mkdir -p /etc/ssl/private
+
+openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
+
+openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
+  /etc/ssl/private/pure-ftpd.pem \
+  -out /etc/ssl/private/pure-ftpd.pem
+
+chmod 600 /etc/ssl/private/*.pem
+
+In this example, 2048 is the number of bits used for the RSA key.
+
+Here's what the /etc/ssl/private/pure-ftpd.pem should look like :
+
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDV8A/fexof9ttn
+uqpwCxXN3C019v40ByGqlfmg8SbTnkjtyt5FLw3ICoxBbQtQ65aYSAv5KtiGQbuc
+BZC+FGbR3rIokvHnbhsdLvIvWym+W+VR6U2P8VnbHWd3iSe0xMeTwGJgP9TC8r+c
+KfLX9a8EkTKL2iAVRhXuu/it7/A3T2rEomBRWGpmbE+AT69vP2T5ruQ9D7w21GcG
+S6ylqlfhRBy61ct3WI1jVR2W5BOXfE8LxgGuJYt0XY+dTrluqen9li8w5ju+3tlA
+9PsIl4ckjmYBZm1E7LqoSYDbIh/8D4kUQFLFm6xf27cUOEg3uYAJo5x3SfYlKsSm
+6PKzhzDIKcJ1896XG2AHOdIby9VoL8mZwjuMkmmrl1yro++g4XNnMIaTkajPgFzr
+NxQ195lXAgMBAADCggEBAMoqmCVc5Dwuf/mO+T72Cr3FgefMJz4tOxBDt2jyWfmC
+S3KC0fZY19IgvZeaHyZx6pavBrmIVqLQfSScUcJ97wgGRR94dSZ48yBp260KnfDo
+UFVOfeA3d+1K5RqdvqrhhaPHGm/QAhPTZ2SgUl8fEPqr7eZU4HhAcyPaLCMKFsV/
+lbfY2C4Kq54o2m1uHFTertx5niE4Yx6ALqBB66rR4It7lnr7kBhAnIsCYj7ENGrU
+6C1PzjpvrqjWqnYjbmzUov7b4S308YGqWKrfkJxTrviVaITI1XznAHlTBDLkuU1l
+eSyZ0YP3Gfd82j9fhdugH2nLxLCttcmGNOaA87VlXL/oZaYI5P5xqjyjkCgYEA6x
+Fy30dcPM+VKDhnp2QBbHrJC0zr88Hn4qYxIfyoPtjrvTb+vSI703Cd0rc00alGK6
+YZZKDV1NYKw8/r2uHRXgbpptYdRKz+GrsgNdORycKXkmWXw+ChIHsl/UghHG60jy
+KNPSkOJgPXIseJDn2ZcqlFLkl6sCgYEA6Pr+L1otzG//ROJdBV58yHO0V2KF9VKM
+amt5RUWkqRqfOiE0i5T3nmBPPflNB4bdj8qe+DwoPly2SJMihT7KQqvg54V/ZVb+
+jXY0fNLEDhJ0PdboB2I/r6SuWBNJyXF8AAewzcDF3PlBr/JGOHF4XGmOLVmiNL/N
++6RPLW5i6QUCgYA0sRq2M9QsGCy61xkTDwf2xbbSQ/6bTCPpZbHIKn98wDzXkOwr
+XMqneD7teYiBUi98jhMiMOMmaygEDsU8TpW2vSa0+CaL6zR17Itr/015Wj6SrkDw
+G/TvckxGt5MzB7hYRYZYI0bdCOMPpkAxipluRG/SFh+FvuVZTpsKuDHpFQKBgFrA
+ThXzmNlx069BYNj2NGL0AI8ueQlIca84tAlLMAMrPQw5gfgeVSBdzWuRV9SX1+1L
+EZuT037XuLaIcMHbsT6N/0u69mwFqn6y6gSQUwbhAoGAYa6eN7KUA0Xri5zrABst
+S2PP2rrmrnFLohNJ5CAWR7vvk6aKkMd+hEAJTk6s+vc7B3NHR/icIu1CnXWxKhB7
+AI0SIL0losHuBfCst8CTpqZ//Jjvi0IbOm+SNI/aqYcrrHrzdkSWYLC6Ll16Ckrg
+xeBXhXuiP9wEJSDmg7wb1t0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfwCCQC/UlBaK8CNnDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJG
+UjEOMAwGA1UEBwwFUGFyaXMxEjAQBgNVBAoMCVB1cmUtRlRQZDEZMBcGA1UEAwwQ
+ZnRwLnB1cmVmdHBkLm9yZzAeFw0xNTAyMjExNDE1MTlaFw0xNTAMzjMxNDE1MTla
+MEwxCzAJBgNVBAYTAkZSMQ4wDAYDVQQHDAVQYXJpczESMBAGA1UECgwJUHVyZS1G
+VFBkMRkwFwYDVQQDDBBmdHAucHVyZWZ0cGQub3JnMIIBIjANBgkqhkiG9w0BAQEF
+FEBSxZusX9u3FDhIN7mACaOcd0n2JSrEpujys4cwyCnCdfPelxtgBznSG8vVaC/J
+IBCgKCAQEA1fAP33saH/bbZ7qqcAsVzdwtNfb+NAchqpX5oPEmqGSIb3DQEB055I
+7creRS8NyAqMQW0LUOuWmEgL+SrYhkG7nAWQvhRm0d6yKJLx524bHS7yL1spvlvl
+UelNj/FZ2x1nd4kntMTHk8BiYD/UwvK/nEuspapX4UQcutXLd1iNY1UdluQTl3xP
+C8YBriWLdF2PnU65bqnp/ZYvMOY7vt7ZQPT7CJeHJI5mAWZtROy6qEmA2yIf/A+J
+mcI7jJJpq5dc6qAAOCAQ8AMIPvoOF3ksmdGD9xn3fNozcUNfeZVwIDAQABMA0GCS
+BqUAA4IBAQDT768mdG071/m6V1N4qeM5PVrpa5eB5mulE7JPBOPJADmw6YwYaSWJ
+90wE+YuU6DiDbRxHtWiCMwHoCH42fxU7BDVNrc3L614v1kUQGTLlHPyAUs6KZvz0
+Rko2y6Dzj+kVaJiWFKi+zWwWnf9P4wLYafv/n5EHKmEt1K83UE0h5r64fhwX9vH7
+6NHCMbmSDXgHjnv3rZKOOKN85ZYr2vKX+rTvASh2nxp2bbNM1XpfyuH2vbWL3J+E
+mFCaj3/lD880kHnTaTwo3Kg0SQy/Axe2LhX3zj+kSD2A9k6wtGcKttjrt4kNGaFc
+BlhkOrwnAhqbm5N3VQCB63CRpuuCVmYz
+-----END CERTIFICATE-----
+
+If you need client certificate verification, prefix the list of
+ciphers (-J/--tlsciphersuite) with -C:
+
+pure-ftpd --tlsciphersuite=-C:HIGH -Y2 ...
+
+If you want to do certificate-based client authentication, their
+public key must be included in the pure-ftpd.pem file.
+
+If multiple domains are used on the same server, each with its
+own certificate, Pure-FTPd supports SNI and custom certificate
+handlers (see down below).
+
+
+   ------------------------ ACCEPTING TLS SESSIONS ------------------------
+
+Once the certificate has been installed, you need to start a TLS-enabled
+pure-ftpd daemon with the -Y (or --tls=) switch. Example :
+
+/usr/local/sbin/pure-ftpd --tls=1 &
+
+- With "--tls=0", support for TLS is disabled. This is the default.
+
+- With "--tls=1", clients can connect either the traditional way or through an
+TLS layer. This is probably the setting you need if you want to enable
+TLS without having too many angry customers.
+
+- With "--tls=2", cleartext sessions are refused and only TLS compatible
+clients are accepted.
+
+- With "--tls=3", cleartext sessions are refused and only TLS compatible
+clients are accepted. Clear data connections are also refused, so private
+data connections are enforced. This is an extreme setting.
+
+When TLS has been successfully negotiated for a connection, you'll see
+something similar to this in log files :
+
+<<
+TLS: Enabled TLSv1/SSLv3 with ECDHE-ECDSA-AES128-GCM-SHA256, 128 secret bits cipher
+>>
+
+
+ ------------------------ CUSTOM CERTIFICATE HANDLERS ------------------------
+
+If multiple domains are used to access the server, each with their own
+certificate, Pure-FTPd supports the SNI (Server Name Indication) extension, as
+well as a flexible mechanism to map names to certificates.
+
+The pure-certd daemon needs to be started along with the FTP server.
+
+pure-certd listens to certificate requests, runs arbitrary commands written in
+any programming language, provides them the client SNI name, and returns what
+action has to be taken, and/or where the certificate to use is located.
+
+pure-certd command-line options follow:
+
+-B      --daemonize
+-g      --gid   <opt>
+-h      --help
+-p      --pidfile       <opt>
+-r      --run   <opt>
+-s      --socket        <opt>
+-u      --uid   <opt>
+
+The mandatory ones are --run and --socket. The former indicates what command
+to run in order to return actions and certificates, the later is a path to the
+local UNIX socket that will be created in order to communicate with the FTP
+server.
+
+Example usage:
+
+pure-certd --run /opt/pure-ftpd/bin/certificate-handler.sh \
+           --socket /var/run/ftpd-certs.sock
+
+The command can access the SNI name in an environment variable named
+CERTD_SNI_NAME. If this is a shell script, make sure that the file is
+executable.
+
+The command should print the following lines to the standard output:
+
+action:xxx
+cert_file:yyy (optional)
+key_file:zzz  (optional)
+end
+
+With xxx being one of:
+
+- deny: access is denied
+- default: the default certificate will be used
+- strict: the certificate whose path is indicated in "cert_path" will be used.
+If absent or invalid, access will be denied.
+- fallback: the certificate whose path is indicated in "cert_path" will be used.
+If absent or invalid, the default certificate will be used instead.
+
+yyy is the absolute path on the filesystem where the certificate is located.
+It can be a certificate+key bundle.
+
+zzz is optional and is the path to the certificate secret key, if it is not
+bundled into the PEM file.
+
+If the action is "deny" or "default", "cert_file" and "key_file" do not have
+to be provided.
+
+Here is a trivial example script logging the SNI name, and returning a fixed
+certificate path:
+
+#! /bin/sh
+
+echo 'action:strict'
+echo 'key_file:/etc/pure-ftpd/special.pem'
+echo 'done'
+
+Once pure-certd is running, the FTP server must be configured to use it.
+
+This is achieved by enabling the "ExtCert" feature in the configuration file:
+
+ExtCert                      /var/run/ftpd-certs.sock
+
+The path to the socket must match the one created by pure-certd.
+
+
+      ------------------------ COMPATIBLE CLIENTS ------------------------
+
+Pure-FTPd was reported to be fully compatible with the following clients with
+the TLS encryption layer turned on :
+
+
+* Transmit (OSX)
+  URL: https://panic.com/transmit/
+
+  TLS works out of the box, both in implicit and explicit modes.
+
+
+* CoreFTP Lite (Windows)
+  URL: http://www.coreftp.com/
+
+  TLS perfectly works when "AUTH TLS" is enabled. CoreFTP Lite has some
+neat features like IPv6 support, remote file searching, .htaccess editing,
+queueing, bandwidth control, etc.
+
+  CoreFTP Lite is free both for personal and business use.
+
+
+* SmartFTP (Windows)
+  URL: https://www.smartftp.com/
+
+  An excellent client with IPv6 support, port range limitation and other
+useful features (!= bloat) . And it's free for personal, educational and non-
+commercial use. And it detects Pure-FTPd :)
+
+  TLS perfectly works when the "FTP over SSL (explicit)" protocol is
+selected and when the data connection mode (Tools->Settings->SSL) is set to
+"clear data connection" while the AUTH mode (also in Tools->Settings->SSL) is
+set to "TLS".
+
+
+* FlashFXP (Windows)
+  URL: https://www.flashfxp.com/
+
+  TLS works. In the "Quick connect" dialog box, pick the "SSL" tab and :
+ - enable Auth TLS
+ - disable Secure File Listing
+ - disable Secure File Transfers
+
+
+* SDI FTP (Windows)
+  URL: https://www.sdisw.com/
+
+  TLS works. In the "Connection" tab, just pick "SSL Support: TLSv1".
+
+
+* LFTP (Unix, MacOS X)
+  URL: https://lftp.yar.ru/
+
+  TLS is automatically detected and works out of the box.
+
+
+* RBrowser (MacOS X)
+  URL: http://www.rbrowser.com/
+
+  A cute graphical client for MacOS that was reported to work by Jason Rust
+and Robert Vasvari.
+
+
+* Cyberduck (OSX)
+  https://cyberduck.ch/
+
+  TLS works out of the box.
+
+
+* WinSCP (Windows)
+  https://winscp.net/eng/index.php
+  WinSCP should be configured with "File protocol" set to "FTP" with
+"TLS Explicit encryption".

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/README.Virtual-Users

@@ -0,0 +1,318 @@
+
+
+       ------------------------ VIRTUAL USERS ------------------------
+
+
+Virtual users is a simple mechanism to store a list of users, with their
+password, name, uid, directory, etc. It's just like /etc/passwd. But it's
+not /etc/passwd. It's a different file, only for FTP.
+
+It means that you can easily create FTP-only accounts without messing up
+your system accounts.
+
+In addition, virtual users files can store individual quotas, ratios,
+bandwidth, etc. System accounts can't do this.
+
+Thousands of virtual users can share the same system user, as long as they
+all are chrooted and they have their own home directory.
+
+*IMPORTANT* If you are planning to use the virtual users feature, and
+unless your operating system already provides a secure password
+hashing function, please install libsodium (http://doc.libsodium.org)
+before compiling Pure-FTPd.
+
+A good thing to do before using virtual users is to create a system user
+for this. Of course, you can use any existing account like "nobody" (but not
+root), but it's better to have a dedicated account.
+
+Let's create an "ftpgroup" group and an "ftpuser" user.
+
+Linux/OpenBSD/NetBSD/Solaris/HPUX/OSX/a lot of other Unix-like systems:
+
+groupadd ftpgroup
+useradd -g ftpgroup -d /dev/null -s /etc ftpuser
+
+FreeBSD/DragonflyBSD:
+
+pw groupadd ftpgroup
+pw useradd ftpuser -g ftpgroup -d /dev/null -s /etc
+
+Then, all maintenance of virtual users can be made with the "pure-pw"
+command. You can also edit the files by hand if you want.
+
+Files storing virtual users have one line per user. These lines have the
+following syntax:
+
+<account>:<password>:<uid>:<gid>:<gecos>:<home directory>:<upload
+bandwidth>:<download bandwidth>:<upload ratio>:<download ratio>:<max number
+of connections>:<files quota>:<size quota>:<authorized local IPs>:<refused
+local IPs>:<authorized client IPs>:<refused client IPs>:<time
+restrictions>
+
+Fields can be left empty (exceptions: account, password, uid, gid, home
+directory) .
+
+Passwords are compatible with the hashing function used in /etc/passwd or
+/etc/master.passwd . They are crypto hashed with blowfish, md5, multiple-des
+and simple des, in this order, according to what your system has support fort.
+
+
+    ------------------------ CREATING A NEW USER ------------------------
+
+
+To add a new user, use the following syntax:
+
+         pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]
+                         -D/-d <home directory> [-c <gecos>]
+                         [-t <download bandwidth>] [-T <upload bandwidth>]
+                         [-n <max number of files>] [-N <max Mbytes>]
+                         [-q <upload ratio>] [-Q <download ratio>]
+                         [-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]
+                         [-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]
+                         [-y <max number of concurrent sessions>]
+                         [-C <max number of concurrent login attempts>]
+                         [-M <total memory (in MB) to reserve for password hashing>]
+                         [-z <hhmm>-<hhmm>] [-m]
+
+Let's create "joe", whose home directory will be /home/ftpusers/joe . The
+system account associated with "joe" is "ftpusers".
+
+            pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe
+
+Joe's password is asked twice.
+
+With -d, joe will be chrooted. If you want to give joe access to the whole
+filesystem, use -D instead of -d.
+
+You don't need to create /home/ftpusers/joe if you run pure-ftpd with the
+-j (--createhome) switch. With that switch, home directories will
+automatically be created when users will log in for the first time.
+
+The "-z" option allow a user to connect only during a range of day time.
+For instance, with -z 0900-1800, joe will only be able to connect from 9 am
+to 18 pm. Warning: a user that connected during authorized hours can
+finish his session after these authorized hours.
+
+-r and -R are handy to restrict where the user can connect from. They can be
+followed by a simple IP/mask pair (-r 192.168.1.0/24), multiple pairs
+separated by a coma (-r 192.168.1.0/24,10.1.0.0/16,127.0.0.1/32), single IPs
+(-r 192.168.1.4,10.1.1.5), host names (-r bla.bla.net,yopcitron.com), or any
+combination of those.
+
+-y is to restrict the number of concurrent sessions a user can have
+at the same time. '' or 0 mean unlimited. Avoid this feature on very loaded
+servers. Use per-ip limits instead.
+
+Ok, "joe" has been created. By default, the list of virtual users is stored
+in the /etc/pureftpd.passwd file (you can of course change this with -f
+<file>) .
+
+Let's have a look at its content:
+
+joe:$7$C6..../....swVShTUX9kLJepm0vvj7dUXPqtULzQ9G3GT/GAO3bd3$GMHJRyUdSRwNROunwtRbEDHlx5t3eNQew7bb1dz29K2:500:101::/home/ftpusers/joe/./:::::::::::::
+
+Passwords are hashed with the most secure hash function your system supports.
+Hashes are tried in this order: argon2, scrypt, bcrypt, SHA-512, MD5.
+
+SHA-512 and MD5 should not be used any more. bcrypt requires crypt(3)
+from the C library to support it, which is commonly the case on BSD
+systems, but is only present on some Linux distributions.
+
+Argon2 and scrypt are the recommended functions, and require pure-ftpd to be
+compiled in presence of libsodium. Note that a login attempt will require up
+to 64 Mb memory, and 100% of a CPU core. The number of simultaneously allowed
+sessions should be tuned accordingly to avoid resources starvation.
+
+
+       ------------------------ CHANGING INFO ------------------------
+
+
+Once virtual users have been created, you can edit their info. For instance
+you can add bandwidth throttling, change quotas, add their full name, update
+ratio, etc.
+
+The "pure-pw usermod" command works just like "pure-pw useradd" except that
+it modifies an existing account instead of creating a new one.
+
+For instance, we will add a quota to Joe. Joe should be limited to 1000
+files and 10 Megabytes.
+
+                      pure-pw usermod joe -n 1000 -N 10
+
+Let's have a look at /etc/pureftpd.passwd:
+
+joe:$7$C6..../....swVShTUX9kLJepm0vvj7dUXPqtULzQ9G3GT/GAO3bd3$GMHJRyUdSRwNROunwtRbEDHlx5t3eNQew7bb1dz29K2:500:101::/home/ftpusers/joe/./::::::1000:10485760::::::
+
+As you can see, the size quota is stored in bytes in the file.
+
+
+   ------------------------ RESETTING ATTRIBUTES ------------------------
+
+
+To disable file quotas, use pure-pw usermod <user> -n ''
+To disable size quotas, use pure-pw usermod <user> -N ''
+To disable ratios, use pure-pw usermod <user> -q '' -Q ''
+To disable download bandwidth throttling, use pure-pw usermod <user> -t ''
+To disable upload bandwidth throttling, use pure-pw usermod <user> -T ''
+To disable IP filtering, use pure-pw usermod <user> <-i,-I,-r or -R> ''
+To disable time restrictions, use pure-pw usermod <user> -z ''
+To disable the number of concurrent sessions, use pure-pw usermod <user> -y ''
+
+
+      ------------------------ DELETING USERS ------------------------
+
+
+We won't delete Joe at this time. Joe is a fine guy :) But FYI, deleting an
+user is as simple as running "pure-pw userdel", whose syntax is:
+
+         pure-pw userdel <login> [-f <passwd file>] [-m]
+         
+Deleting Joe would be:
+
+                             pure-pw userdel joe
+                             
+The content of his home directory is kept. Delete it by hand if you want.
+
+
+    ------------------------ CHANGING PASSWORDS ------------------------
+
+
+To change the password of a user, use "pure-pw passwd":
+
+         pure-pw passwd <login> [-f <passwd file>] [-m]
+
+
+      ------------------------ DISPLAYING INFO ------------------------
+      
+
+To review info about one user, reading the /etc/pureftpd.passwd file is ok,
+but it's not really human-friendly.
+
+It's why you can use "pure-pw show", whose syntax is:
+
+         pure-pw show    <login> [-f <passwd file>]
+         
+Let's try with joe:
+
+                              pure-pw show joe
+                              
+
+Login              : joe
+Password           : $7$C6..../....swVShTUX9kLJepm0vvj7dUXPqtULzQ9G3GT/GAO3bd3$GMHJRyUdSRwNROunwtRbEDHlx5t3eNQew7bb1dz29K2
+UID                : 500 (ftpuser)
+GID                : 101 (ftpgroup)
+Directory          : /home/ftpusers/joe/./
+Full name          : 
+Download bandwidth : 0 Kb (unlimited)
+Upload   bandwidth : 0 Kb (unlimited)
+Max files          : 1000 (enabled)
+Max size           : 10 Mb (enabled)
+Ratio              : 0:0 (unlimited:unlimited)
+Allowed local  IPs : 
+Denied  local  IPs : 
+Allowed client IPs : 192.168.0.0/16
+Denied  client IPs : 192.168.1.1,blah.verybadhost.com
+Time restrictions  : 0900-1800 (enabled)
+Max sim sessions   : 0 (unlimited)
+
+
+  "/./" at the end of a home directory means that this user will be chrooted.
+
+
+     ------------------------ COMMITTING CHANGES ------------------------
+      
+
+IMPORTANT:
+
+You can add, modify and delete users with the previous commands, or by
+editing /etc/pureftpd.passwd by hand. But the FTP server won't consider the
+changes you make to that file, until you commit them.
+
+Committing changes really means that a new file is created from
+/etc/pureftpd.passwd (or whatever file name you choose) . That new file is a
+PureDB file. It contains exactly the same info than the other file. But in
+that file, accounts are sorted and indexed for faster access, even with
+thousands of accounts. PureDB files are binary files, don't try to view them
+or your terminal will beep like hell.
+
+Let's create a PureDB file from /etc/pureftpd.passwd. The indexed file will
+be called /etc/pureftpd.pdb (as always, choose whatever name you like):
+
+                                pure-pw mkdb
+                        
+this reads /etc/pureftpd.passwd and creates /etc/pureftpd.pdb by default, but
+to read another file, add the pdb file, optionnaly followed by -f <passwd file>
+
+For instance:
+
+  pure-pw mkdb /etc/accounts/myaccounts.pdb -f /etc/accounts/myaccounts.txt
+
+All modifications you made to the virtual users database will be committed
+automatically: all new accounts will be activated at the same time and all
+deleted users won't be able to log in as soon as you'll have hit the Return
+key.
+
+There's no need to restart the pure-ftpd server to commit changes.
+
+You can also change something to the text passwords file (add users, change
+password, delete users, etc) and automatically run 
+"pure-pw mkdb /etc/pureftpd.pdb" afterwards. To do so, just use the -m
+switch:
+
+pure-pw passwd joe -m
+
+This command will change Joe's password in pureftpd.passwd *and* commit the
+change to /etc/pureftpd.pwd .
+
+
+  ------------------------ ENABLING VIRTUAL USERS ------------------------
+  
+  
+Of course, to use virtual users, you have to enable their support in the FTP
+server itself. At compile-time, this is done by giving --with-puredb to
+./configure (--with-everything also enables it and binary packages have it
+compiled in) .
+
+Then, add this switch to your usual pure-ftpd switches:
+
+-l puredb:/path/to/puredb_file
+
+If long options are enabled, you can also use --login instead of -l .
+
+Let's run the server with automatic creation of home directories and puredb
+authentication:
+
+/usr/local/sbin/pure-ftpd -j -lpuredb:/etc/pureftpd.pdb &
+
+Try to 'ftp localhost' and log in as joe.
+
+
+------------------------ CONVERTING SYSTEM ACCOUNTS ------------------------
+  
+  
+You can convert all system (/etc/passwd) accounts to virtual FTP users, with
+the "pure-pwconvert" tool.
+
+Just run it:
+
+                    pure-pwconvert >> /etc/pureftpd.passwd
+
+
+If you do it as a non-privileged user, passwords won't be filled in. If you
+do it as root, everything will be copied, even hashed passwords.
+
+Copying system accounts to FTP accounts makes sense, because that way, users
+can use different passwords for FTP and for Telnet access.
+
+
+  ------------------------ ENVIRONNEMENT VARIABLES ------------------------
+  
+  
+If defined, a PURE_PASSWDFILE environment variable can set the default path
+to the pureftpd.passwd file. Without this variable, it defaults to
+/etc/pureftpd.passwd .  
+  
+If defined, a PURE_DBFILE environment variable can set the default path
+to the pureftpd.pdb file. Without this variable, it defaults to
+/etc/pureftpd.pdb .  
+  

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/pure-ftpd.conf

@@ -0,0 +1,459 @@
+
+############################################################
+#                                                          #
+#             Configuration file for pure-ftpd             #
+#                                                          #
+############################################################
+
+# If you want to run Pure-FTPd with this configuration
+# instead of command-line options, please run the
+# following command :
+#
+# ${exec_prefix}/sbin/sbin/pure-ftpd /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure-ftpd.conf
+#
+# Online documentation:
+# https://www.pureftpd.org/project/pure-ftpd/doc
+
+
+# Restrict users to their home directory
+
+ChrootEveryone               yes
+
+
+
+# If the previous option is set to "no", members of the following group
+# won't be restricted. Others will be. If you don't want chroot()ing anyone,
+# just comment out ChrootEveryone and TrustedGID.
+
+# TrustedGID                   100
+
+
+
+# Turn on compatibility hacks for broken clients
+
+BrokenClientsCompatibility   no
+
+
+
+# Maximum number of simultaneous users
+
+MaxClientsNumber             50
+
+
+
+# Run as a background process
+
+Daemonize                    yes
+
+
+
+# Maximum number of simultaneous clients with the same IP address
+
+MaxClientsPerIP              8
+
+
+
+# If you want to log all client commands, set this to "yes".
+# This directive can be specified twice to also log server responses.
+
+VerboseLog                   no
+
+
+
+# List dot-files even when the client doesn't send "-a".
+
+DisplayDotFiles              yes
+
+
+
+# Disallow authenticated users - Act only as a public FTP server.
+
+AnonymousOnly                no
+
+
+
+# Disallow anonymous connections. Only accept authenticated users.
+
+NoAnonymous                  no
+
+
+
+# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
+# The default facility is "ftp". "none" disables logging.
+
+SyslogFacility               ftp
+
+
+
+# Display fortune cookies
+
+# FortunesFile                 /usr/share/fortune/zippy
+
+
+
+# Don't resolve host names in log files. Recommended unless you trust
+# reverse host names, and don't care about DNS resolution being possibly slow.
+
+DontResolve                  yes
+
+
+
+# Maximum idle time in minutes (default = 15 minutes)
+
+MaxIdleTime                  15
+
+
+
+# LDAP configuration file (see README.LDAP)
+
+# LDAPConfigFile               /etc/pureftpd-ldap.conf
+
+
+
+# MySQL configuration file (see README.MySQL)
+
+# MySQLConfigFile              /etc/pureftpd-mysql.conf
+
+
+# PostgreSQL configuration file (see README.PGSQL)
+
+# PGSQLConfigFile              /etc/pureftpd-pgsql.conf
+
+
+# PureDB user database (see README.Virtual-Users)
+
+# PureDB                       /etc/pureftpd.pdb
+
+
+# Path to pure-authd socket (see README.Authentication-Modules)
+
+# ExtAuth                      /var/run/ftpd.sock
+
+
+
+# If you want to enable PAM authentication, uncomment the following line
+
+# PAMAuthentication            yes
+
+
+
+# If you want simple Unix (/etc/passwd) authentication, uncomment this
+
+# UnixAuthentication           yes
+
+
+
+# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
+# UnixAuthentication can be used specified once, but can be combined
+# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
+# the SQL server will be used first. If the SQL authentication fails because the
+# user wasn't found, a new attempt will be done using system authentication.
+# If the SQL authentication fails because the password didn't match, the
+# authentication chain stops here. Authentication methods are chained in
+# the order they are given.
+
+
+
+# 'ls' recursion limits. The first argument is the maximum number of
+# files to be displayed. The second one is the max subdirectories depth.
+
+LimitRecursion               10000 8
+
+
+
+# Are anonymous users allowed to create new directories?
+
+AnonymousCanCreateDirs       no
+
+
+
+# If the system load is greater than the given value, anonymous users
+# aren't allowed to download.
+
+MaxLoad                      4
+
+
+
+# Port range for passive connections - keep it as broad as possible.
+
+# PassivePortRange             30000 50000
+
+
+
+# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
+# Symbolic host names are also accepted for gateways with dynamic IP
+# addresses.
+
+# ForcePassiveIP               192.168.0.1
+
+
+
+# Upload/download ratio for anonymous users.
+
+# AnonymousRatio               1 10
+
+
+
+# Upload/download ratio for all users.
+# This directive supersedes the previous one.
+
+# UserRatio                    1 10
+
+
+
+# Disallow downloads of files owned by the "ftp" system user;
+# files that were uploaded but not validated by a local admin.
+
+AntiWarez                    yes
+
+
+
+# IP address/port to listen to (default=all IP addresses, port 21).
+
+# Bind                         127.0.0.1,21
+
+
+
+# Maximum bandwidth for anonymous users in KB/s
+
+# AnonymousBandwidth           8
+
+
+
+# Maximum bandwidth for *all* users (including anonymous) in KB/s
+# Use AnonymousBandwidth *or* UserBandwidth, not both.
+
+# UserBandwidth                8
+
+
+
+# File creation mask. <umask for files>:<umask for dirs> .
+# 177:077 if you feel paranoid.
+
+Umask                        133:022
+
+
+
+# Minimum UID for an authenticated user to log in.
+# For example, a value of 100 prevents all users whose user id is below
+# 100 from logging in. If you want "root" to be able to log in, use 0.
+
+MinUID                       100
+
+
+
+# Allow FXP transfers for authenticated users.
+
+AllowUserFXP                 no
+
+
+
+# Allow anonymous FXP for anonymous and non-anonymous users.
+
+AllowAnonymousFXP            no
+
+
+
+# Users can't delete/write files starting with a dot ('.')
+# even if they own them. But if TrustedGID is enabled, that group
+# will exceptionally have access to dot-files.
+
+ProhibitDotFilesWrite        no
+
+
+
+# Prohibit *reading* of files starting with a dot (.history, .ssh...)
+
+ProhibitDotFilesRead         no
+
+
+
+# Don't overwrite files. When a file whose name already exist is uploaded,
+# it gets automatically renamed to file.1, file.2, file.3, ...
+
+AutoRename                   no
+
+
+
+# Prevent anonymous users from uploading new files (no = upload is allowed)
+
+AnonymousCantUpload          no
+
+
+
+# Only connections to this specific IP address are allowed to be
+# non-anonymous. You can use this directive to open several public IPs for
+# anonymous FTP, and keep a private firewalled IP for remote administration.
+# You can also only allow a non-routable local IP (such as 10.x.x.x) for
+# authenticated users, and run a public anon-only FTP server on another IP.
+
+# TrustedIP                    10.1.1.1
+
+
+
+# To add the PID to log entries, uncomment the following line.
+
+# LogPID                       yes
+
+
+
+# Create an additional log file with transfers logged in a Apache-like format :
+# fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
+# This log file can then be processed by common HTTP traffic analyzers.
+
+# AltLog                       clf:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in a format optimized
+# for statistic reports.
+
+# AltLog                       stats:/var/log/pureftpd.log
+
+
+
+# Create an additional log file with transfers logged in the standard W3C
+# format (compatible with many HTTP log analyzers)
+
+# AltLog                       w3c:/var/log/pureftpd.log
+
+
+
+# Disallow the CHMOD command. Users cannot change perms of their own files.
+
+# NoChmod                      yes
+
+
+
+# Allow users to resume/upload files, but *NOT* to delete them.
+
+# KeepAllFiles                 yes
+
+
+
+# Automatically create home directories if they are missing
+
+# CreateHomeDir                yes
+
+
+
+# Enable virtual quotas. The first value is the max number of files.
+# The second value is the maximum size, in megabytes.
+# So 1000:10 limits every user to 1000 files and 10 MB.
+
+# Quota                        1000:10
+
+
+
+# If your pure-ftpd has been compiled with standalone support, you can change
+# the location of the pid file. The default is /var/run/pure-ftpd.pid
+
+# PIDFile                      /var/run/pure-ftpd.pid
+
+
+
+# If your pure-ftpd has been compiled with pure-uploadscript support,
+# this will make pure-ftpd write info about new uploads to
+# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
+# spawn a script to handle the upload.
+# Don't enable this option if you don't actually use pure-uploadscript.
+
+# CallUploadScript             yes
+
+
+
+# This option is useful on servers where anonymous upload is
+# allowed. When the partition is more that percententage full,
+# new uploads are disallowed.
+
+MaxDiskUsage                   99
+
+
+
+# Set to 'yes' to prevent users from renaming files.
+
+# NoRename                     yes
+
+
+
+# Be 'customer proof': forbids common customer mistakes such as
+# 'chmod 0 public_html', that are valid, but can cause customers to
+# unintentionally shoot themselves in the foot.
+
+CustomerProof                yes
+
+
+
+# Per-user concurrency limits. Will only work if the FTP server has
+# been compiled with --with-peruserlimits.
+# Format is: <max sessions per user>:<max anonymous sessions>
+# For example, 3:20 means that an authenticated user can have up to 3 active
+# sessions, and that up to 20 anonymous sessions are allowed.
+
+# PerUserLimits                3:20
+
+
+
+# When a file is uploaded and there was already a previous version of the file
+# with the same name, the old file will neither get removed nor truncated.
+# The file will be stored under a temporary name and once the upload is
+# complete, it will be atomically renamed. For example, when a large PHP
+# script is being uploaded, the web server will keep serving the old version and
+# later switch to the new one as soon as the full file will have been
+# transferred. This option is incompatible with virtual quotas.
+
+# NoTruncate                   yes
+
+
+
+# This option accepts three values:
+# 0: disable SSL/TLS encryption layer (default).
+# 1: accept both cleartext and encrypted sessions.
+# 2: refuse connections that don't use the TLS security mechanism,
+#    including anonymous sessions.
+# Do _not_ uncomment this blindly. Double check that:
+# 1) The server has been compiled with TLS support (--with-tls),
+# 2) A valid certificate is in place,
+# 3) Only compatible clients will log in.
+
+# TLS                          1
+
+
+# Cipher suite for TLS sessions.
+# The default suite is secure and setting this property is usually
+# only required to *lower* the security to cope with legacy clients.
+# Prefix with -C: in order to require valid client certificates.
+# If -C: is used, make sure that clients' public keys are present on
+# the server.
+
+# TLSCipherSuite               HIGH
+
+
+
+# Certificate file, for TLS
+# The certificate itself and the keys can be bundled into the same
+# file or split into two files.
+# CertFile is for a cert+key bundle, CertFileAndKey for separate files.
+# Use only one of these.
+
+# CertFile                     /etc/ssl/private/pure-ftpd.pem
+# CertFileAndKey               "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"
+
+
+
+# Unix socket of the external certificate handler, for TLS
+
+# ExtCert                      /var/run/ftpd-certs.sock
+
+
+# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV4Only                     yes
+
+
+
+# Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4)
+# By default, both IPv4 and IPv6 are enabled.
+
+# IPV6Only                     yes

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/pureftpd-ldap.conf

@@ -0,0 +1,88 @@
+
+#############################################
+#                                           #
+# Sample Pure-FTPd LDAP configuration file. #
+# See README.LDAP for explanations.         #
+#                                           #
+#############################################
+
+
+# Optional: scheme to connect with to LDAP server. Default: ldap
+# Other possible values: ldaps, ldapi, etc.
+# Remember to set LDAPPort accordingly.
+
+LDAPScheme ldap
+
+
+# Optional: name of the LDAP server. Default: localhost
+
+LDAPServer ldap.example.com
+
+
+# Optional: server port. Default: 389
+
+LDAPPort   389
+
+
+# Mandatory: the base DN to search accounts from. No default.
+
+LDAPBaseDN cn=Users,dc=c9x,dc=org
+
+
+# Optional: who we should bind the server as.
+# Default: binds anonymously or binds as 'ftp' user
+
+LDAPBindDN cn=Manager,dc=c9x,dc=org
+
+
+# Password if we don't bind anonymously
+# This configuration file should be only readable by root
+
+LDAPBindPW r00tPaSsw0rD
+
+
+# Optional: default UID, when there's no entry in a user object
+
+# LDAPDefaultUID 500
+
+
+# Optional: default GID, when there's no entry in a user object
+
+# LDAPDefaultGID 100
+
+
+# Filter to use to find the object that contains user info
+# \L is replaced by the login the user is trying to log in as
+# The default filter is (&(objectClass=posixAccount)(uid=\L))
+
+# LDAPFilter (&(objectClass=posixAccount)(uid=\L))
+
+
+# Attribute to get the home directory
+# Default is homeDirectory (the standard attribute from posixAccount)
+
+# LDAPHomeDir homeDirectory
+
+
+# LDAP protocol version to use
+# Version 3 (default) is mandatory with recent releases of OpenLDAP.
+
+# LDAPVersion 3
+
+
+# Optional: use TLS to connect to the LDAP server
+# Note: if ldaps scheme is used, this property has no effect
+# LDAPUseTLS  True
+
+
+# Can be PASSWORD or BIND.
+# PASSWORD retrieves objects and checks against the userPassword attribute
+# BIND tries to bind
+
+LDAPAuthMethod PASSWORD
+
+
+# Optional: default home directory if there's LDAPHomeDir entry
+
+# LDAPDefaultHomeDirectory /var/shared
+

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/pureftpd-mysql.conf

@@ -0,0 +1,126 @@
+
+##############################################
+#                                            #
+# Sample Pure-FTPd Mysql configuration file. #
+# See README.MySQL for explanations.         #
+#                                            #
+##############################################
+
+
+# Optional : MySQL server name or IP. Don't define this for unix sockets.
+
+# MYSQLServer     127.0.0.1
+
+
+# Optional : MySQL port. Don't define this if a local unix socket is used.
+
+# MYSQLPort       3306
+
+
+# Optional : define the location of mysql.sock if the server runs on this host.
+
+MYSQLSocket     /var/run/mysqld/mysqld.sock
+
+
+# Mandatory : user to bind the server as.
+
+MYSQLUser       root
+
+
+# Mandatory : user password. You must have a password.
+
+MYSQLPassword   rootpw
+
+
+# Mandatory : database to open.
+
+MYSQLDatabase   pureftpd
+
+
+# Mandatory : how passwords are stored
+# Valid values are : "cleartext", "argon2", "scrypt", "crypt", "sha1", "md5", "password" and "any"
+# ("password" = MySQL password() function, which is sha1(sha1(password)))
+
+MYSQLCrypt      scrypt
+
+
+# In the following directives, parts of the strings are replaced at
+# run-time before performing queries :
+#
+# \L is replaced by the login of the user trying to authenticate.
+# \I is replaced by the IP address the user connected to.
+# \P is replaced by the port number the user connected to.
+# \R is replaced by the IP address the user connected from.
+# \D is replaced by the remote IP address, as a long decimal number.
+#
+# Very complex queries can be performed using these substitution strings,
+# especially for virtual hosting.
+
+# Query to execute in order to fetch the password
+
+MYSQLGetPW      SELECT Password FROM users WHERE User='\L'
+
+
+# Query to execute in order to fetch the system user name or uid
+MYSQLGetUID     SELECT Uid FROM users WHERE User='\L'
+
+
+# Optional : default UID - if set this overrides MYSQLGetUID
+
+#MYSQLDefaultUID 1000
+
+
+# Query to execute in order to fetch the system user group or gid
+
+MYSQLGetGID     SELECT Gid FROM users WHERE User='\L'
+
+
+# Optional : default GID - if set this overrides MYSQLGetGID
+
+#MYSQLDefaultGID 1000
+
+
+# Query to execute in order to fetch the home directory
+
+MYSQLGetDir     SELECT Dir FROM users WHERE User='\L'
+
+
+# Optional : query to get the maximal number of files 
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User='\L'
+
+
+# Optional : query to get the maximal disk usage (virtual quotas)
+# The number should be in Megabytes.
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# MySQLGetQTASZ  SELECT QuotaSize FROM users WHERE User='\L'
+
+
+# Optional : ratios. The server has to be compiled with ratio support.
+
+# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L'
+# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L'
+
+
+# Optional : bandwidth throttling.
+# The server has to be compiled with throttling support.
+# Values are in KB/s .
+
+# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\L'
+# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\L'
+
+
+# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
+# 1) You know what you are doing.
+# 2) Real and virtual users match.
+
+# MySQLForceTildeExpansion 1
+
+
+# If you're using a transactionnal storage engine, you can enable SQL
+# transactions to avoid races. Leave this commented if you are using the
+# traditional MyIsam engine.
+
+# MySQLTransactions On

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/pureftpd-pgsql.conf

@@ -0,0 +1,110 @@
+
+###################################################
+#                                                 #
+# Sample Pure-FTPd PostgreSQL configuration file. #
+# See README.PGSQL for explanations.              #
+#                                                 #
+###################################################
+
+
+# If PostgreSQL listens to a TCP socket
+
+PGSQLServer     localhost
+PGSQLPort       5432 
+
+
+# *or* if PostgreSQL can only be reached through a local Unix socket
+
+# PGSQLServer     /tmp
+# PGSQLPort       .s.PGSQL.5432
+
+
+# Mandatory : user to bind the server as.
+
+PGSQLUser       postgres
+
+
+# Mandatory : user password. You *must* have a password.
+
+PGSQLPassword   rootpw
+
+
+# Mandatory : database to open.
+
+PGSQLDatabase   pureftpd
+
+
+# Mandatory : how passwords are stored
+# Valid values are : "cleartext", "argon2", "scrypt", "crypt", "md5", "sha1" and "any"
+
+PGSQLCrypt      scrypt
+
+
+# In the following directives, parts of the strings are replaced at
+# run-time before performing queries :
+#
+# \L is replaced by the login of the user trying to authenticate.
+# \I is replaced by the IP address the user connected to.
+# \P is replaced by the port number the user connected to.
+# \R is replaced by the IP address the user connected from.
+# \D is replaced by the remote IP address, as a long decimal number.
+#
+# Very complex queries can be performed using these substitution strings,
+# especially for virtual hosting.
+
+
+# Query to execute in order to fetch the password
+
+PGSQLGetPW      SELECT "Password" FROM users WHERE "User"='\L'
+
+
+# Query to execute in order to fetch the system user name or uid
+
+PGSQLGetUID     SELECT "Uid" FROM users WHERE "User"='\L'
+
+
+# Optional : default UID - if set this overrides PGSQLGetUID
+
+#PGSQLDefaultUID 1000
+
+
+# Query to execute in order to fetch the system user group or gid
+
+PGSQLGetGID     SELECT "Gid" FROM users WHERE "User"='\L'
+
+
+# Optional : default GID - if set this overrides PGSQLGetGID
+
+#PGSQLDefaultGID 1000
+
+
+# Query to execute in order to fetch the home directory
+
+PGSQLGetDir     SELECT "Dir" FROM users WHERE "User"='\L'
+
+
+# Optional : query to get the maximal number of files 
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# PGSQLGetQTAFS  SELECT "QuotaFiles" FROM users WHERE "User"='\L'
+
+
+# Optional : query to get the maximal disk usage (virtual quotas)
+# The number should be in Megabytes.
+# Pure-FTPd must have been compiled with virtual quotas support.
+
+# PGSQLGetQTASZ  SELECT "QuotaSize" FROM users WHERE "User"='\L'
+
+
+# Optional : ratios. The server has to be compiled with ratio support.
+
+# PGSQLGetRatioUL SELECT "ULRatio" FROM users WHERE "User"='\L'
+# PGSQLGetRatioDL SELECT "DLRatio" FROM users WHERE "User"='\L'
+
+
+# Optional : bandwidth throttling.
+# The server has to be compiled with throttling support.
+# Values are in KB/s .
+
+# PGSQLGetBandwidthUL SELECT "ULBandwidth" FROM users WHERE "User"='\L'
+# PGSQLGetBandwidthDL SELECT "DLBandwidth" FROM users WHERE "User"='\L'

EVSE/GPL/pure-ftpd-1.0.49/release/share/doc/pure-ftpd/pureftpd.schema

@@ -0,0 +1,64 @@
+#
+# pureftpd.schema
+#
+# Pure-FTPd User LDAP Schema
+# See README.LDAP in the Pure-FTPd documentation for more information.
+#
+# Written by Ben Gertzfield <che =AT= debian -DOT- org>
+#
+
+## Pure-FTPd-related LDAP attributes
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
+        DESC 'Quota (in number of files) for an FTP user'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes'
+        DESC 'Quota (in megabytes) for an FTP user'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio'
+        DESC 'Ratio (compared with FTPRatioDown) for uploaded files'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio'
+        DESC 'Ratio (compared with FTPRatioUp) for downloaded files'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth'
+        DESC 'Bandwidth (in KB/s) to limit upload speeds to'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth'
+        DESC 'Bandwidth (in KB/s) to limit download speeds to'
+        EQUALITY integerMatch        
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus'
+        DESC 'Account status: enabled or disabled'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid'
+        DESC 'System uid (overrides uidNumber if present)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid'
+        DESC 'System uid (overrides gidNumber if present)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+## New Pure-FTPd object type
+
+objectclass ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser'
+        DESC 'PureFTPd user with optional quota, throttling and ratio'
+        SUP top AUXILIARY
+        MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ 
+              FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $
+              FTPuid $ FTPgid ) )

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-authd.8

@@ -0,0 +1,146 @@
+.TH "pure-authd" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-authd \- External authentication agent for Pure\-FTPd.
+.SH "SYNTAX"
+.LP
+pure\-authd [\fI\-p\fP <\fI/path/to/pidfile\fP>] [\fI\-u\fP uid] [\fI\-g\fP gid] [\fI\-B\fP] <\fI\-s\fP /path/to/socket> \fI\-r\fP /program/to/run
+
+.SH "DESCRIPTION"
+.LP
+pure\-authd is a daemon that forks an authentication program, waits for an authentication reply, and feed them to an application server.
+.LP
+pure\-authd listens to a local Unix socket. A new connection to that socket should feed pure\-authd the following structure:
+.IP
+account:xxx
+
+password:xxx
+
+localhost:xxx
+
+localport:xxx
+
+peer:xxx
+
+end
+.LP
+(replace xxx with appropriate values) . localhost, localport and peer are numeric IP addresses and ports. peer is the IP address of the remote client.
+.LP
+These arguments are passed to the authentication program, as environment variables:
+.IP
+AUTHD_ACCOUNT
+
+AUTHD_PASSWORD
+
+AUTHD_LOCAL_IP
+
+AUTHD_LOCAL_PORT
+
+AUTHD_REMOTE_IP
+
+AUTHD_ENCRYPTED
+.LP
+The authentication program should take appropriate actions to fetch account info according to these arguments, and reply to the standard output a structure like the following one:
+.IP
+auth_ok:1
+
+uid:42
+
+gid:21
+
+dir:/home/j
+
+end
+
+.TP
+\fBauth_ok:\fRxxx
+If xxx is 0, the user was not found (the next authentication method passed to pure\-ftpd will be tried) . If xxx is \-1, the user was found, but there was a fatal authentication error: user is root, password is wrong, account has expired, etc (next authentication methods will not be tried) . If xxx is 1, the user was found and successfully authenticated.
+.TP
+\fBuid:\fRxxx
+The system uid to be assigned to that user. Must be > 0.
+.TP
+\fBgid:\fRxxx
+The primary system gid. Must be > 0.
+.TP
+\fBdir:\fRxxx
+The absolute path to the home directory. Can contain /./ for a chroot jail.
+.TP
+\fBslow_tilde_expansion:\fRxxx \fI(optional, default is 1)\fR
+When the command 'cd ~user' is issued, it's handy to go to that user's home directory, as expected in a shell environment. But fetching account info can be an expensive operation for non\-system accounts. If xxx is 0, 'cd ~user' will expand to the system user home directory. If xxx is 1, 'cd ~user' won't expand. You should use 1 in most cases with external authentication, when your FTP users don't match system users. You can also set xxx to 1 if you're using slow nss_* system authentication modules.
+.TP
+\fBthrottling_bandwidth_ul:\fRxxx \fI(optional)\fR
+The allocated bandwidth for uploads, in bytes per second.
+.TP
+\fBthrottling_bandwidth_dl:\fRxxx \fI(optional)\fR
+The allocated bandwidth for downloads, in bytes per second.
+.TP
+\fBuser_quota_size:\fRxxx \fI(optional)\fR
+The maximal total size for this account, in bytes.
+.TP
+\fBuser_quota_files:\fRxxx \fI(optional)\fR
+The maximal number of files for this account.
+.TP
+\fBratio_upload:\fRxxx \fI(optional)\fR
+.TP
+\fBradio_download:\fRxxx \fI(optional)\fR
+The user must match a ratio_upload:ratio_download ratio.
+.LP
+\fIOnly one authentication program is forked at a time. It must return quickly.\fR
+.SH "OPTIONS"
+.TP
+\fB\-u\fR <\fIuid\fP>
+Have the daemon run with that uid.
+.TP
+\fB\-g\fR <\fIgid\fP>
+Have the daemon run with that gid.
+.TP
+\fB\-B\fR
+Fork in background (daemonization).
+.TP
+\fB\-s\fR <\fI/path/to/socket\fP>
+Set the full path to the local Unix socket.
+.TP
+\fB\-r\fR <\fI/path/to/program\fP>
+Set the full path to the authentication program.
+.TP
+\fB\-h\fR
+Output help information and exit.
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-authd \-s /var/run/ftpd.sock \-r /usr/bin/my\-auth\-program &
+.LP
+pure\-ftpd \-lextauth:/var/run/ftpd.sock &
+.TP
+/usr/bin/my\-auth\-program can be as simple as:
+#! /bin/sh
+
+echo 'auth_ok:1'
+
+echo 'uid:42'
+
+echo 'gid:21'
+
+echo 'dir:/home/j'
+
+echo 'end'
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959",
+.BR "RFC 2389",
+.BR "RFC 2228" " and"
+.BR "RFC 2428".

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-certd.8

@@ -0,0 +1,98 @@
+.TH "pure-certd" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-certd \- TLS certificate agent for Pure\-FTPd.
+.SH "SYNTAX"
+.LP
+pure\-certd [\fI\-p\fP <\fI/path/to/pidfile\fP>] [\fI\-u\fP uid] [\fI\-g\fP gid] [\fI\-B\fP] <\fI\-s\fP /path/to/socket> \fI\-r\fP /program/to/run
+
+.SH "DESCRIPTION"
+.LP
+pure\-certd is a daemon that forks an authentication program, waits for a certificate path as a reply, and returns it to an application server.
+.LP
+pure\-certd listens to a local Unix socket. A new connection to that socket should send pure\-authd the following structure:
+.IP
+sni_name:xxx
+end
+.LP
+These content is passed to the authentication program, as an environment variable:
+.IP
+CERTD_SNI_NAME
+.LP
+The authentication program should take appropriate actions to select a TLS certificate, and reply to the standard output with the following format:
+.IP
+action:strict
+cert_file:/path/to/cert.pem
+key_file:/path/to/cert.pem
+end
+.TP
+\fBcert_file:\fRxxx
+Absolute path to the certificate in PEM format.
+.TP
+\fBkey_file:\fRxxx
+This is optional, as a certificate and its key can be concatenated in the same file.
+.TP
+\fBaction:\fRxxx
+If action is "deny", a certificate for that name was not found and access is denied.
+If xxx is "default", the default certificate will be used.
+If xxx is "strict", the certificate whose path is indicated in "cert_path" will be used. If absent or invalid, access will be denied.
+If xxx is "fallback", the certificate whose path is indicated in "cert_path" will be used. If absent or invalid, the default certificate will be used instead.
+.TP
+\fBuid:\fRxxx
+The system uid to be assigned to that user. Must be > 0.
+.TP
+\fBgid:\fRxxx
+The primary system gid. Must be > 0.
+.TP
+\fBdir:\fRxxx
+The absolute path to the home directory. Can contain /./ for a chroot jail.
+.LP
+\fIOnly one authentication program is forked at a time. It must return quickly.\fR
+.SH "OPTIONS"
+.TP
+\fB\-u\fR <\fIuid\fP>
+Have the daemon run with that uid.
+.TP
+\fB\-g\fR <\fIgid\fP>
+Have the daemon run with that gid.
+.TP
+\fB\-B\fR
+Fork in background (daemonization).
+.TP
+\fB\-s\fR <\fI/path/to/socket\fP>
+Set the full path to the local Unix socket.
+.TP
+\fB\-r\fR <\fI/path/to/program\fP>
+Set the full path to the authentication program.
+.TP
+\fB\-h\fR
+Output help information and exit.
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-certd \-s /var/run/certd.sock \-r /usr/bin/my\-cert\-program &
+.LP
+pure\-ftpd \-lextauth:/var/run/certd.sock &
+.TP
+/usr/bin/my\-cert\-program can be as simple as:
+#! /bin/sh
+
+echo 'action:strict'
+
+echo 'cert_file:/etc/ssl/private/pure-ftpd/cert.pem'
+
+echo 'end'
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-ftpd.8

@@ -0,0 +1,1036 @@
+.\"
+.\" Troll-FTPd is Copyright 1995-2000 Trolltech AS, and Copyright 2001-2002 Arnt Gulbrandsen.
+.\" Pure-FTPd is (C)opyleft 2001-2019 by Frank DENIS <j at pureftpd dot org> and the Pure-FTPd team.
+.\"
+.\" Use, modification and distribution is allowed without limitation, warranty, or liability of any kind.
+.\"
+.TH "pure-ftpd" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+pure\-ftpd \- simple File Transfer Protocol server
+
+.SH "SYNOPSIS"
+.B pure\-ftpd [\-0] [\-1] [\-2 cert_file[,key_file]] [\-3 certd_socket] [\-4] [\-6] [\-a gid] [\-A] [\-b] [\-B] [\-c clients] [\-C cnx/ip] [\-d [\-d]] [\-D] [\-e] [\-E] [\-f facility] [\-F fortunes file] [\-g pidfile] [\-G] [\-H] [\-i] [\-I] [\-j] [\-J ciphers] [\-k percentage] [\-K] [\-l authentication[:config file]] [\-L max files:max depth] [\-m maxload] [\-M] [\-n maxfiles:maxsize] [\-N] [\-o] [\-O format:log file] [\-p first:last] [\-P ip address or host name] [\-q upload:download ratio] [\-Q upload:download ratio] [\-r] [\-R] [\-s] [\-S [address,][port]] [\-t upload bandwidth:download bandwidth] [\-T upload bandwidth:download bandwidth] [\-u uid] [\-U umask files:umask dirs] [\-v bonjour name] [\-V ip address] [\-w] [\-W] [\-x] [\-X] [\-y max user sessions:max anon sessions] [\-Y tls behavior] [\-z] [\-Z]
+
+.br
+Alternative style:
+.br
+\-0 \-\-notruncate
+.br
+\-1 \-\-logpid
+.br
+\-2 \-\-certfile
+.br
+\-3 \-\-extcert
+.br
+\-4 \-\-ipv4only
+.br
+\-6 \-\-ipv6only
+.br
+\-a \-\-trustedgid
+.br
+\-A \-\-chrooteveryone
+.br
+\-b \-\-brokenclientscompatibility
+.br
+\-B \-\-daemonize
+.br
+\-c \-\-maxclientsnumber
+.br
+\-C \-\-maxclientsperip
+.br
+\-d \-\-verboselog
+.br
+\-D \-\-displaydotfiles
+.br
+\-e \-\-anonymousonly
+.br
+\-E \-\-noanonymous
+.br
+\-f \-\-syslogfacility
+.br
+\-F \-\-fortunesfile
+.br
+\-g \-\-pidfile
+.br
+\-G \-\-norename
+.br
+\-h \-\-help
+.br
+\-H \-\-dontresolve
+.br
+\-i \-\-anonymouscantupload
+.br
+\-I \-\-maxidletime
+.br
+\-j \-\-createhomedir
+.br
+\-J \-\-tlsciphersuite
+.br
+\-k \-\-maxdiskusagepct
+.br
+\-K \-\-keepallfiles
+.br
+\-l \-\-login
+.br
+\-L \-\-limitrecursion
+.br
+\-m \-\-maxload
+.br
+\-M \-\-anonymouscancreatedirs
+.br
+\-n \-\-quota
+.br
+\-N \-\-natmode
+.br
+\-o \-\-uploadscript
+.br
+\-O \-\-altlog
+.br
+\-p \-\-passiveportrange
+.br
+\-P \-\-forcepassiveip
+.br
+\-q \-\-anonymousratio
+.br
+\-Q \-\-userratio
+.br
+\-r \-\-autorename
+.br
+\-R \-\-nochmod
+.br
+\-s \-\-antiwarez
+.br
+\-S \-\-bind
+.br
+\-t \-\-anonymousbandwidth
+.br
+\-T \-\-userbandwidth
+.br
+\-u \-\-minuid
+.br
+\-U \-\-umask
+.br
+\-v \-\-bonjour
+.br
+\-V \-\-trustedip
+.br
+\-w \-\-allowuserfxp
+.br
+\-W \-\-allowanonymousfxp
+.br
+\-x \-\-prohibitdotfileswrite
+.br
+\-X \-\-prohibitdotfilesread
+.br
+\-y \-\-peruserlimits
+.br
+\-Y \-\-tls
+.br
+\-z \-\-allowdotfiles
+.br
+\-Z \-\-customerproof
+
+.SH "DESCRIPTION"
+.B Pure\-FTPd
+is a small, simple server for the old and hairy File Transfer
+Protocol, designed to use less resources than older servers, be
+smaller and very secure, and to never execute any external program.
+.PP
+It support most\-used features and commands of FTP (including many modern
+extensions), and leaves out everything which is deprecated, meaningless,
+insecure, or correlates with trouble.
+.PP
+IPv6 is fully supported.
+
+.SH "OPTIONS"
+.TP
+.B \-0
+When a file is uploaded and there is already a previous version of the
+file with the same name, the old file will neither get removed nor truncated.
+Upload will take place in a temporary file and once the upload is complete,
+the switch to the new version will be atomic. This option should not be used
+together with virtual quotas.
+.TP
+.B \-1
+Add the PID to the syslog output. Ignored if 
+.B -f
+.B none
+is set.
+.TP
+.B \-2 cert_file[,key_file]
+When using TLS, set the path to the certificate file. The certificate
+and its key can be be bundled into a single file, or the key can be
+in a distinct file.
+.TP
+.B \-3 path
+Path to the pure-certd UNIX socket.
+.TP
+.B \-4
+Listen only to IPv4 connections.
+.TP
+.B \-6
+Listen only to IPv6 connections.
+.TP
+.B \-a gid
+Regular users will be chrooted to their home directories, unless
+they belong to the specified gid. Note that root is always trusted,
+and that chroot() occurs only for anonymous ftp without this option.
+.TP
+.B \-A
+Chroot() everyone, but root.
+.TP
+.B \-b
+Be broken. Turns on some compatibility hacks for shoddy clients, and for broken Netfilter gateways.
+.TP
+.B \-B
+Start the standalone server in background (daemonize).
+.TP
+.B \-c clients
+Allow a maximum of
+.I clients
+to be connected.
+.I clients
+must be at least 1, and if you combine it with
+.B \-p
+it will be forced down to half the number of ports specified by
+.B \-p.
+If more than
+.I clients
+are connected, new clients are rejected at once, even clients wishing
+to upload, or to log in as normal users. Therefore, it is advisable
+to use
+.B \-m
+as primary overload protection. The default value is 50.
+.TP
+.B \-C max connection per ip
+Limit the number of simultaneous connections
+coming from the same IP address. This is yet another very effective way to
+prevent stupid denial of services and bandwidth starvation by a single user.
+It works only when the server is launched in standalone mode (if you use a
+super\-server, it is supposed to do that). If the server is launched with
+.B \-C 2
+, it doesn't mean that the total number of connection is limited to 2.
+But the same client, coming from the same machine (or at least the same IP),
+can't have more than two simultaneous connections. This features needs some
+memory to track IP addresses, but it's recommended to use it.
+.TP
+.B \-d
+turns on debug logging. Every command is logged, except that the argument
+to PASS is changed to "<password>". If you repeat
+.B \-d
+, responses too are logged.
+.TP
+.B \-e
+Only allow anonymous users to log in.
+.TP
+.B \-E
+Only allow authenticated login. Anonymous users are prohibited.
+.TP
+.B \-f facility
+makes ftpd use
+.I facility
+for all
+.BR syslog (3)
+messages.
+.I facility
+defaults to
+.BR ftp .
+The facility names are normally listed in
+.IR /usr/include/sys/syslog.h .
+Note that if
+.B \-f
+is not the first option on the command line, a couple of messages may
+be logged to local2 before the
+.B \-f
+option is parsed.
+Use
+.B \-f none
+to disable logging.
+.TP
+.B \-F fortunes file
+Display a funny random message in the initial login banner. The
+random cookies are extracted from a text file, in the standard
+.B fortune
+format. If you installed the
+.B fortune
+package, you should have a directory
+(usually
+.B /usr/share/fortune
+) with binary files (
+.B xxxx.dat
+) and text files
+(without the
+.B .dat
+extension).
+.TP
+.B \-g pidfile
+In standalone mode, write the pid to that file in instead of
+/var/run/pure-ftpd.pid .
+.TP
+.B \-G
+When this option is enabled, people can no more change the name of already
+uploaded files, even if they own those files or their directory.
+.TP
+.B \-H
+Don't resolve host names ("192.0.34.166" will be logged instead of
+"www.example.com"). It can significantly speed up connections and reduce
+bandwidth usage on busy servers. Use it especially on public FTP sites.
+.TP
+.B \-i
+Disallow upload for anonymous users, whatever directory permissions
+are. This option is especially useful for virtual hosting, to avoid your
+users create warez sites in their account.
+.TP
+.B \-I timeout
+Change the maximum idle time. The timeout is in minutes, and defaults to 15.
+.TP
+.B \-j
+If the home directory of a user doesn't exist, automatically
+create it. The newly created home directory belongs to the user, and
+permissions are set according to the current directory mask. To avoid local
+attacks, the parent directory should never belong to an untrusted user.
+.TP
+.B \-J ciphers
+Set the list of ciphers that will be accepted for TLS connections.
+.TP
+.B \-k percentage
+Disallow upload if the partition is more than
+.B percentage
+full. Example:
+\-k 95 will ensure that your disk will never get filled more than 95% by FTP
+users.
+.TP
+.B \-K
+Allow users to resume and upload files, but NOT to delete them. Directories
+can be removed, but only if they are empty.
+.TP
+.B \-l authentication:file
+Enable a new authentication method. It can be one of:
+.I -l unix
+For standard (/etc/passwd) authentication.
+.I -l pam
+For PAM authentication.
+.I -l ldap:LDAP config file
+For LDAP directories.
+.I -l mysql:MySQL config file
+For MySQL databases.
+.I -l pgsql:Postgres config file
+For Postgres databases.
+.I -l puredb:PureDB database file
+For PureDB databases.
+.I -l extauth:path to pure-authd socket
+For external authentication handlers.
+.br
+Different authentication methods can be mixed together. For instance if you
+run the server with
+.I -lpuredb:/opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pwd.pdb -lmysql:/opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/my.cf -lunix
+Accounts will first be authenticated from a PureDB database. If it fails, a
+MySQL server will be asked. If the account is still not found is the
+database, standard unix accounts will be scanned. Authentication methods are
+tried in the order you give the -l options, if you do not give -l, then the
+decision comes from configure, if PAM is built in, it is used, if not,
+then UNIX (/etc/passwd) is used by default.
+.br
+See the
+.I README.LDAP
+and
+.I README.MySQL
+files for info about the built\-in LDAP and SQL directory support.
+.TP
+.B \-L max files:max depth
+Avoid denial\-of\-service attacks by limiting the number of displayed files
+in a 'ls' and the maximum depth of a recursive 'ls'. Defaults are 2000:5
+(2000 files displayed for a single 'ls' and walk through 5 subdirectories
+max).
+.TP
+.B \-m load
+Do not allow anonymous users to download files if the load is above
+.I load
+when the user connects. Uploads and file listings are still allowed,
+as are downloads by real users. The user is not told about this until
+he/she tries to download a file.
+.TP
+.B \-M
+Allow anonymous users to create directories.
+.TP
+.B \-n maxfiles:maxsize
+Enable
+.B virtual quotas
+When virtual quotas are enabled, .ftpquota files are created, and the
+number of files for a user is restricted to 'maxfiles'. The max total size
+of his directory is also restricted to 'maxsize' Megabytes. Members of the
+trusted group aren't subject to quotas.
+.TP
+.B \-N
+NAT mode. Force
+.B active
+mode. If your FTP server is behind a NAT box
+that doesn't support applicative FTP proxying, or if you use port
+redirection without a transparent FTP proxy, use this. Well... the previous
+sentence isn't very clear. Okay: if your network looks like this:
+.br
+FTP\-\-NAT.gateway/router\-\-Internet
+.br
+and if you want people coming from the internet to have access to your FTP
+server, please try without this option first. If Netscape clients can
+connect without any problem, your NAT gateway rulez. If Netscape doesn't
+display directory listings, your NAT gateway sucks. Use
+\fB\-N\fR
+as a workaround.
+.TP
+.B \-o
+Enable
+.IR pure\-uploadscript .
+.TP
+.B \-O format:log file
+Record all file transfers into a specific log
+file, in an alternative format. Currently, three formats are supported: CLF,
+Stats, W3C and xferlog.
+.br
+If you add
+.br
+\fB\-O clf:/var/log/pureftpd.log\fR
+.br
+to your starting options,
+Pure-FTPd will log transfers in
+\fB/var/log/pureftpd.log\fR
+in a format similar to
+the Apache web server in default configuration.
+.br
+If you add
+.br
+\fB\-O stats:/var/log/pureftpd.log\fR
+.br
+to your starting options,
+Pure-FTPd will create accurate log files designed for traffic analys
+software like ftpStats.
+.br
+If you add
+.br
+\fB\-O w3c:/var/log/pureftpd.log\fR
+.br
+to your starting options,
+Pure-FTPd will create W3C\-conformant log files.
+.br
+For security purposes, the path must be absolute
+(eg.
+\fB/var/log/pureftpd.log\fR, not \fB ../log/pureftpd.log\fR).
+.TP
+.B \-p first:last
+Use only ports in the range \fIfirst\fR to \fIlast\fR
+inclusive for passive\-mode downloads. This means that clients will
+not try to open connections to TCP ports outside the range \fIfirst \- last\fR,
+which makes pure\-ftpd more compatible with packet filters. Note that
+the maximum number of clients (specified with \fB\-c\fR)
+is forced down to \fI(last + 1 \- first)/2\fR
+if it is greater, as the default is. (The syntax for the port range
+is, conveniently, the same as that of
+.BR iptables).
+.TP
+.B \-P ip address or host name
+Force the specified IP address in reply to a
+.B PASV/EPSV/SPSV
+command. If the server is behind a masquerading (NAT) box that doesn't
+properly handle stateful FTP masquerading, put the ip address of that box
+here. If you have a dynamic IP address, you can use a symbolic host name
+(probably the one of your gateway), that will be resolved every time a new
+client will connect.
+.TP
+.B \-q upload:download
+Enable an upload/download ratio for anonymous users (ex:
+.I \-q 1:5
+means that 1 Mb of goodies have to be uploaded to leech 5 Mb).
+.TP
+.B \-Q upload:download
+Enable ratios for anonymous and non\-anonymous users. If the
+.I \-a
+option is also used, users from the trusted group have no ratio.
+.TP
+.B \-r
+Never overwrite existing files. Uploading a file whose name
+already exists cause an automatic rename. Files are called xyz.1, xyz.2,
+xyz.3, etc.
+.TP
+.B \-R
+Disallow users (even non-anonymous ones) usage of the CHMOD
+command. On hosting services, it may prevent newbies from doing mistakes,
+like setting bad permissions on their home directory. Only root can use
+CHMOD when this switch is enabled.
+.TP
+.B \-s
+Don't allow anonymous users to retrieve files owned by "ftp"
+(generally, files uploaded by other anonymous users).
+.TP
+.B \-S [{ip address|hostname}] [,{port|service name}]
+This option is
+only effective when the server is launched as a standalone server.
+Connections are accepted on the specified IP and port. IPv4 and IPv6 are
+supported. Numeric and fully\-qualified host names are accepted. A service
+name (see /etc/services) can be used instead of a numeric port number.
+.TP
+.B \-t bandwidth
+or
+.B \-t upload bandwidth:download bandwidth
+Enable process priority lowering and bandwidth throttling for anonymous
+users. Delay should be in kilobytes/seconds.
+.TP
+.B \-T bandwidth
+or
+.B \-T upload bandwidth:download bandwidth
+Enable process priority lowering and bandwidth throttling for *ALL*
+users.
+Pure\-FTPd should have been explicitly compiled with throttling support
+to have these flags work.
+It is possible to have different bandwidth limits for uploads and for
+downloads. '\-t' and '\-T' can indeed be followed by two numbers delimited by
+a column (':'). The first number is the upload bandwidth and the next one
+applies only to downloads. One of them can be left blank which means infinity.
+A single number without any column means that the same limit applies to upload
+and download.
+.TP
+.B \-u uid
+Do not allow uids below \fIuid\fR
+to log in (typically, low\-numbered \fIuid\fRs
+are used for administrative accounts).
+.B "\-u 100"
+is sufficient to deny access to all administrative accounts on many
+linux boxes, where 99 is the last administrative account. Anonymous
+FTP is allowed even if the uid of the ftp user is smaller than
+.IR uid .
+.B "\-u 1"
+denies access only to root accounts. The default is to allow FTP
+access to all accounts.
+.TP
+.B \-U umask files:umask dirs
+Change the mask for creation of new files and directories. The default are 133 (files are
+readable -but not writable- by other users) and 022 (same thing for directory, with the execute bit on).
+If new files should only be readable by the user, use 177:077. If you want uploaded files to be executable,
+use 022:022 (files will be readable by other people) or 077:077 (files will only be
+readable by their owner).
+.TP
+.B \-v bonjour name
+Set the Bonjour name of the service (only available on MacOS X when Bonjour support is compiled in).
+.TP
+.B \-V ip address
+Allow non-anonymous FTP access only on this specific
+local IP address. All other IP addresses are only anonymous. With that
+option, you can have routed IPs for public access, and a local IP (like
+10.x.x.x) for administration. You can also have a routable trusted IP
+protected by firewall rules, and only that IP can be used to login as a
+non-anonymous user.
+.TP
+.B \-w
+Enable support for the FXP protocol, for non\-anonymous users only.
+.TP
+.B \-W
+Enable the FXP protocol for everyone.
+\fIFXP IS AN UNSECURE PROTOCOL. NEVER ENABLE IT ON UNTRUSTED NETWORKS.\fR
+.TP
+.B \-x
+In normal operation mode, authenticated users can read/write files
+beginning with a dot ('.'). Anonymous users can't, for security reasons
+(like changing banners or a forgotten .rhosts). When '\-x' is used,
+authenticated users can download dot\-files, but not overwrite/create them,
+even if they own them. That way, you can prevent hosted users from messing
+\&.qmail files.
+.TP
+.B \-X
+This flag is identical to the previous one (writing dot\-files is
+prohibited), but in addition, users can't even *read* files and directories
+beginning with a dot (like "cd .ssh").
+.TP
+.B \-y per user max sessions:max anonymous sessions
+This switch enables per-user concurrency limits. Two values are separated by a
+column. The first one is the max number of concurrent sessions for a single
+login. The second one is the maximum number of anonoymous sessions.
+.TP
+.B \-Y tls behavior
+\fB\-Y 0\fR
+(default) disables TLS security mechanisms.
+.br
+\fB\-Y 1\fR
+Accept both normal sessions and TLS ones.
+.br
+\fB\-Y 2\fR
+refuses connections that aren't using TLS security mechanisms, including
+anonymous ones.
+.br
+\fB\-Y 3\fR
+refuses connections that aren't using TLS security mechanisms, and refuse
+cleartext data channels as well.
+.br
+The server must have been compiled with TLS support and a valid certificate
+must be in place to accept encrypted sessions.
+.TP
+.B \-z
+Allow anonymous users to read files and directories starting with a dot ('.').
+.TP
+.B \-Z
+Add safe guards against common customer mistakes (like chmod 0 on their own files) .
+
+
+.SH "AUTHENTICATION"
+Some of the complexities of older servers are left out.
+.PP
+This version of pure\-ftpd can use PAM for authentication. If you want it to
+consult any files like /etc/shells or /etc/ftpd/ftpusers consult pam
+docs. LDAP directories and SQL databases are also supported.
+.PP
+Anonymous users are authenticated in any of three ways:
+.PP
+1. The user logs in as "ftp" or "anonymous" and there is an
+account called "ftp" with an existing home directory. This server
+does not ask anonymous users for an email address or other password.
+.PP
+2. The user connects to an IP address which resolves to the name of a
+directory in
+.I /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure\-ftpd
+(or a symlink in that directory to a real directory), and there is an
+account called "ftp" (which does not need to have a valid home
+directory). See
+.B Virtual Servers
+below.
+.PP
+.B Ftpd
+does a
+.BR chroot (2)
+to the relevant base directory when an anonymous user logs in.
+.PP
+Note that
+.B ftpd
+allows remote users to log in as root if the password is known and \-u
+not used.
+
+.SH "UNUSUAL FEATURES"
+If a user's home directory is \fB/path/to/home/./\fR, FTP sessions under that UID will be chroot()ed. In addition, if a users's home directory is \fB/path/to/home/./directory\fR the session will be chroot()ed to /path/to/home and the FTP session will start in 'directory'.
+.PP
+As noted above, this
+.B pure\-ftpd
+omits several features that are required by the RFC or might be
+considered useful at first. Here is a list of the most important
+omissions.
+.PP
+On\-the\-fly tar is not supported, for several reasons. I feel that
+users who want to get many files should use a special FTP client such
+as "mirror," which also supports incremental fetch. I don't want to
+either add several hundred lines of code to create tar files or
+execute an external tar. Finally, on\-the\-fly tar distorts log files.
+.PP
+On\-the\-fly compression is left out too. Most files on an FTP site are
+compressed already, and if a file isn't, there presumably is a reason
+why. (As for decompression: Don't FTP users waste bandwidth enough
+without help from on\-the\-fly decompression?)
+
+.SH "DIRECTORY ALIASES"
+Shortcuts for the "cd" command can be set up if the server has been compiled
+with the \-\-with\-diraliases feature.
+.PP
+To enable directory aliases, create a file called
+.I /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pureftpd\-dir\-aliases
+and alternate lines of alias names and associated directories.
+
+.SH "ANONYMOUS FTP"
+This server leaves out some of the commands and features that have
+been used to subvert anonymous FTP servers in the past, but still you
+have to be a little bit careful in order to support anonymous FTP
+without risk to the rest of your files.
+.PP
+Make
+.I ~ftp
+and all files and directories below this directory owned by some user
+other than "ftp," and only the
+.I .../incoming
+directory/directories writable by "ftp." It is probably best if all
+directories are writable only by a special group such as "ftpadmin"
+and "ftp" is not a member of this group.
+.PP
+If you do not trust the local users, put
+.I ~ftp
+on a separate partition, so local users can't hard\-link unapproved
+files into the anonymous FTP area.
+.PP
+Use of the
+.B \-s
+option is strongly suggested. (Simply add "\-s" to the end of the
+.B ftpd
+line in
+.I /etc/inetd.conf
+to enable it.)
+.PP
+Most other FTP servers require that a number of files such as
+.I ~ftp/bin/ls
+exist. This server does not require that any files or directories
+within
+.I ~/ftp
+whatsoever exist, and I recommend that all such unnecessary files are
+removed (for no real reason).
+.PP
+It may be worth considering to run the anonymous FTP service as a
+virtual server, to get automatic logins and to firewall off the FTP
+address/port to which real users can log in.
+.PP
+If your server is a public FTP site, you may want to allow only 'ftp' and 'anonymous' users to log in. Use the
+.B \-e
+option for this. Real accounts will be ignored and you will get a secure, anonymous\-only FTP server.
+
+.SH "MAGIC FILES"
+The files
+.I <ftproot>/.banner
+and
+.I .message
+are magical.
+.P
+If there is a file called
+.I .banner
+in the root directory of the anonymous FTP area, or in the root
+directory of a virtual host, and it is shorter than 1024 bytes, it is
+printed upon login. (If the client does not log in explicitly, and an
+implicit login is triggered by a CWD or CDUP command, the banner is
+not printed. This is regrettable but hard to avoid.)
+.P
+If there is a file called
+.I .message
+in any directory and it is shorter than 1024 bytes, that file is
+printed whenever a user enters that directory using CWD or CDUP.
+
+.SH "VIRTUAL SERVERS"
+You can run several different anonymous FTP servers on one host, by
+giving the host several IP addresses with different DNS names.
+.PP
+Here are the steps needed to create an extra server using an IP alias
+on linux 2.4.x, called "ftp.example.com" on address 10.11.12.13. on
+the IP alias eth0.
+.PP
+1. Create an "ftp" account if you do not have one. It it best if
+the account does not have a valid home directory and shell. I prefer
+to make
+.I /dev/null
+the ftp account's home directory and shell.
+.B Ftpd
+uses this account to set the anonymous users' uid.
+.PP
+2. Create a directory as described in
+.B Anonymous FTP
+and make a symlink called
+.I /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure\-ftpd/10.11.12.13
+which points to this directory.
+.PP
+3. Make sure your kernel has support for IP aliases.
+.PP
+4. Make sure that the following commands are run at boot:
+.PP
+.in +2
+/sbin/ifconfig eth0:1 10.11.12.13
+.PP
+That should be all. If you have problems, here are some things to
+try.
+.PP
+First, symlink
+.I /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure\-ftpd/127.0.0.1
+to some directory and say "ftp localhost". If that doesn't log you
+in, the problem is with
+.B ftpd.
+.PP
+If not, "ping \-v 10.11.12.13" and/or "ping \-v ftp.example.com" from the
+same host. If this does not work, the problem is with the IP alias.
+.PP
+Next, try "ping \-v 10.11.12.13" from a host on the local ethernet, and
+afterwards "/sbin/arp \-a". If 10.11.12.13 is listed among the ARP
+entries with the correct hardware address, the problem is probably
+with the IP alias. If 10.11.12.13 is listed, but has hardware address
+0:0:0:0:0:0, then proxy\-ARP isn't working.
+.PP
+If none of that helps, I'm stumped. Good luck.
+.PP
+.B Warning:
+If you setup a virtual hosts, normal users will not be able to login via
+this name, so
+.B don't
+create link/directory in
+.I /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure\-ftpd
+for your regular hostname.
+
+.SH "FILES"
+.I /etc/passwd
+is used via libc (and PAM is this case), to get the uid and home
+directory of normal users, the uid and home directory of "ftp" for
+normal anonymous ftp, and just the uid of "ftp" for virtual ftp hosts.
+.PP
+.I /etc/shadow
+is used like
+.I /etc/passwd
+if shadow support is enabled.
+.PP
+.I /etc/group
+is used via libc, to get the group membership of normal users.
+.PP
+.I /proc/net/tcp
+is used to count existing FTP connections, if the
+.B \-c
+or
+.B \-p
+options are used
+.PP
+.I /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pure\-ftpd/<ip address>
+is the base directory for the <ip address> virtual ftp server, or a
+symbolic link to its base directory.
+.B Ftpd
+does a
+.BR chroot (2)
+into this directory when a user logs in to <ip address>, thus symlinks
+outside this directory will not work.
+.PP
+.I ~ftp
+is the base directory for "normal" anonymous FTP.
+.B Ftpd
+does a
+.BR chroot (2)
+into this directory when an anonymous user logs in, thus symlinks
+outside this directory will not work.
+
+.SH "LS"
+The behaviour of LIST and NLST is a tricky issue. Few servers send
+RFC\-compliant responses to LIST, and some clients depend on
+non\-compliant responses.
+.PP
+This server uses
+.BR glob (3)
+to do filename globbing.
+.PP
+The response to NLST is by default similar to that of
+.BR ls (1),
+and
+that to LIST is by default similar to that of
+.B "ls \-l"
+or
+.B "ls \-lg"
+on most Unix systems, except that the "total" count is meaningless.
+Only regular files, directories and symlinks are shown. Only important
+.B ls
+options are supported:
+.TP
+.B \-1
+Undoes
+.BR \-l " and " \-C .
+.TP
+.B \-a
+lists even files/directories whose names begin with ".".
+.TP
+.B \-C
+lists files in as many colums as will fit on the screen. Undoes
+.BR \-1 " and " \-l .
+.TP
+.B \-d
+lists argument directories' names rather their contents.
+.TP
+.B \-D
+List files beginning with a dot ('.') even when the client doesn't
+append the
+.B \-a
+option to the
+.B list
+command.
+.TP
+.B \-F
+appends '*' to executable regular files, '@' to symlinks and '/' to
+directories.
+.TP
+.B \-l
+shows various details about the file, including file group. See
+.BR ls (1)
+for details. Undoes
+.BR \-1 " and " \-C .
+.TP
+.B \-r
+reverses the sorting order (modifies
+.BR \-S " and " \-t " and the default alphabetical ordering)."
+.TP
+.B \-R
+recursively descends into subdirectories of the argument directories.
+.TP
+.B \-S
+Sorts by file size instead of by name. Undoes
+.BR \-t .
+.TP
+.B \-t
+Sorts by file modification time instead of by name. Undoes
+.BR \-S .
+
+.SH "PROTOCOL"
+Here are the FTP commands supported by this server.
+.br
+.B ABOR
+.B ALLO
+.B APPE
+.B AUTH TLS
+.B CCC
+.B CDUP
+.B CWD
+.B DELE
+.B EPRT
+.B EPSV
+.B ESTA
+.B ESTP
+.B FEAT
+.B HELP
+.B LIST
+.B MDTM
+.B MFMT
+.B MKD
+.B MLSD
+.B MLST
+.B MODE
+.B NLST
+.B NOOP
+.B PASS
+.B PASV
+.B PBSZ
+.B PORT
+.B PROT
+.B PWD
+.B QUIT
+.B REST
+.B RETR
+.B RMD
+.B RNFR
+.B RNTO
+.B SIZE
+.B SPSV
+.B STAT
+.B STOR
+.B STOU
+.B STRU
+.B SYST
+.B TYPE
+.B USER
+.B XCUP
+.B XCWD
+.B XDBG
+.B XMKD
+.B XPWD
+.B XRMD
+.B OPTS MLST
+.B OPTS UTF8
+.B SITE CHMOD
+.B SITE HELP
+.B SITE IDLE
+.B SITE TIME
+.B SITE UTIME
+
+.SH "BUGS"
+Please report bugs to the mailing\-list (see below).
+Pure\-FTPd looks very stable and is used on production servers. However it comes with no warranty and it can have nasty bugs or security flaws.
+
+.SH "HOME PAGE"
+http://www.pureftpd.org/
+.SH "NEW VERSIONS"
+See the mailing\-list on \fBhttp://www.pureftpd.org/ml/\fR.
+
+.SH "AUTHOR AND LICENSE"
+Troll\-FTPd was written by Arnt Gulbrandsen <agulbra@troll.no> and copyright 1995\-2002
+Troll Tech AS, Waldemar Thranes gate 98B, N\-0175 Oslo, Norway, fax +47
+22806380.
+.PP
+Pure\-FTPd is (C)opyleft 2001\-2019 by Frank DENIS <j at pureftpd dot org>.
+.PP
+This software is covered by the BSD license.
+.PP
+Contributors:
+.br
+ Arnt Gulbrandsen,
+ Troll Tech AS,
+ Janos Farkas,
+ August Fullford,
+ Ximenes Zalteca,
+ Patrick Michael Kane,
+ Arkadiusz Miskiewicz,
+ Michael K. Johnson,
+ Kelley Lingerfelt,
+ Sebastian Andersson,
+ Andreas Westin,
+ Jason Lunz,
+ Mathias Gumz,
+ Claudiu Costin,
+ Ping,
+ Paul Lasarev,
+ Jean\-Mathieux Schaffhauser,
+ Emmanuel Hocdet,
+ Sami Koskinen,
+ Sami Farin,
+ Luis Llorente Campo,
+ Peter Pentchev,
+ Darren Casey,
+ The Regents of the University of California,
+ Theo de Raadt (OpenBSD),
+ Matthias Andree,
+ Isak Lyberth,
+ Steve Reid,
+ RSA Data Security Inc,
+ Trilucid,
+ Dmtry Lebkov,
+ Johan Huisman,
+ Thorsten Kukuk,
+ Jan van Veen,
+ Roger Constantin Demetrescu,
+ Stefano F.,
+ Robert Varga,
+ Freeman,
+ James Metcalf,
+ Im Eunjea,
+ Philip Gladstone,
+ Kenneth Stailey,
+ Brad Smith,
+ Ulrik Sartipy, 
+ Cindy Marasco,
+ Nicolas Doye,
+ Thomas Briggs,
+ Stanton Gallegos,
+ Florin Andrei,
+ Chan Wilson,
+ Bjoern Metzdorf,
+ Ben Gertzfield,
+ Akhilesch Mritunjai,
+ Dawid Szymanski,
+ Kurt Inge Smadal,
+ Alex Dupre,
+ Gabriele Vinci,
+ Andrey Ulanov,
+ Fygul Hether,
+ Jeffrey Lim,
+ Ying-Chieh Liao,
+ Johannes Erdfelt,
+ Martin Sarfy,
+ Clive Goodhead,
+ Aristoteles Pagaltzis,
+ Stefan Hornburg,
+ Mehmet Cokcevik,
+ Brynjar Eide,
+ Torgnt Wernersson,
+ Banhalmi Csaba,
+ Volodin D,
+ Oriol Magrané,
+ Jui-Nan Lin,
+ Patrick Gosling,
+ Marc Balmer,
+ Rajat Upadhyaya / Novell,
+ Christian Cier-Zniewski,
+ Wilco Baan Hofman,
+ Clement Chauplannaz.
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389",
+.BR "RFC 2428" " and"
+.BR "RFC 4217" .

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-ftpwho.8

@@ -0,0 +1,87 @@
+.TH "pure-ftpwho" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-ftpwho \- Report current FTP sessions
+.SH "SYNTAX"
+.LP 
+pure\-ftpwho [\fI\-c\fP] [\fI\-h\fP] [\fI\-H\fP] [\fI\-n\fP] [\fI\-p\fP] [\fI\-s\fP] [\fI\-v\fP] [\fI\-w\fP] [\fI\-W\fP] [\fI\-x\fP]
+.SH "DESCRIPTION"
+.LP 
+pure\-ftpwho shows current Pure\-FTPd client sessions.
+Only the system administrator may run this.
+Output can be text (default), HTML, XML data and parser-optimized.
+The server has to be compiled with
+.B \-\-with\-ftpwho
+to support this command.
+.SH "OPTIONS"
+.TP 
+\fB\-c\fR
+the program is called via a web server (CGI interface) . Output is a
+full HTML page with the initial content\-type header. This option is
+automatically enabled if an environment variable called GATEWAY_INTERFACE is
+found. This is the default if you can the program from a CGI\-enabled web
+server.
+.TP 
+\fB\-h\fR
+Output help information and exit.
+.TP 
+\fB\-H\fR
+Don't resolve host names, and only show IP addresses (faster).
+.TP 
+\fB\-n\fR
+A synonym for \-H.
+.TP 
+\fB\-p\fR
+Output Mac OSX / GNUStep plist data.
+.TP 
+\fB\-s\fR
+Output only one line per client, with only numeric data, delimited by a | character.
+It's not very human-readable, but it's designed for easy parsing by shell scripts (cut/sed) .
+\&'|' characters in user names or file names are quoted (\e|) .
+.TP 
+\fB\-v\fR
+Output an ASCII table (just like the default mode), with more info.
+The verbose output includes the local IP, the local port, the total size of
+transferred files and the current number of transferred bytes.
+.TP 
+\fB\-w\fR
+Output a complete HTML page (web mode).
+.TP 
+\fB\-W\fR
+Output an HTML page with no header and no footer. This is an embedded
+mode, suitable for inline calls from CGI, SSI or PHP scripts.
+.TP 
+\fB\-x\fR
+Output well\-formed XML data for post\-processing.
+
+.SH "FILES"
+.LP 
+\fB/var/run/pure-ftpd/\fP
+Scoreboard directory. Should always owned by root and on a lockable
+filesystem.
+
+.SH "ENVIRONMENT VARIABLES"
+.TP 
+\fBGATEWAY_INTERFACE\fP
+If found, automatically run in CGI mode and output HTML data.
+
+.SH "AUTHORS"
+.LP 
+Frank DENIS <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2389",
+.BR "RFC 2228" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-mrtginfo.8

@@ -0,0 +1,81 @@
+.\" 
+.\" Written by Arnt Gulbrandsen <agulbra@troll.no> and copyright 1995-1999
+.\" Troll Tech AS, Waldemar Thranes gate 98B, N-0175 Oslo, Norway, fax +47
+.\" 22806380.
+.\" Pure-FTPd (C)opyleft 2001-2019 Frank Denis.
+.\" 
+.\" Use, modification and distribution is allowed without limitation,
+.\" warranty, or liability of any kind.
+.\" 
+.\" 
+.TH "pure-mrtginfo" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+pure-mrtginfo \- provide an MRTG\-graphable user count for ftpd
+
+.SH "SYNOPSIS"
+\fBpure-mrtginfo [server port]\fR
+
+.SH "DESCRIPTION"
+.B Pure-Mrtginfo
+counts the number of clients currently connected to
+.BR ftpd (8)
+and output the format in a format graphable by MRTG.
+
+.SH "OPTIONS"
+\fBserver port\fR: defaults to 21.
+
+.SH "FILES"
+.TP 
+.I /proc/net/tcp
+is used to count the connectiont to port 21.
+.TP 
+.I /proc/sys/kernel/hostname
+is used to get the fully qualified hostname.
+.TP 
+.I /proc/uptime
+is used to get the uptime.
+
+.SH "MRTG"
+MRTG is a really nice package for graphing router traffic.  Mrtg can
+also graph other information is available via SNMP or by running a
+program such as
+.BR pure-mrtginfo .
+The author of this program uses it to graph CPU load, /var usage etc.,
+and naturally the number of users connected to his FTP servers.  See
+.nf
+http://oss.oetiker.ch/mrtg/
+.fi 
+for more information about MRTG.
+
+.SH "BUGS"
+This program only works on GNU/Linux systems yet.
+
+.SH "HOME PAGE"
+http://www.pureftpd.org/
+
+.SH "AUTHOR AND LICENSE"
+Written by Arnt Gulbrandsen <agulbra@troll.no> and copyright 1995\-2002
+Troll Tech AS, Waldemar Thranes gate 98B, N\-0175 Oslo, Norway, fax +47
+22806380.
+.PP 
+Pure\-FTPd (C)opyleft 2001\-2019 by Frank DENIS <j at pureftpd dot org>.
+.PP 
+Use, modification and distribution is allowed without limitation,
+warranty, or liability of any kind.
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-pw.8

@@ -0,0 +1,86 @@
+.TH "pure-pw" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-pw \- Manage virtual users files for Pure\-FTPd
+.SH "SYNTAX"
+.LP 
+pure\-pw useradd login [\-f passwd_file] [\-F puredb_file] \-u uid [\-g gid]
+                \-D/\-d home_directory [\-c gecos]
+                [\-t download_bandwidth] [\-T upload_bandwidth]
+                [\-n max number_of_files] [\-N max_Mbytes]
+                [\-q upload_ratio] [\-Q download_ratio]
+                [\-r <allow client host>/<mask>[,<ip>/<mask>]...] [\-R <deny client host>/<mask>[,<ip>/<mask>]...]
+                [\-i <allow local host>/<mask>[,<ip>/<mask>]...] [\-I <deny local host>/<mask>[,<ip>/<mask>]...]
+                [\-y <max number of concurrent sessions>]
+                [\-z <hhmm>\-<hhmm>] [\-m]
+.br 
+pure\-pw usermod login [\-f passwd_file] [\-F puredb_file] [\-u uid] [\-g gid]
+                \-D/\-d home_directory \-[c gecos]
+                [\-t download_bandwidth] [\-T upload_bandwidth]
+                [\-n max_number_of_files] [\-N max_Mbytes]
+                [\-q upload_ratio] [\-Q download_ratio]
+                [\-r <allow client host>/<mask>[,<ip>/<mask>]...] [\-R <deny client host>/<mask>[,<ip>/<mask>]...]
+                [\-i <allow local host>/<mask>[,<ip>/<mask>]...] [\-I <deny local host>/<mask>[,<ip>/<mask>]...]
+                [\-y <max number of concurrent sessions>]
+                [\-z <hhmm>\-<hhmm>] [\-m]
+.br 
+pure\-pw userdel login [\-f passwd_file] [\-F puredb_file] [\-m]
+.br 
+pure\-pw passwd  login [\-f passwd_file] [\-F puredb_file] [\-m]
+.br 
+pure\-pw show    login [\-f passwd_file] [\-m]
+.br 
+pure\-pw mkdb    [<puredb_database_file> [\-f passwd_file]] [\-F puredb_file] 
+.br 
+pure\-pw list    [\-f passwd_file]
+.SH "DESCRIPTION"
+.LP 
+Virtual users is a simple mechanism to store a list of users, with their
+password, name, uid, directory, etc. It's just like /etc/passwd. But it's
+not /etc/passwd. It's a different file, only for FTP.
+.br 
+It means that you can easily create FTP\-only accounts without messing your
+system accounts.
+.br 
+Additionnaly, virtual users files can store individual quotas, ratios,
+bandwidth, etc. System accounts can't do this.
+.br 
+Thousands of virtual users can share the same system user, as long as they
+all are chrooted, and they have their own home directory.
+.SH "FILES"
+.LP 
+\fI/opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pureftpd.passwd\fP
+.br
+\fI/opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pureftpd.pdb\fP 
+.SH "ENVIRONMENT VARIABLES"
+.LP 
+\fIPURE_PASSWDFILE\fP
+If this variable is defined, this is the default value for the text password
+file. Without this variable, /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pureftpd.passwd is assumed.
+.br
+\fIPURE_DBFILE\fP 
+If this variable is defined, this is the default value for the PureDB password
+file. Without this variable, /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/EVSE/GPL/pure-ftpd-1.0.49/release/etc/pureftpd.pdb is assumed.
+.SH "EXAMPLES"
+.LP 
+Please read http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual\-Users
+.SH "AUTHORS"
+.LP 
+Frank DENIS <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-pwconvert.8

@@ -0,0 +1,39 @@
+.TH "pure-pwconvert" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP 
+pure\-pwconvert \- Generate a virtual users file from system accounts
+.SH "SYNTAX"
+.LP 
+pure\-pwconvert
+.SH "DESCRIPTION"
+.LP 
+This program scans system accounts (\fB/etc/passwd\fR) and outputs a FTP virtual users list, suitable to the \fBpure\-pw\fR command.
+.SH "FILES"
+.LP
+\fI/etc/passwd\fP
+.br
+\fI/etc/shadow\fP
+.br
+\fI/etc/master.passwd\fP
+.br
+
+.SH "AUTHORS"
+.LP
+Frank Denis <j at pureftpd dot org>
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959" ,
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .

EVSE/GPL/pure-ftpd-1.0.49/release/share/man/man8/pure-quotacheck.8

@@ -0,0 +1,69 @@
+.TH "pure-quotacheck" "8" "1.0.49" "Frank Denis" "Pure-FTPd"
+.SH "NAME"
+.LP
+pure\-quotacheck \- Update virtual quota files for Pure\-FTPd
+.SH "SYNTAX"
+.LP
+pure\-quotacheck \fI\-u username/gid\fP \fI\-d home directory\fP [\fI\-g group/gid\fP]
+.SH "DESCRIPTION"
+.LP
+pure\-quotacheck create a \fB.ftpquota\fR file in the specified directory.
+.br
+This file contains the current file and size of the directory, and it is used by Pure\-FTPd when virtual quotas are enabled.
+.br
+It's recommended to periodically run pure\-quotacheck for every user, in crontabs.
+.SH "OPTIONS"
+.TP
+\fB\-d\fR <\fIdirectory\fP>
+Scans the specified <\fIdirectory\fP>.
+.TP
+\fB\-g\fR <\fIgroup or gid\fP>
+Sets the group files will be scanned as. This is optional: if a user name is passed to \fB\-u</fR>, group are automatically retrieved.
+.TP
+\fB\-u\fR <\fIuser or uid\fP>
+Set the user name files will be scanned as. This is mandatory, and it can't be "root".
+.TP
+\fB\-h\fR
+Output usage information and exit.
+.SH "FILES"
+.LP
+\fI.ftpquota\fP
+.SH "EXAMPLES"
+.LP
+To run this program the standard way type:
+.LP
+pure\-quotacheck \-u john \-d /home/john
+.SH "AUTHORS"
+.LP
+Frank DENIS <j at pureftpd dot org>
+.SH "SECURITY"
+pure\-quotacheck switches real and effective uids/gids as soon as possible. Root privileges are never given back.
+.br
+pure\-quotacheck refuses to scan directories with uid = 0 (root) or gid = 0 (wheel/root) .
+.br
+pure\-quotacheck performs a chroot() call to the home directory. It never traverses parent directories.
+.br
+pure\-quotacheck only scans real files (no socket, no pipe, etc) .
+.br
+pure\-quotacheck enforces read access on directories to prevent against people doing chmod 0 before a quota scan.
+.br
+pure\-quotacheck enforces write access on the home directory to properly write the .ftpquota file.
+.br
+pure\-quotacheck never scans the same inode/device pair twice.
+
+.SH "SEE ALSO"
+.BR "ftp(1)" ,
+.BR "pure-ftpd(8)"
+.BR "pure-ftpwho(8)"
+.BR "pure-mrtginfo(8)"
+.BR "pure-uploadscript(8)"
+.BR "pure-statsdecode(8)"
+.BR "pure-pw(8)"
+.BR "pure-quotacheck(8)"
+.BR "pure-authd(8)"
+.BR "pure-certd(8)"
+
+.BR "RFC 959",
+.BR "RFC 2228",
+.BR "RFC 2389" " and"
+.BR "RFC 2428" .