18771389 Update proftpd to 1.3.5
18845170 fix for 17599705 breaks "NLST-a" ("ls -a") of current directory
--- a/components/proftpd/Makefile Wed Jun 18 11:31:57 2014 -0700
+++ b/components/proftpd/Makefile Thu Jun 19 02:03:25 2014 -0700
@@ -26,14 +26,14 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= proftpd
-COMPONENT_VERSION= 1.3.4
-COMPONENT_SUBVERSION= c
+COMPONENT_VERSION= 1.3.5
+COMPONENT_SUBVERSION=
HUMAN_VERSION= $(COMPONENT_VERSION)$(COMPONENT_SUBVERSION)
COMPONENT_PROJECT_URL= http://www.proftpd.org/
COMPONENT_SRC= $(COMPONENT_NAME)-$(HUMAN_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:fb80dd422969b8c900920a30a56f5e272862275d244d3857a980f5f2386ea912
+ sha256:c10316fb003bd25eccbc08c77dd9057e053693e6527ffa2ea2cc4e08ccb87715
COMPONENT_ARCHIVE_URL= ftp://ftp.proftpd.org/distrib/source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= service/ftp-server
@@ -46,7 +46,7 @@
sha256:bd1cb3f8ba0668981beb54d8b4de10ab204199327a464debd9da19196bbb23c4
COMPONENT_ARCHIVE_URL_1= http://downloads.sourceforge.net/gssmod/$(COMPONENT_ARCHIVE_1)
-TPNO_PROFTPD= 13478
+TPNO_PROFTPD= 17783
TPNO_MOD_GSS= 13480
include ../../make-rules/prep.mk
@@ -57,7 +57,7 @@
# enough for us. We need to include the $(COMPONENT_SUBVERSION) somehow.
# Because the IPS_COMPONENT_VERSION cannot contain letters we used '.0.5'
# instead of 'e'.
-IPS_COMPONENT_VERSION= $(COMPONENT_VERSION).0.7
+IPS_COMPONENT_VERSION= $(COMPONENT_VERSION)
# Remove -D_POSIX_PTHREAD_SEMANTICS and this comment after move to S12_45.
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS) -I/usr/include/kerberosv5 -DHAVE_KRB5_H=1 -DKRB5_DLLIMP= -DHAVE__GETGRPSBYMEMBER -D_POSIX_PTHREAD_SEMANTICS"
--- a/components/proftpd/patches/15825705.patch Wed Jun 18 11:31:57 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,414 +0,0 @@
-http://bugs.proftpd.org/show_bug.cgi?id=4014
-
-I addition, this patch backports the pr_str_get_nbytes() function.
-
-diff --git a/include/options.h b/include/options.h
-index 96fa35d..0b29bf7 100644
---- a/include/options.h
-+++ b/include/options.h
-@@ -110,6 +110,13 @@
- # define PR_TUNABLE_XFER_BUFFER_SIZE PR_TUNABLE_BUFFER_SIZE
- #endif
-
-+/* Maximum FTP command size. For details on this size of 512KB, see
-+ * the Bug#4014 discussion.
-+ */
-+#ifndef PR_TUNABLE_CMD_BUFFER_SIZE
-+# define PR_TUNABLE_CMD_BUFFER_SIZE (512 * 1024)
-+#endif
-+
- /* Maximum path length. GNU HURD (and some others) do not define
- * MAXPATHLEN. POSIX' PATH_MAX is mandated to be at least 256
- * (according to some), so 1K, in the absense of MAXPATHLEN, should be
-diff --git a/include/str.h b/include/str.h
-index b4fed7c..1cf8724 100644
---- a/include/str.h
-+++ b/include/str.h
-@@ -39,6 +39,7 @@ char *pstrndup(pool *, const char *, size_t);
-
- char *pr_str_strip(pool *, char *);
- char *pr_str_strip_end(char *, char *);
-+int pr_str_get_nbytes(const char *, const char *, off_t *);
- char *pr_str_get_word(char **, int);
-
- #define PR_STR_FL_PRESERVE_COMMENTS 0x0001
-diff --git a/modules/mod_core.c b/modules/mod_core.c
-index 18a47c2..922f4d1 100644
---- a/modules/mod_core.c
-+++ b/modules/mod_core.c
-@@ -2240,18 +2240,44 @@ MODRET set_allowforeignaddress(cmd_rec *cmd) {
- }
-
- MODRET set_commandbuffersize(cmd_rec *cmd) {
-- int size = 0;
-+ int res;
-+ size_t size = 0;
-+ off_t nbytes = 0;
- config_rec *c = NULL;
-+ const char *units = NULL;
-+
-+ if (cmd->argc < 2 || cmd->argc > 3) {
-+ CONF_ERROR(cmd, "wrong number of parameters")
-+ }
-
-- CHECK_ARGS(cmd, 1);
- CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
-
-- /* NOTE: need to add checks for maximum possible sizes, negative sizes. */
-- size = atoi(cmd->argv[1]);
-+ if (cmd->argc == 3) {
-+ units = cmd->argv[2];
-+ }
-+
-+ if (pr_str_get_nbytes(cmd->argv[1], units, &nbytes) < 0) {
-+ CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "unable to parse: ",
-+ cmd->argv[1], " ", units, ": ", strerror(errno), NULL));
-+ }
-+
-+ if (nbytes > PR_TUNABLE_CMD_BUFFER_SIZE) {
-+ char max[1024];
-+
-+ snprintf(max, sizeof(max)-1, "%lu", (unsigned long)
-+ PR_TUNABLE_CMD_BUFFER_SIZE);
-+ max[sizeof(max)-1] = '\0';
-+
-+ CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "size ", cmd->argv[1], units,
-+ "exceeds max size ", max, NULL));
-+ }
-+
-+ /* Possible truncation here, but only for an absurdly large size. */
-+ size = (size_t) nbytes;
-
- c = add_config_param(cmd->argv[0], 1, NULL);
-- c->argv[0] = pcalloc(c->pool, sizeof(int));
-- *((int *) c->argv[0]) = size;
-+ c->argv[0] = pcalloc(c->pool, sizeof(size_t));
-+ *((size_t *) c->argv[0]) = size;
-
- return PR_HANDLED(cmd);
- }
-diff --git a/src/main.c b/src/main.c
-index 3e6d637..660e14b 100644
---- a/src/main.c
-+++ b/src/main.c
-@@ -466,42 +466,21 @@ static int _dispatch(cmd_rec *cmd, int cmd_type, int validate, char *match) {
- return success;
- }
-
--/* Returns the appropriate maximum buffer length to use for FTP commands
-- * from the client, taking the CommandBufferSize directive into account.
-+/* Returns the appropriate maximum buffer size to use for FTP commands
-+ * from the client.
- */
--static long get_max_cmd_len(size_t buflen) {
-- long res;
-- int *bufsz = NULL;
-- size_t default_cmd_bufsz;
--
-- /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which
-- * is smaller than PR_DEFAULT_CMD_BUFSZ. We need to handle such cases
-- * properly.
-- */
-- default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ;
-- if (default_cmd_bufsz > buflen) {
-- default_cmd_bufsz = buflen;
-- }
--
-+static size_t get_max_cmd_sz(void) {
-+ size_t res;
-+ size_t *bufsz = NULL;
-+
- bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
- if (bufsz == NULL) {
-- res = default_cmd_bufsz;
--
-- } else if (*bufsz <= 0) {
-- pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
-- "using default buffer size (%lu) instead", *bufsz,
-- (unsigned long) default_cmd_bufsz);
-- res = default_cmd_bufsz;
--
-- } else if (*bufsz + 1 > buflen) {
-- pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
-- "using default buffer size (%lu) instead", *bufsz,
-- (unsigned long) default_cmd_bufsz);
-- res = default_cmd_bufsz;
-+ res = PR_DEFAULT_CMD_BUFSZ;
-
- } else {
-- pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
-- res = (long) *bufsz;
-+ pr_log_debug(DEBUG1, "setting CommandBufferSize to %lu",
-+ (unsigned long) *bufsz);
-+ res = *bufsz;
- }
-
- return res;
-@@ -509,21 +488,29 @@ static long get_max_cmd_len(size_t buflen) {
-
- int pr_cmd_read(cmd_rec **res) {
- static long cmd_bufsz = -1;
-- char buf[PR_DEFAULT_CMD_BUFSZ+1] = {'\0'};
-+ static char *cmd_buf = NULL;
- char *cp;
-- size_t buflen;
-+ size_t cmd_buflen;
-
- if (res == NULL) {
- errno = EINVAL;
- return -1;
- }
-
-+ if (cmd_bufsz == -1) {
-+ cmd_bufsz = get_max_cmd_sz();
-+ }
-+
-+ if (cmd_buf == NULL) {
-+ cmd_buf = pcalloc(session.pool, cmd_bufsz + 1);
-+ }
-+
- while (TRUE) {
- pr_signals_handle();
-
-- memset(buf, '\0', sizeof(buf));
-+ memset(cmd_buf, '\0', cmd_bufsz);
-
-- if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
-+ if (pr_netio_telnet_gets(cmd_buf, cmd_bufsz, session.c->instrm,
- session.c->outstrm) == NULL) {
-
- if (errno == E2BIG) {
-@@ -544,9 +531,6 @@ int pr_cmd_read(cmd_rec **res) {
- break;
- }
-
-- if (cmd_bufsz == -1)
-- cmd_bufsz = get_max_cmd_len(sizeof(buf));
--
- /* This strlen(3) is guaranteed to terminate; the last byte of buf is
- * always NUL, since pr_netio_telnet_gets() is told that the buf size is
- * one byte less than it really is.
-@@ -554,26 +538,28 @@ int pr_cmd_read(cmd_rec **res) {
- * If the strlen(3) says that the length is less than the cmd_bufsz, then
- * there is no need to truncate the buffer by inserting a NUL.
- */
-- buflen = strlen(buf);
-- if (buflen > (cmd_bufsz - 1)) {
-+ cmd_buflen = strlen(cmd_buf);
-+ if (cmd_buflen > cmd_bufsz) {
- pr_log_debug(DEBUG0, "truncating incoming command length (%lu bytes) to "
- "CommandBufferSize %lu; use the CommandBufferSize directive to increase "
-- "the allowed command length", (unsigned long) buflen,
-+ "the allowed command length", (unsigned long) cmd_buflen,
- (unsigned long) cmd_bufsz);
-- buf[cmd_bufsz - 1] = '\0';
-+ cmd_buf[cmd_bufsz-1] = '\0';
- }
-
-- if (buflen &&
-- (buf[buflen-1] == '\n' || buf[buflen-1] == '\r')) {
-- buf[buflen-1] = '\0';
-- buflen--;
-+ if (cmd_buflen &&
-+ (cmd_buf[cmd_buflen-1] == '\n' || cmd_buf[cmd_buflen-1] == '\r')) {
-+ cmd_buf[cmd_buflen-1] = '\0';
-+ cmd_buflen--;
-
-- if (buflen &&
-- (buf[buflen-1] == '\n' || buf[buflen-1] =='\r'))
-- buf[buflen-1] = '\0';
-+ if (cmd_buflen &&
-+ (cmd_buf[cmd_buflen-1] == '\n' || cmd_buf[cmd_buflen-1] =='\r')) {
-+ cmd_buf[cmd_buflen-1] = '\0';
-+ cmd_buflen--;
-+ }
- }
-
-- cp = buf;
-+ cp = cmd_buf;
- if (*cp == '\r')
- cp++;
-
-@@ -587,11 +573,11 @@ int pr_cmd_read(cmd_rec **res) {
- * command handlers themselves, via cmd->arg. This small hack
- * reduces the burden on SITE module developers, however.
- */
-- if (strncasecmp(cp, C_SITE, 4) == 0)
-+ if (strncasecmp(cp, C_SITE, 4) == 0) {
- flags |= PR_STR_FL_PRESERVE_WHITESPACE;
-+ }
-
- cmd = make_ftp_cmd(session.pool, cp, flags);
--
- if (cmd) {
- *res = cmd;
- }
-diff --git a/src/str.c b/src/str.c
-index d243a17..4f327bf 100644
---- a/src/str.c
-+++ b/src/str.c
-@@ -367,6 +367,81 @@ char *pr_str_strip_end(char *s, char *ch) {
- return s;
- }
-
-+int pr_str_get_nbytes(const char *str, const char *units, off_t *nbytes) {
-+ off_t sz;
-+ char *ptr = NULL;
-+ float factor = 0.0;
-+
-+ if (str == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ /* No negative numbers. */
-+ if (*str == '-') {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (units == NULL ||
-+ *units == '\0') {
-+ factor = 1.0;
-+
-+ } else if (strncasecmp(units, "KB", 3) == 0) {
-+ factor = 1024.0;
-+
-+ } else if (strncasecmp(units, "MB", 3) == 0) {
-+ factor = 1024.0 * 1024.0;
-+
-+ } else if (strncasecmp(units, "GB", 3) == 0) {
-+ factor = 1024.0 * 1024.0 * 1024.0;
-+
-+ } else if (strncasecmp(units, "TB", 3) == 0) {
-+ factor = 1024.0 * 1024.0 * 1024.0 * 1024.0;
-+
-+ } else if (strncasecmp(units, "B", 2) == 0) {
-+ factor = 1.0;
-+
-+ } else {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ errno = 0;
-+
-+#ifdef HAVE_STRTOULL
-+ sz = strtoull(str, &ptr, 10);
-+#else
-+ sz = strtoul(str, &ptr, 10);
-+#endif /* !HAVE_STRTOULL */
-+
-+ if (errno == ERANGE) {
-+ return -1;
-+ }
-+
-+ if (ptr != NULL && *ptr) {
-+ /* Error parsing the given string */
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ /* Don't bother applying the factor if the result will overflow the result. */
-+#ifdef ULLONG_MAX
-+ if (sz > (ULLONG_MAX / factor)) {
-+#else
-+ if (sz > (ULONG_MAX / factor)) {
-+#endif /* !ULLONG_MAX */
-+ errno = ERANGE;
-+ return -1;
-+ }
-+
-+ if (nbytes != NULL) {
-+ *nbytes = (off_t) (sz * factor);
-+ }
-+
-+ return 0;
-+}
-+
- char *pr_str_get_word(char **cp, int flags) {
- char *res, *dst;
- char quote_mode = 0;
-diff --git a/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm b/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-index ed4672a..a57c898 100644
---- a/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-+++ b/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-@@ -94,6 +94,8 @@ sub cmdbuffersz_small {
- die("Can't open $test_path: $!");
- }
-
-+ my $idle_timeout = 3;
-+
- my $config = {
- PidFile => $pid_file,
- ScoreboardFile => $scoreboard_file,
-@@ -103,6 +105,7 @@ sub cmdbuffersz_small {
- AuthGroupFile => $auth_group_file,
-
- CommandBufferSize => $cmdbufsz,
-+ TimeoutIdle => $idle_timeout,
-
- IfModules => {
- 'mod_delay.c' => {
-@@ -128,44 +131,16 @@ sub cmdbuffersz_small {
- defined(my $pid = fork()) or die("Can't fork: $!");
- if ($pid) {
- eval {
-- my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
-+ my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1);
- $client->login($user, $passwd);
-
-- my $conn = $client->list_raw($test_file);
-- unless ($conn) {
-- die("Failed to LIST $test_file: " . $client->response_code() . " " .
-- $client->response_msg());
-+ # Since our filename is longer than the CommandBufferSize, proftpd
-+ # should simply ignore this. It will fail because of the idle timeout
-+ # first.
-+ eval { $client->stat($test_file) };
-+ unless ($@) {
-+ die("STAT command succeeded unexpectedly");
- }
--
-- my $buf;
-- $conn->read($buf, 8192, 30);
-- eval { $conn->close() };
--
-- my $resp_code = $client->response_code();
-- my $resp_msg = $client->response_msg();
--
-- # CommandBufferSize works by truncating any input longer than the
-- # configured length. (It should arguably reject such longer input,
-- # but that is a different consideration.)
-- #
-- # Since our file name is longer than the CommandBufferSize, it means
-- # the path will be truncated, and the LIST should return 450.
--
-- my $expected;
--
-- $expected = 450;
-- $self->assert($expected == $resp_code,
-- test_msg("Expected $expected, got $resp_code"));
--
-- # This length is CommandBufferSize - "LIST"(4) - " "(1) - 1 for
-- # the NUL reserved in the code. Thus CommandBufferSize - 6.
-- my $truncated_name = ("A" x ($cmdbufsz - 6));
--
-- $expected = "$truncated_name: No such file or directory";
-- $self->assert($expected eq $resp_msg,
-- test_msg("Expected '$expected', got '$resp_msg'"));
--
-- $client->quit();
- };
-
- if ($@) {
-@@ -176,7 +151,7 @@ sub cmdbuffersz_small {
- $wfh->flush();
-
- } else {
-- eval { server_wait($config_file, $rfh) };
-+ eval { server_wait($config_file, $rfh, 15) };
- if ($@) {
- warn($@);
- exit 1;
-
--- a/components/proftpd/patches/17599705.patch Wed Jun 18 11:31:57 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,315 +0,0 @@
-http://bugs.proftpd.org/show_bug.cgi?id=4011
-
-diff --git a/include/fsio.h b/include/fsio.h
-index 07c18c1..a4c395e 100644
---- a/include/fsio.h
-+++ b/include/fsio.h
-@@ -189,6 +189,9 @@ struct fh_rec {
- size_t fh_iosz;
- };
-
-+/* Maximum symlink count, for loop detection. */
-+#define PR_FSIO_MAX_LINK_COUNT 32
-+
- /* Macros for that code that needs to get into the internals of pr_fs_t.
- * (These will help keep the internals as opaque as possible).
- */
-@@ -319,7 +322,11 @@ char *pr_fs_encode_path(pool *, const char *);
- int pr_fs_use_encoding(int bool);
- int pr_fs_valid_path(const char *);
- void pr_fs_virtual_path(const char *, char *, size_t);
-+
- void pr_fs_clean_path(const char *, char *, size_t);
-+int pr_fs_clean_path2(const char *, char *, size_t, int);
-+#define PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH 0x001
-+
- int pr_fs_glob(const char *, int, int (*errfunc)(const char *, int), glob_t *);
- void pr_fs_globfree(glob_t *);
- void pr_resolve_fs_map(void);
-diff --git a/modules/mod_ls.c b/modules/mod_ls.c
-index 50e8035..58e81d7 100644
---- a/modules/mod_ls.c
-+++ b/modules/mod_ls.c
-@@ -2571,46 +2571,6 @@ MODRET ls_nlst(cmd_rec *cmd) {
- }
- }
-
-- /* Clean the path. */
-- if (*target != '/') {
-- size_t cwdlen = strlen(pr_fs_getcwd());
--
-- pr_fs_clean_path(pdircat(cmd->tmp_pool, pr_fs_getcwd(), target, NULL),
-- buf, sizeof(buf));
--
-- target = buf;
--
-- /* If the given target was not an absolute path, advance past the
-- * current working directory prefix in the cleaned up target path.
-- */
-- target += cwdlen;
--
-- /* If the length of the current working directory (cwdlen) is one,
-- * it means that the current working directory is the root ('/'),
-- * and so we don't want to advance past that into the file name
-- * portion of the path.
-- */
-- if (cwdlen > 1)
-- target += 1;
--
-- } else {
-- pr_fs_clean_path(target, buf, sizeof(buf));
-- target = buf;
-- }
--
-- /* Remove any trailing separators. */
-- targetlen = strlen(target);
-- while (targetlen >= 1 &&
-- target[targetlen-1] == '/') {
--
-- if (strcmp(target, "/") == 0) {
-- break;
-- }
--
-- target[targetlen-1] = '\0';
-- targetlen = strlen(target);
-- }
--
- /* If the target is a glob, get the listing of files/dirs to send. */
- if (use_globbing &&
- pr_str_is_fnmatch(target)) {
-@@ -2715,12 +2675,36 @@ MODRET ls_nlst(cmd_rec *cmd) {
- }
-
- } else {
--
- /* A single target. If it's a directory, list the contents; if it's a
- * file, just list the file.
- */
- struct stat st;
-
-+ if (!is_dotdir(target)) {
-+ /* Clean the path. */
-+ if (*target != '/') {
-+ pr_fs_clean_path2(target, buf, sizeof(buf), 0);
-+
-+ } else {
-+ pr_fs_clean_path(target, buf, sizeof(buf));
-+ }
-+
-+ target = buf;
-+
-+ } else {
-+ /* Remove any trailing separators. */
-+ targetlen = strlen(target);
-+ while (targetlen >= 1 &&
-+ target[targetlen-1] == '/') {
-+ if (strncmp(target, "/", 2) == 0) {
-+ break;
-+ }
-+
-+ target[targetlen-1] = '\0';
-+ targetlen = strlen(target);
-+ }
-+ }
-+
- if (!ls_perms_full(cmd->tmp_pool, cmd, target, &hidden)) {
- int xerrno = errno;
-
-diff --git a/src/fsio.c b/src/fsio.c
-index 782168d..4d191fe 100644
---- a/src/fsio.c
-+++ b/src/fsio.c
-@@ -1627,8 +1627,8 @@ int pr_fs_resolve_partial(const char *path, char *buf, size_t buflen, int op) {
-
- pr_fs_t *fs = NULL;
- int len = 0, fini = 1, link_cnt = 0;
-- ino_t last_inode = 0;
-- dev_t last_device = 0;
-+ ino_t prev_inode = 0;
-+ dev_t prev_device = 0;
- struct stat sbuf;
-
- if (!path) {
-@@ -1740,16 +1740,16 @@ int pr_fs_resolve_partial(const char *path, char *buf, size_t buflen, int op) {
- char linkpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
-
- /* Detect an obvious recursive symlink */
-- if (sbuf.st_ino && (ino_t) sbuf.st_ino == last_inode &&
-- sbuf.st_dev && (dev_t) sbuf.st_dev == last_device) {
-+ if (sbuf.st_ino && (ino_t) sbuf.st_ino == prev_inode &&
-+ sbuf.st_dev && (dev_t) sbuf.st_dev == prev_device) {
- errno = ELOOP;
- return -1;
- }
-
-- last_inode = (ino_t) sbuf.st_ino;
-- last_device = (dev_t) sbuf.st_dev;
-+ prev_inode = (ino_t) sbuf.st_ino;
-+ prev_device = (dev_t) sbuf.st_dev;
-
-- if (++link_cnt > 32) {
-+ if (++link_cnt > PR_FSIO_MAX_LINK_COUNT) {
- errno = ELOOP;
- return -1;
- }
-@@ -1820,8 +1820,8 @@ int pr_fs_resolve_path(const char *path, char *buf, size_t buflen, int op) {
- pr_fs_t *fs = NULL;
-
- int len = 0, fini = 1, link_cnt = 0;
-- ino_t last_inode = 0;
-- dev_t last_device = 0;
-+ ino_t prev_inode = 0;
-+ dev_t prev_device = 0;
- struct stat sbuf;
-
- if (!path) {
-@@ -1906,16 +1906,16 @@ int pr_fs_resolve_path(const char *path, char *buf, size_t buflen, int op) {
- char linkpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
-
- /* Detect an obvious recursive symlink */
-- if (sbuf.st_ino && (ino_t) sbuf.st_ino == last_inode &&
-- sbuf.st_dev && (dev_t) sbuf.st_dev == last_device) {
-+ if (sbuf.st_ino && (ino_t) sbuf.st_ino == prev_inode &&
-+ sbuf.st_dev && (dev_t) sbuf.st_dev == prev_device) {
- errno = ELOOP;
- return -1;
- }
-
-- last_inode = (ino_t) sbuf.st_ino;
-- last_device = (dev_t) sbuf.st_dev;
-+ prev_inode = (ino_t) sbuf.st_ino;
-+ prev_device = (dev_t) sbuf.st_dev;
-
-- if (++link_cnt > 32) {
-+ if (++link_cnt > PR_FSIO_MAX_LINK_COUNT) {
- errno = ELOOP;
- return -1;
- }
-@@ -1977,22 +1977,33 @@ int pr_fs_resolve_path(const char *path, char *buf, size_t buflen, int op) {
- return 0;
- }
-
--void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-+int pr_fs_clean_path2(const char *path, char *buf, size_t buflen, int flags) {
- char workpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
- char curpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
- char namebuf[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
-- char *where = NULL, *ptr = NULL, *last = NULL;
-- int fini = 1;
-+ int fini = 1, have_abs_path = FALSE;
-
-- if (!path)
-- return;
-+ if (path == NULL ||
-+ buf == NULL) {
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (buflen == 0) {
-+ return 0;
-+ }
-
- sstrncpy(curpath, path, sizeof(curpath));
-
-+ if (*curpath == '/') {
-+ have_abs_path = TRUE;
-+ }
-+
- /* main loop */
- while (fini--) {
-- where = curpath;
-+ char *where = NULL, *ptr = NULL, *last = NULL;
-
-+ where = curpath;
- while (*where != '\0') {
- pr_signals_handle();
-
-@@ -2013,8 +2024,12 @@ void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
- ptr = last = workpath;
-
- while (*ptr) {
-- if (*ptr == '/')
-+ pr_signals_handle();
-+
-+ if (*ptr == '/') {
- last = ptr;
-+ }
-+
- ptr++;
- }
-
-@@ -2028,34 +2043,46 @@ void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
- ptr = last = workpath;
-
- while (*ptr) {
-- if (*ptr == '/')
-+ pr_signals_handle();
-+
-+ if (*ptr == '/') {
- last = ptr;
-+ }
- ptr++;
- }
-+
- *last = '\0';
- continue;
- }
-- ptr = strchr(where, '/');
-
-- if (!ptr) {
-+ ptr = strchr(where, '/');
-+ if (ptr == NULL) {
- size_t wherelen = strlen(where);
-
- ptr = where;
-- if (wherelen >= 1)
-+ if (wherelen >= 1) {
- ptr += (wherelen - 1);
-+ }
-
-- } else
-+ } else {
- *ptr = '\0';
-+ }
-
- sstrncpy(namebuf, workpath, sizeof(namebuf));
-
- if (*namebuf) {
- for (last = namebuf; *last; last++);
-- if (*--last != '/')
-+ if (*--last != '/') {
- sstrcat(namebuf, "/", sizeof(namebuf)-1);
-+ }
-
-- } else
-- sstrcat(namebuf, "/", sizeof(namebuf)-1);
-+ } else {
-+ if (have_abs_path ||
-+ (flags & PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH)) {
-+ sstrcat(namebuf, "/", sizeof(namebuf)-1);
-+ have_abs_path = FALSE;
-+ }
-+ }
-
- sstrcat(namebuf, where, sizeof(namebuf)-1);
- namebuf[sizeof(namebuf)-1] = '\0';
-@@ -2066,10 +2093,16 @@ void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
- }
- }
-
-- if (!workpath[0])
-+ if (!workpath[0]) {
- sstrncpy(workpath, "/", sizeof(workpath));
-+ }
-
- sstrncpy(buf, workpath, buflen);
-+ return 0;
-+}
-+
-+void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-+ pr_fs_clean_path2(path, buf, buflen, PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH);
- }
-
- int pr_fs_use_encoding(int bool) {
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/patches/18845170.patch Thu Jun 19 02:03:25 2014 -0700
@@ -0,0 +1,20 @@
+http://bugs.proftpd.org/show_bug.cgi?id=4069
+https://github.com/proftpd/proftpd/commit/38cf9e5028cbddee2b0dcba436d60199da1edf80
+
+--- a/modules/mod_ls.c
++++ b/modules/mod_ls.c
+@@ -2755,6 +2755,13 @@ MODRET ls_nlst(cmd_rec *cmd) {
+ parse_list_opts(&list_options, &glob_flags, TRUE);
+ }
+
++ /* If, after parsing out any options, the target string is empty, assume
++ * the current directory (Bug#4069).
++ */
++ if (*target == '\0') {
++ target = pstrdup(cmd->tmp_pool, ".");
++ }
++
+ /* If the target starts with '~' ... */
+ if (*target == '~') {
+ char pb[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
+
--- a/components/proftpd/patches/disable_mod_ctrls_for_inetd_3819.patch Wed Jun 18 11:31:57 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
---- a/modules/mod_ctrls.c
-+++ b/modules/mod_ctrls.c
-@@ -1157,7 +1157,8 @@ static void ctrls_shutdown_ev(const void *event_data, void *user_data) {
- }
-
- static void ctrls_postparse_ev(const void *event_data, void *user_data) {
-- if (!ctrls_engine) {
-+ if (ctrls_engine == FALSE ||
-+ ServerType == SERVER_INETD) {
- return;
- }
-
-diff --git a/src/ctrls.c b/src/ctrls.c
-index 232bb7d..1f47c73 100644
---- a/src/ctrls.c
-+++ b/src/ctrls.c
-@@ -1975,7 +1975,7 @@ void init_ctrls(void) {
-
- sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sockfd < 0) {
-- pr_log_pri(PR_LOG_DEBUG, "unable to create Unix domain socket: %s",
-+ pr_log_debug(DEBUG10, "unable to create Unix domain socket: %s",
- strerror(errno));
- return;
- }
-@@ -1986,7 +1986,7 @@ void init_ctrls(void) {
- socklen = sizeof(struct sockaddr_un);
-
- if (bind(sockfd, (struct sockaddr *) &sockun, socklen) < 0) {
-- pr_log_pri(PR_LOG_DEBUG,
-+ pr_log_debug(DEBUG10,
- "unable to bind to Unix domain socket at '%s': %s",
- sockpath, strerror(errno));
- (void) close(sockfd);
-@@ -1995,7 +1995,7 @@ void init_ctrls(void) {
- }
-
- if (fstat(sockfd, &st) < 0) {
-- pr_log_pri(PR_LOG_DEBUG,
-+ pr_log_debug(DEBUG10,
- "unable to stat Unix domain socket at '%s': %s",
- sockpath, strerror(errno));
- (void) close(sockfd);
-
--- a/components/proftpd/patches/proftpd-configuration-html.patch Wed Jun 18 11:31:57 2014 -0700
+++ b/components/proftpd/patches/proftpd-configuration-html.patch Thu Jun 19 02:03:25 2014 -0700
@@ -1,1658 +1,6 @@
---- proftpd-1.3.3e/doc/Configuration.html Fri Oct 5 08:38:32 2007
-+++ proftpd-1.3.3g/doc/Configuration.html Fri Feb 1 22:32:57 2013
-@@ -3,9 +3,7 @@
- ><HEAD
- ><TITLE
- >Configuration Directive List</TITLE
--><META
--NAME="GENERATOR"
--CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD
-+><meta name="generator" content="Bluefish 2.0.2" ></HEAD
- ><BODY
- CLASS="BOOK"
- BGCOLOR="#FFFFFF"
-@@ -113,11 +111,6 @@
- > -- User based allow rules</DT
- ><DT
- ><A
--HREF="#ANONRATIO"
--> AnonRatio</A
--> -- Ratio directive</DT
--><DT
--><A
- HREF="#ANONREJECTPASSWORDS"
- > AnonRejectPasswords</A
- > -- Block certain anonymous user passwords</DT
-@@ -178,21 +171,6 @@
- > -- Bind the server or Virtualhost to a specific IP address [deprecated]</DT
- ><DT
- ><A
--HREF="#BYTERATIOERRMSG"
--> ByteRatioErrMsg</A
--> -- Ratio directive</DT
--><DT
--><A
--HREF="#CAPABILITIESENGINE"
--> CapabilitiesEngine</A
--> -- Enable/disable mod_cap</DT
--><DT
--><A
--HREF="#CAPABILITIESSET"
--> CapabilitiesSet</A
--> -- Configure the set of Linux capabilities processed</DT
--><DT
--><A
- HREF="#CDPATH"
- > CDPath</A
- > -- Sets "search paths" for the cd command</DT
-@@ -218,11 +196,6 @@
- > -- Create and populate users' home directories as needed</DT
- ><DT
- ><A
--HREF="#CWDRATIOMSG"
--> CwdRatioMsg</A
--> -- Ratio directive</DT
--><DT
--><A
- HREF="#DEBUGLEVEL"
- > DebugLevel</A
- > -- Set the debugging output level</DT
-@@ -364,21 +337,11 @@
- > -- Set the file to display on quit</DT
- ><DT
- ><A
--HREF="#DISPLAYREADME"
--> DisplayReadme</A
--> -- Enable display of file modification times on a file pattern</DT
--><DT
--><A
- HREF="#EXTENDEDLOG"
- > ExtendedLog</A
- > -- Specify custom logfiles</DT
- ><DT
- ><A
--HREF="#FILERATIOERRMSG"
--> FileRatioErrMsg</A
--> -- (docs incomplete)</DT
--><DT
--><A
- HREF="#GLOBAL"
- > Global</A
- > -- Set some directives to apply across the entire daemon</DT
-@@ -399,11 +362,6 @@
- > -- Set a group-wide password</DT
- ><DT
- ><A
--HREF="#GROUPRATIO"
--> GroupRatio</A
--> -- Ratio directive</DT
--><DT
--><A
- HREF="#HIDDENSTOR"
- > HiddenStor</A
- > -- Enables more safe file uploads [deprecated]</DT
-@@ -435,11 +393,6 @@
- > -- Enable hiding of files based on user owner</DT
- ><DT
- ><A
--HREF="#HOSTRATIO"
--> HostRatio</A
--> -- Ratio directive</DT
--><DT
--><A
- HREF="#IDENTLOOKUPS"
- > IdentLookups</A
- > -- Toggle ident lookups</DT
-@@ -465,170 +418,6 @@
- > -- Load additional configuration directives from a file</DT
- ><DT
- ><A
--HREF="#LDAPALIASDEREFERENCE"
--> LDAPAliasDereference</A
--> -- Specify how LDAP alias dereferencing is done</DT
--><DT
--><A
--HREF="#LDAPATTR"
--> LDAPAttr</A
--> -- Map LDAP Attributes to something non standard</DT
--><DT
--><A
--HREF="#LDAPAUTHBINDS"
--> LDAPAuthBinds</A
--> -- (docs incomplete)</DT
--><DT
--><A
--HREF="#LDAPDEFAULTAUTHSCHEME"
--> LDAPDefaultAuthScheme</A
--> -- Set the authentication scheme/hash that is used when no leading
-- {hashname} is present.
-- </DT
--><DT
--><A
--HREF="#LDAPDEFAULTGID"
--> LDAPDefaultGID</A
--> -- Set the default GID to be assigned to users when no uidNumber
-- attribute is found.
-- </DT
--><DT
--><A
--HREF="#LDAPDEFAULTUID"
--> LDAPDefaultUID</A
--> -- Set the default UID to be assigned to users when no uidNumber
-- attribute is found.
-- </DT
--><DT
--><A
--HREF="#LDAPDNINFO"
--> LDAPDNInfo</A
--> -- Set DN information to be used for initial bind</DT
--><DT
--><A
--HREF="#LDAPDOAUTH"
--> LDAPDoAuth</A
--> -- Enable LDAP authentication</DT
--><DT
--><A
--HREF="#LDAPDOGIDLOOKUPS"
--> LDAPDoGIDLookups</A
--> -- Enable LDAP lookups for user group membership and GIDs in
-- directory listings
-- </DT
--><DT
--><A
--HREF="#LDAPDOQUOTALOOKUPS"
--> LDAPDoQuotaLookups</A
--> -- Enable LDAP quota limit support</DT
--><DT
--><A
--HREF="#LDAPDOUIDLOOKUPS"
--> LDAPDoUIDLookups</A
--> -- Enable LDAP lookups for UIDs in directory listings
-- </DT
--><DT
--><A
--HREF="#LDAPFORCEDEFAULTGID"
--> LDAPForceDefaultGID</A
--> -- Force all LDAP-authenticated users to use the same GID.</DT
--><DT
--><A
--HREF="#LDAPFORCEDEFAULTUID"
--> LDAPForceDefaultUID</A
--> -- Force all LDAP-authenticated users to use the same UID.</DT
--><DT
--><A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
--> LDAPForceGeneratedHomedir</A
--> -- Force all LDAP-authenticated users to use the default HomeDironDemand
-- prefix/suffix.
-- </DT
--><DT
--><A
--HREF="#LDAPFORCEHOMEDIRONDEMAND"
--> LDAPForceHomedirOnDemand</A
--> -- Force all LDAP-authenticated users to use the default HomeDironDemand
-- prefix/suffix. [deprecated]
-- </DT
--><DT
--><A
--HREF="#LDAPGENERATEHOMEDIR"
--> LDAPGenerateHomedir</A
--> -- Enable the creation of user home directories on demand
-- </DT
--><DT
--><A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
--> LDAPGenerateHomedirPrefix</A
--> -- Enable the creation of user home directories on demand
-- </DT
--><DT
--><A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
--> LDAPGenerateHomedirPrefixNoUsername</A
--> -- (docs incomplete)</DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMAND"
--> LDAPHomedirOnDemand</A
--> -- Enable the creation of user home directories on demand [deprecated]
-- </DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMANDPREFIX"
--> LDAPHomedirOnDemandPrefix</A
--> -- Enable the creation of user home directories on demand [deprecated]
-- </DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
--> LDAPHomedirOnDemandPrefixNoUsername</A
--> -- (docs incomplete)</DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMANDSUFFIX"
--> LDAPHomedirOnDemandSuffix</A
--> -- Specify an additional directory to be created inside a user's
-- home directory on demand. [deprecated]
-- </DT
--><DT
--><A
--HREF="#LDAPNEGATIVECACHE"
--> LDAPNegativeCache</A
--> -- Enable negative caching for LDAP lookups</DT
--><DT
--><A
--HREF="#LDAPPROTOCOLVERSION"
--> LDAPProtocolVersion</A
--> -- Set the LDAP protocol version</DT
--><DT
--><A
--HREF="#LDAPQUERYTIMEOUT"
--> LDAPQueryTimeout</A
--> -- Set a timeout for LDAP queries</DT
--><DT
--><A
--HREF="#LDAPSEARCHSCOPE"
--> LDAPSearchScope</A
--> -- Specify the search scope used in LDAP queries</DT
--><DT
--><A
--HREF="#LDAPSERVER"
--> LDAPServer</A
--> -- Specify the LDAP server to use for lookups</DT
--><DT
--><A
--HREF="#LDAPUSETLS"
--> LDAPUseTLS</A
--> -- Enable TLS/SSL connections to the LDAP server.</DT
--><DT
--><A
--HREF="#LEECHRATIOMSG"
--> LeechRatioMsg</A
--> -- Sets the 'over ratio' error message</DT
--><DT
--><A
- HREF="#LIMIT"
- > Limit</A
- > -- Set the commands/actions to be controlled</DT
-@@ -749,86 +538,11 @@
- > -- Set the port for the control socket</DT
- ><DT
- ><A
--HREF="#RADIUSACCTSERVER"
--> RadiusAcctServer</A
--> -- Setup RADIUS accounting details</DT
--><DT
--><A
--HREF="#RADIUSAUTHSERVER"
--> RadiusAuthServer</A
--> -- Setup RADIUS authenticator details</DT
--><DT
--><A
--HREF="#RADIUSENGINE"
--> RadiusEngine</A
--> -- Enable RADIUS support</DT
--><DT
--><A
--HREF="#RADIUSLOG"
--> RadiusLog</A
--> -- Specify the logfile for reporting / debugging</DT
--><DT
--><A
--HREF="#RADIUSREALM"
--> RadiusRealm</A
--> -- Setup the authentication realm</DT
--><DT
--><A
--HREF="#RADIUSUSERINFO"
--> RadiusUserInfo</A
--> -- Configure login information via RADIUS</DT
--><DT
--><A
--HREF="#RATIOFILE"
--> RatioFile</A
--> -- Ratio directive</DT
--><DT
--><A
--HREF="#RATIOS"
--> Ratios</A
--> -- (docs incomplete)</DT
--><DT
--><A
--HREF="#RATIOTEMPFILE"
--> RatioTempFile</A
--> -- Ratio directive</DT
--><DT
--><A
- HREF="#REQUIREVALIDSHELL"
- > RequireValidShell</A
- > -- Allow connections based on /etc/shells</DT
- ><DT
- ><A
--HREF="#REWRITECONDITION"
--> RewriteCondition</A
--> -- Define a rule condition</DT
--><DT
--><A
--HREF="#REWRITEENGINE"
--> RewriteEngine</A
--> -- Enable/disable mod_rewrite</DT
--><DT
--><A
--HREF="#REWRITELOCK"
--> RewriteLock</A
--> -- Set the filename for synchronization lockfile</DT
--><DT
--><A
--HREF="#REWRITELOG"
--> RewriteLog</A
--> -- Specify a log file for mod_rewrite reporting</DT
--><DT
--><A
--HREF="#REWRITEMAP"
--> RewriteMap</A
--> -- Define a rewrite map</DT
--><DT
--><A
--HREF="#REWRITERULE"
--> RewriteRule</A
--> -- Define a rewrite rule</DT
--><DT
--><A
- HREF="#RLIMITCPU"
- > RLimitCPU</A
- > -- Configure the maximum CPU time in seconds used by a process</DT
-@@ -854,11 +568,6 @@
- > -- Drop root privileges completely</DT
- ><DT
- ><A
--HREF="#SAVERATIOS"
--> SaveRatios</A
--> -- FIXME FIXME</DT
--><DT
--><A
- HREF="#SCOREBOARDFILE"
- > ScoreboardFile</A
- > -- Sets the name and path of the scoreboard file</DT
-@@ -891,7 +600,7 @@
- ><A
- HREF="#SETENV"
- > SetEnv</A
--> -- (docs incomplete)</DT
-+> -- Set environment variable</DT
- ><DT
- ><A
- HREF="#SHOWSYMLINKS"
-@@ -909,131 +618,6 @@
- > -- Tune socket-level options</DT
- ><DT
- ><A
--HREF="#SQLAUTHENTICATE"
--> SQLAuthenticate</A
--> -- Specify authentication methods and what to authenticate
-- </DT
--><DD
--><DL
--><DT
--><A
--HREF="#AEN8505"
-->Group Table Structure</A
--></DT
--></DL
--></DD
--><DT
--><A
--HREF="#SQLAUTHTYPES"
--> SQLAuthTypes</A
--> -- Specify the allowed authentication types and their check order</DT
--><DT
--><A
--HREF="#SQLBACKEND"
--> SQLBackend</A
--> -- Set the SQL backend module</DT
--><DT
--><A
--HREF="#SQLCONNECTINFO"
--> SQLConnectInfo</A
--> -- Specify connection information for the backend</DT
--><DT
--><A
--HREF="#SQLDEFAULTGID"
--> SQLDefaultGID</A
--> -- Configure the default GID for users</DT
--><DT
--><A
--HREF="#SQLDEFAULTHOMEDIR"
--> SQLDefaultHomedir</A
--> -- Configure the default homedir</DT
--><DT
--><A
--HREF="#SQLDEFAULTUID"
--> SQLDefaultUID</A
--> -- Configure the default UID for users</DT
--><DT
--><A
--HREF="#SQLENGINE"
--> SQLEngine</A
--> -- Configure how mod_sql will operate</DT
--><DT
--><A
--HREF="#SQLGROUPINFO"
--> SQLGroupInfo</A
--> -- Configure the group table and fields that hold group information</DT
--><DT
--><A
--HREF="#SQLGROUPWHERECLAUSE"
--> SQLGroupWhereClause</A
--> -- Configure a WHERE clause for every group query</DT
--><DT
--><A
--HREF="#SQLHOMEDIRONDEMAND"
--> SQLHomedirOnDemand</A
--> -- Have mod_sql create home directories as needed [deprecated]</DT
--><DT
--><A
--HREF="#SQLLOG"
--> SQLLog</A
--> -- Log information to a database table</DT
--><DT
--><A
--HREF="#SQLLOGFILE"
--> SQLLogFile</A
--> -- Specify a log file for mod_sql reporting and debugging</DT
--><DT
--><A
--HREF="#SQLMINID"
--> SQLMinID</A
--> -- Set SQLMinUserGID and SQLMinUserID in one place</DT
--><DT
--><A
--HREF="#SQLMINUSERGID"
--> SQLMinUserGID</A
--> -- Set a minimum GID</DT
--><DT
--><A
--HREF="#SQLMINUSERUID"
--> SQLMinUserUID</A
--> -- Set a minimum UID</DT
--><DT
--><A
--HREF="#SQLNAMEDQUERY"
--> SQLNamedQuery</A
--> -- Specify a query and an identifier for SQLShowInfo and SQLLog</DT
--><DT
--><A
--HREF="#SQLNEGATIVECACHE"
--> SQLNegativeCache</A
--> -- Enable negative caching for SQL lookups</DT
--><DT
--><A
--HREF="#SQLRATIOS"
--> SQLRatios</A
--> -- (docs incomplete)</DT
--><DT
--><A
--HREF="#SQLRATIOSTATS"
--> SQLRatioStats</A
--> -- (docs incomplete)</DT
--><DT
--><A
--HREF="#SQLSHOWINFO"
--> SQLShowInfo</A
--> -- Create a message to be sent to the user after any successful command</DT
--><DT
--><A
--HREF="#SQLUSERINFO"
--> SQLUserInfo</A
--> -- Configure the user table and fields that hold user information</DT
--><DT
--><A
--HREF="#SQLUSERWHERECLAUSE"
--> SQLUserWhereClause</A
--> -- Configure a WHERE clause for every user query<</DT
--><DT
--><A
- HREF="#STOREUNIQUEPREFIX"
- > StoreUniquePrefix</A
- > -- Set the prefix to be added to uniquely generated filenames</DT
-@@ -1186,7 +770,7 @@
- ><A
- HREF="#TLSPASSPHRASEPROVIDER"
- > TLSPassPhraseProvider</A
--> -- FIXFIXFIX</DT
-+> -- Configure external provider for key</DT
- ><DT
- ><A
- HREF="#TLSPROTOCOL"
-@@ -1246,7 +830,7 @@
- ><A
- HREF="#UNSETENV"
- > UnsetEnv</A
--> -- (docs incomplete)</DT
-+> -- Unset environment variable</DT
- ><DT
- ><A
- HREF="#USEFTPUSERS"
-@@ -1294,11 +878,6 @@
- > -- Creates a hardcoded username/password pair</DT
- ><DT
- ><A
--HREF="#USERRATIO"
--> UserRatio</A
--> -- Ratio directive</DT
--><DT
--><A
- HREF="#USESENDFILE"
- > UseSendfile</A
- > -- Toggles use of sendfile() functionality</DT
-@@ -1348,11 +927,6 @@
- > -- Prevent information leak through timing attacks</DT
- ><DT
- ><A
--HREF="#MOD-LDAP"
--> mod_ldap</A
--> -- LDAP authentication support</DT
--><DT
--><A
- HREF="#MOD-LOG"
- > mod_log</A
- > -- Logging support</DT
-@@ -1363,31 +937,6 @@
- > -- file listing functionality</DT
- ><DT
- ><A
--HREF="#MOD-RADIUS"
--> mod_radius</A
--> -- RADIUS based authentication support</DT
--><DT
--><A
--HREF="#MOD-RATIO"
--> mod_ratio</A
--> -- FIX ME FIX ME</DT
--><DT
--><A
--HREF="#MOD-README"
--> mod_readme</A
--> -- "README" file support</DT
--><DT
--><A
--HREF="#AEN12975"
--></A
--> -- </DT
--><DT
--><A
--HREF="#MOD-SQL"
--> mod_sql</A
--> -- SQL support module</DT
--><DT
--><A
- HREF="#MOD-TLS"
- > mod_tls</A
- > -- TLS/SSL support module</DT
-@@ -1400,7 +949,7 @@
- ><A
- HREF="#MOD-XFER"
- > mod_xfer</A
--> -- FIX ME FIX ME</DT
-+> -- control transfer</DT
- ></DL
- ></DD
- ><DT
-@@ -1465,26 +1014,6 @@
- ></DL
- ></DIV
- ><DIV
--CLASS="LOT"
--><DL
--CLASS="LOT"
--><DT
--><B
-->List of Examples</B
--></DT
--><DT
-->1-1. <A
--HREF="#EXAMPLE-USERMAP"
-->Example Usermap</A
--></DT
--><DT
-->1-2. <A
--HREF="#EXAMPLE-FIFONAMEDPIPE"
-->Example FIFO/Named Pipe 1:1 mapping</A
--></DT
--></DL
--></DIV
--><DIV
- CLASS="CHAPTER"
- ><HR><H1
- ><A
-@@ -3216,113 +2745,6 @@
- ></DIV
- ><H1
- ><A
--NAME="ANONRATIO"
--></A
-->
--AnonRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN701"
--></A
--><H2
-->Name</H2
-->AnonRatio -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN704"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->AnonRatio</B
--> [ <CODE
--CLASS="OPTION"
-->foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN731"
--></A
--><H2
-->Description</H2
--><P
-->The AnonRatio directive ....</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN734"
--></A
--><H2
-->See also</H2
--><P
-->AnonRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN737"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="ANONREJECTPASSWORDS"
- ></A
- >
-@@ -4845,320 +4267,6 @@
- ></DIV
- ><H1
- ><A
--NAME="BYTERATIOERRMSG"
--></A
-->
--ByteRatioErrMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1336"
--></A
--><H2
-->Name</H2
-->ByteRatioErrMsg -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1339"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->ByteRatioErrMsg</B
--> [ <CODE
--CLASS="OPTION"
-->foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1366"
--></A
--><H2
-->Description</H2
--><P
-->The ByteRatioErrMsg directive ....
--Example:
--ByteRatioErrMsg</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1369"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1372"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="CAPABILITIESENGINE"
--></A
-->
--CapabilitiesEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1383"
--></A
--><H2
-->Name</H2
-->CapabilitiesEngine -- Enable/disable mod_cap</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1386"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->CapabilitiesEngine</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->CapabilitiesEngine On, if running on a Linux hosts that supports capabilities</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <VirtualHost>, <Global></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_cap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.8rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1414"
--></A
--><H2
-->Description</H2
--><P
-->The CapabilitiesEngine directive enables or disables the module's
-- runtime capabilities engine. If set to off, this module does no runtime
-- capabilities processing at all. Use this directive to disable the
-- module.</P
--></DIV
--><H1
--><A
--NAME="CAPABILITIESSET"
--></A
-->
--CapabilitiesSet</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1425"
--></A
--><H2
-->Name</H2
-->CapabilitiesSet -- Configure the set of Linux capabilities processed</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1428"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->CapabilitiesSet</B
--> [ <CODE
--CLASS="OPTION"
-->[+/-]capability</CODE
-->...]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->CapabilitiesSet +CAP_CHOWN</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <VirtualHost>, <Global></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_cap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.8rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1455"
--></A
--><H2
-->Description</H2
--><P
-->By default, mod_cap removes all but two capabilities from the
-- session-handling process: CAP_NET_BIND_SERVICE, for binding to ports lower
-- than 1024 (required for active data transfers), and CAP_CHOWN, for
-- allowing a process to change a file's ownership to a different user. The
-- latter capability is only strictly necessary if the UserOwner
-- configuration directive is in use; if not being used, the CAP_CHOWN
-- capability is best removed. The CapabilitiesSet directive is used to
-- manipulate the set of capabilities that mod_cap grants.</P
--><P
-->To remove a capability, prefix the name with a '-'; to enable a
-- capability, use '+'. At present, this directive only supports one
-- capability: CAP_CHOWN.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1459"
--></A
--><H2
-->Example</H2
--><P
--> <IfModule mod_cap.c>
-- CapabilitiesEngine on
-- CapabilitiesSet -CAP_CHOWN
-- </IfModule></P
--></DIV
--><H1
--><A
- NAME="CDPATH"
- ></A
- >
-@@ -5781,115 +4889,6 @@
- ></DIV
- ><H1
- ><A
--NAME="CWDRATIOMSG"
--></A
-->
--CwdRatioMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1720"
--></A
--><H2
-->Name</H2
-->CwdRatioMsg -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1723"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->CwdRatioMsg</B
--> [ <CODE
--CLASS="OPTION"
-->foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1750"
--></A
--><H2
-->Description</H2
--><P
-->The CwdRatioMsg directive ....
--Example:
--CwdRatioMsg</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1753"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1756"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="DEBUGLEVEL"
- ></A
- >
-@@ -9452,128 +8451,6 @@
- ></DIV
- ><H1
- ><A
--NAME="DISPLAYREADME"
--></A
-->
--DisplayReadme</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3148"
--></A
--><H2
-->Name</H2
-->DisplayReadme -- Enable display of file modification times on a file pattern</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3151"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->DisplayReadme</B
--> [ <CODE
--CLASS="OPTION"
-->DisplayReadme filename or pattern</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <VirtualHost>, <Anonymous>, <Global></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_readme</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0pre8 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3178"
--></A
--><H2
-->Description</H2
--><P
-->Module: mod_readme
--The DisplayReadme directive notifies the user of the last change date of the
--specified file or pattern. Only a single DisplayReadme directive is allowed per configuration
--scope.
--DisplayReadme README
--Will result in:
--Please read the file README it was last modified on Sun Oct 17 10:36:14
--1999 - 0 days ago
--Being displayed to the user on a cwd.
--DisplayReadmePattern README*
--Will result in:
--Please read the file README
--it was last modified on Tue Jan 25 04:47:48 2000 - 0 days ago
--Please read the file README.first
--it was last modified on Tue Jan 25 04:48:04 2000 - 0 days ago
--Being displayed to the user on a cwd. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3181"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3184"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="EXTENDEDLOG"
- ></A
- >
-@@ -9733,115 +8610,6 @@
- ></DIV
- ><H1
- ><A
--NAME="FILERATIOERRMSG"
--></A
-->
--FileRatioErrMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3249"
--></A
--><H2
-->Name</H2
-->FileRatioErrMsg -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3252"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->FileRatioErrMsg</B
--> [ <CODE
--CLASS="OPTION"
-->FileRatioErrMsg foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3279"
--></A
--><H2
-->Description</H2
--><P
-->The FileRatioErrMsg directive ....
--Example:
--FileRatioErrMsg</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3282"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3285"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="GLOBAL"
- ></A
- >
-@@ -10297,115 +9065,6 @@
- ></DIV
- ><H1
- ><A
--NAME="GROUPRATIO"
--></A
-->
--GroupRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3486"
--></A
--><H2
-->Name</H2
-->GroupRatio -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3489"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->GroupRatio</B
--> [ <CODE
--CLASS="OPTION"
-->GroupRatio foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3516"
--></A
--><H2
-->Description</H2
--><P
-->The GroupRatio directive ....
--Example:
--GroupRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3519"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3522"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="HIDDENSTOR"
- ></A
- >
-@@ -11103,115 +9762,6 @@
- ></DIV
- ><H1
- ><A
--NAME="HOSTRATIO"
--></A
-->
--HostRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3817"
--></A
--><H2
-->Name</H2
-->HostRatio -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3820"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->HostRatio</B
--> [ <CODE
--CLASS="OPTION"
-->HostRatio foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3847"
--></A
--><H2
-->Description</H2
--><P
-->The HostRatio directive ....
--Example:
--HostRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3850"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3853"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="IDENTLOOKUPS"
- ></A
- >
-@@ -11255,7 +9805,7 @@
+--- a/doc/Configuration.html
++++ b/doc/Configuration.html
+@@ -10805,7 +10805,7 @@ CLASS="SYNOPSIS"
></DT
><DD
><P
@@ -1661,10629 +9,4 @@
></DD
><DT
><PRE
-@@ -11818,3747 +10368,6 @@
- ></DIV
- ><H1
- ><A
--NAME="LDAPALIASDEREFERENCE"
--></A
-->
-- LDAPAliasDereference</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4111"
--></A
--><H2
-->Name</H2
-->LDAPAliasDereference -- Specify how LDAP alias dereferencing is done</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4114"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPAliasDereference</B
--> [ <CODE
--CLASS="OPTION"
-->never</CODE
-->
-- <CODE
--CLASS="OPTION"
-->find</CODE
-->
-- <CODE
--CLASS="OPTION"
-->search</CODE
-->
-- <CODE
--CLASS="OPTION"
-->always</CODE
-->
-- ]</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4122"
--></A
--><H2
--></H2
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->LDAPAliasDereference never</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->2.8.16 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4145"
--></A
--><H2
-->Description</H2
--><P
-->Should be one of never, always, search, or find to specify that
-- aliases are never dereferenced, always dereferenced, dereferenced when
-- searching, or dereferenced only when locating the base object for the
-- search.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4148"
--></A
--><H2
-->Examples</H2
--><P
-->LDAPAliasDereference always</P
--></DIV
--><H1
--><A
--NAME="LDAPATTR"
--></A
-->
--LDAPAttr</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4159"
--></A
--><H2
-->Name</H2
-->LDAPAttr -- Map LDAP Attributes to something non standard</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4162"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPAttr</B
--> [ <CODE
--CLASS="OPTION"
-->uid</CODE
-->
-- <CODE
--CLASS="OPTION"
-->uidNumber</CODE
-->
-- <CODE
--CLASS="OPTION"
-->gidNumber</CODE
-->
-- <CODE
--CLASS="OPTION"
-->homeDirectory</CODE
-->
-- <CODE
--CLASS="OPTION"
-->userPassword</CODE
-->
-- <CODE
--CLASS="OPTION"
-->loginShell</CODE
-->
-- <CODE
--CLASS="OPTION"
-->cn</CODE
-->
-- <CODE
--CLASS="OPTION"
-->memberUid</CODE
-->
-- <CODE
--CLASS="OPTION"
-->ftpQuota</CODE
-->] [ <CODE
--CLASS="OPTION"
-->"NewAttribute"</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->2.8.13 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4199"
--></A
--><H2
-->Description</H2
--><P
-->FIXMEFIXMEFIXME</P
--><P
-->This dicrective has to be set before any of the LDAPDo* directives.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4203"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4206"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->FIXFIXFIX</P
--><P
-->FIXFIX</P
--></DIV
--><H1
--><A
--NAME="LDAPAUTHBINDS"
--></A
-->
-- LDAPAuthBinds</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4218"
--></A
--><H2
-->Name</H2
-->LDAPAuthBinds -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4221"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPAuthBinds</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
-->(docs incomplete)</B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPAuthBinds off in mod_ldap <= 2.7.6,
-- LDAPAuthBinds on in mod_ldap >= 2.8
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.5 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4249"
--></A
--><H2
-->Description</H2
--><P
-->By default, the DN specified by LDAPDNInfo will be used to
-- bind to the LDAP server to obtain user information, including the
-- userPassword attribute. If LDAPAuthBinds is set to on, the DN
-- specified by LDAPDNInfo will be used to fetch all user information
-- except the userPassword attribute. Then, mod_ldap will bind to the
-- LDAP server as the user who is logging in via FTP with the
-- user-supplied password. If this bind succeeds, the user is
-- considered authenticated and is allowed to log in. This method of
-- LDAP authentication has the added benefit of supporting any password
-- encryption scheme that your LDAP server supports.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4252"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4255"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDEFAULTAUTHSCHEME"
--></A
-->
-- LDAPDefaultAuthScheme</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4266"
--></A
--><H2
-->Name</H2
-->LDAPDefaultAuthScheme -- Set the authentication scheme/hash that is used when no leading
-- {hashname} is present.
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4269"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDefaultAuthScheme</B
--> [ <CODE
--CLASS="OPTION"
-->crypt</CODE
-->
-- <CODE
--CLASS="OPTION"
-->clear</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPDefaultAuthScheme "crypt"
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4297"
--></A
--><H2
-->Description</H2
--><P
-->Specifies the authentication scheme used for passwords with no
-- {prefix} in the LDAP database. For example, if you are using
-- something like userPassword: mypass in your LDAP database, you would
-- want to set LDAPDefaultAuthScheme to clear.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4300"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4303"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDEFAULTGID"
--></A
-->
-- LDAPDefaultGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4314"
--></A
--><H2
-->Name</H2
-->LDAPDefaultGID -- Set the default GID to be assigned to users when no uidNumber
-- attribute is found.
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4317"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDefaultGID</B
--> [ <CODE
--CLASS="OPTION"
-->default-gid</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> None
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4344"
--></A
--><H2
-->Description</H2
--><P
-->This directive is useful primarily in virtual-user
-- environments common in large-scale ISPs and hosting organizations.
-- If a user does not have a LDAP gidNumber attribute, the
-- LDAPDefaultGID is used. This allows one to have a large number of
-- users in an LDAP database without gidNumber attributes; setting this
-- configuration directive will automatically assign those users a
-- single GID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4347"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4350"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDEFAULTUID"
--></A
-->
-- LDAPDefaultUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4361"
--></A
--><H2
-->Name</H2
-->LDAPDefaultUID -- Set the default UID to be assigned to users when no uidNumber
-- attribute is found.
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4364"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDefaultUID</B
--> [ <CODE
--CLASS="OPTION"
-->default-uid</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> None
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4391"
--></A
--><H2
-->Description</H2
--><P
-->This directive is useful primarily in virtual-user
-- environments common in large-scale ISPs and hosting organizations.
-- If a user does not have a LDAP uidNumber attribute, the
-- LDAPDefaultUID is used. This allows one to have a large number of
-- users in an LDAP database without uidNumber attributes; setting this
-- configuration directive will automatically assign those users a
-- single UID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4394"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4397"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDNINFO"
--></A
-->
-- LDAPDNInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4408"
--></A
--><H2
-->Name</H2
-->LDAPDNInfo -- Set DN information to be used for initial bind</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4411"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDNInfo</B
--> [ <CODE
--CLASS="OPTION"
-->LDAPDNInfo "ldap-dn" "dn-password"</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPDNInfo "" "" (anonymous bind)
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4438"
--></A
--><H2
-->Description</H2
--><P
-->This directive specifies the LDAP DN and password to use when
-- binding to the LDAP server. If this configuration directive is not
-- specified, anonymous binds are used.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4441"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4444"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOAUTH"
--></A
-->
-- LDAPDoAuth</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4455"
--></A
--><H2
-->Name</H2
-->LDAPDoAuth -- Enable LDAP authentication</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4458"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoAuth</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"auth-base-dn"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"search-filter-template"</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPDoAuth off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4490"
--></A
--><H2
-->Description</H2
--><P
-->This configuration directive activates LDAP authentication.
-- The second argument to this directive is the LDAP base DN to use for
-- authentication. The third argument is a template to be used for the
-- search filter; %v will be replaced with the username that is being
-- authenticated.
-- By default, the search filter template
-- "(&(uid=%v)(objectclass=posixAccount))" is used.
-- The uid for the the search filter is taken from the
-- <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
--> directive.
-- Search filter
-- templates are only supported in mod_ldap v2.7 and later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4494"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4498"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOGIDLOOKUPS"
--></A
-->
-- LDAPDoGIDLookups</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4509"
--></A
--><H2
-->Name</H2
-->LDAPDoGIDLookups -- Enable LDAP lookups for user group membership and GIDs in
-- directory listings
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4512"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoGIDLookups</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"gid-base-dn"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"cn-filter-template"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"gid-number-filter-template"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"member-uid-filter-template"</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPDoGIDLookups off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4548"
--></A
--><H2
-->Description</H2
--><P
-->This configuration directive activates LDAP GID-to-name
-- lookups in directory listings. The second argument to this directive
-- is the LDAP base DN to use for GID-to-name lookups. The third
-- through fifth arguments are templates to be used for the search
-- filter; %v will be replaced with the GID that is being looked
-- up.</P
--><P
-->By default, the search filter templates look like this:</P
--><P
--> cn_filter: "(cn=%v)(objectclass=posixGroup))",
-- gidnumber_filter: "(gidNumber=%v)(objectclass=posixGroup))",
-- memberuid_filter: "(memberUid=%v)(objectclass=posixGroup))".
-- </P
--><P
-->The attribute names used in the default search filters are
-- taken from the <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
-- directive.</P
--><P
-->Filter templates are only supported in mod_ldap v2.8.3 and
-- later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4556"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4560"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOQUOTALOOKUPS"
--></A
-->
-- LDAPDoQuotaLookups</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4571"
--></A
--><H2
-->Name</H2
-->LDAPDoQuotaLookups -- Enable LDAP quota limit support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4574"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoQuotaLookups</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"base-dn"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"quota-filter-template"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"default-quota"</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPDoQuotaLookups off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8.12 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4608"
--></A
--><H2
-->Description</H2
--><P
-->This configuration directive activates LDAP quota lookups.
-- The second argument to this directive is the LDAP base DN to use for
-- quota limit search. The third argument is a template to be used for
-- the search filter; %v will be replaced with the username that is
-- being authenticated. By default, the search filter template
-- "(&(LDAPAttr_uid=%v)(objectclass=posixAccount))" is used.
--
-- The uid for the the search filter is taken from the
-- <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
--> directive
-- Search filter
-- templates are only supported in mod_ldap v2.7 and later.</P
--><P
-->If specified, the <CODE
--CLASS="OPTION"
-->default-quota<CODE
--CLASS="OPTION"
--> argument
-- specifies the quota limits to use if a user does not have a ftpQuota
-- attribute. This argument is formatted the same way as the ftpQuota
-- LDAP attribute.</CODE
--></CODE
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4615"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4619"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOUIDLOOKUPS"
--></A
-->
-- LDAPDoUIDLookups</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4630"
--></A
--><H2
-->Name</H2
-->LDAPDoUIDLookups -- Enable LDAP lookups for UIDs in directory listings
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4633"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoUIDLookups</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"uid-base-dn"</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->"uid-filter-template"</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPDoUIDLookups off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4665"
--></A
--><H2
-->Description</H2
--><P
--> This configuration directive activates LDAP UID-to-name
-- lookups in directory listings. The second argument to this directive
-- is the LDAP base DN to use for UID-to-name lookups. The third
-- argument is a template to be used for the search filter; %v will be
-- replaced with the UID that is being looked up. By default, the
-- search filter template
-- "(&(LDAPAttr_uidNumber=%v)(objectclass=posixAccount))" is used.
-- The uid for the the search filter is taken from the
-- <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
--> directive
-- Search
-- filter templates are only supported in mod_ldap v2.7 and
-- later.
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4669"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4673"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEDEFAULTGID"
--></A
-->
-- LDAPForceDefaultGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4684"
--></A
--><H2
-->Name</H2
-->LDAPForceDefaultGID -- Force all LDAP-authenticated users to use the same GID.</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4687"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPForceDefaultGID</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPForceDefaultGID off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4715"
--></A
--><H2
-->Description</H2
--><P
-->Even when a <A
--HREF="#LDAPDEFAULTGID"
-->LDAPDefaultGID</A
-->
-- is configured, mod_ldap will allow individual users to have
-- gidNumber attributes that will override this default GID. With
-- LDAPForceDefaultGID enabled, all LDAP-authenticated users are given
-- the default GID; GIDs may not be overridden by gidNumber
-- attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4719"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4722"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEDEFAULTUID"
--></A
-->
-- LDAPForceDefaultUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4733"
--></A
--><H2
-->Name</H2
-->LDAPForceDefaultUID -- Force all LDAP-authenticated users to use the same UID.</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4736"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPForceDefaultUID</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPForceDefaultUID off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4764"
--></A
--><H2
-->Description</H2
--><P
-->Even when a <A
--HREF="#LDAPDEFAULTUID"
-->LDAPDefaultUID</A
-->
-- is configured, mod_ldap will allow individual users to have
-- uidNumber attributes that will override this default UID. With
-- LDAPForceDefaultUID enabled, all LDAP-authenticated users are given
-- the default UID; UIDs may not be overridden by uidNumber
-- attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4768"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4771"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEGENERATEDHOMEDIR"
--></A
-->
-- LDAPForceGeneratedHomedir</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4782"
--></A
--><H2
-->Name</H2
-->LDAPForceGeneratedHomedir -- Force all LDAP-authenticated users to use the default HomeDironDemand
-- prefix/suffix.
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4785"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPForceGeneratedHomedir</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPForceGeneratedHomedir off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8.13 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4815"
--></A
--><H2
-->Description</H2
--><P
-->Even when a
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
-- is configured, mod_ldap will allow individual users to have
-- homeDirectory attributes that will override the default. With
-- LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given
-- the default prefix and/or suffix; homedirs may not be overridden by LDAP
-- homeDirectory attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4819"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4825"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEHOMEDIRONDEMAND"
--></A
-->
-- LDAPForceHomedirOnDemand</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4836"
--></A
--><H2
-->Name</H2
-->LDAPForceHomedirOnDemand -- Force all LDAP-authenticated users to use the default HomeDironDemand
-- prefix/suffix. [deprecated]
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4839"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPForceHomedirOnDemand</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPForceHomedirOnDemand off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8.11 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4869"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
-- Please take a look at LDAPForceGenerateHomedir
-- </P
--><P
-->Even when a
-- <A
--HREF="#LDAPHOMEDIRONDEMANDPREFIX"
-->LDAPHomeDironDemandPrefix</A
-->
-- is configured, mod_ldap will allow individual users to have
-- homeDirectory attributes that will override the default. With
-- LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given
-- the default prefix and/or suffix; homedirs may not be overridden by LDAP
-- homeDirectory attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4875"
--></A
--><H2
-->See also</H2
--><P
-->LDAPForceGenerateHomedir</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4879"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPGENERATEHOMEDIR"
--></A
-->
-- LDAPGenerateHomedir</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4890"
--></A
--><H2
-->Name</H2
-->LDAPGenerateHomedir -- Enable the creation of user home directories on demand
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4893"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPGenerateHomedir</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPGenerateHomedir off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8.13 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4923"
--></A
--><H2
-->Description</H2
--><P
-->LDAPGenerateHomedir activates on-demand home directory creation.
-- If a user logs in and does not yet have a home directory, a home
-- directory is created automatically.</P
--><P
-->In mod_ldap <= 2.7.6, the home directory will be owned by the
-- same user and group that ProFTPD runs as (see the User and Group
-- configuration directives). mod_ldap >= 2.8 can create home
-- directories for users with any UID/GID, not just those with the same
-- UID/GID as the main ProFTPD server.</P
--><P
-->The second argument allows you to specify the mode (default
-- permissions) to use when creating home directories on demand,
-- subject to ProFTPD's umask (see the Umask directive). If no
-- directory mode is specified, the default of 0755 is used. Directory
-- mode setting is only supported in mod_ldap v2.7 or later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4928"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4934"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
-->%<H1
--><A
--NAME="LDAPGENERATEHOMEDIRPREFIX"
--></A
-->
-- LDAPGenerateHomedirPrefix</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4945"
--></A
--><H2
-->Name</H2
-->LDAPGenerateHomedirPrefix -- Enable the creation of user home directories on demand
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4948"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPGenerateHomedirPrefix</B
--> [ <CODE
--CLASS="OPTION"
-->leading-path</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPGenerateHomedirPrefix off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8.13 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4975"
--></A
--><H2
-->Description</H2
--><P
-->LDAPGenerateHomedirPrefix enables a prefix to be specified for
-- on-demand home directory creation. This is most useful if mod_ldap
-- is being used to authenticate against an LDAP directory that does
-- not return a homeDirectory attribute, either because it cannot
-- (Microsoft Active Directory, for example) or because you do not wish
-- to extend your existing directory schema.</P
--><P
-->For example, setting this directive to "/home" and logging in
-- as the user "joe" would result in his home directory being created
-- as "/home/joe". The directory will be created with the mode
-- specified in <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->. To use
-- this directive, <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
--> must be
-- enabled.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4981"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4987"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
--></A
-->
--LDAPGenerateHomedirPrefixNoUsername</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4998"
--></A
--><H2
-->Name</H2
-->LDAPGenerateHomedirPrefixNoUsername -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5001"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPGenerateHomedirPrefixNoUsername</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->(docs incomplete)</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->mod_ldap 2.8.13 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5029"
--></A
--><H2
-->Description</H2
--><P
-->(docs incomplete)</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5032"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
-- <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMAND"
--></A
-->
-- LDAPHomedirOnDemand</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5046"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemand -- Enable the creation of user home directories on demand [deprecated]
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5049"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemand</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ] [ <CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPHomedirOnDemand off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5079"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
-- Please take a look at <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
-- </P
--><P
-->LDAPHomedirOnDemand activates on-demand home directory creation.
-- If a user logs in and does not yet have a home directory, a home
-- directory is created automatically.</P
--><P
-->In mod_ldap <= 2.7.6, the home directory will be owned by the
-- same user and group that ProFTPD runs as (see the User and Group
-- configuration directives). mod_ldap >= 2.8 can create home
-- directories for users with any UID/GID, not just those with the same
-- UID/GID as the main ProFTPD server.</P
--><P
-->The second argument allows you to specify the mode (default
-- permissions) to use when creating home directories on demand,
-- subject to ProFTPD's umask (see the Umask directive). If no
-- directory mode is specified, the default of 0755 is used. Directory
-- mode setting is only supported in mod_ldap v2.7 or later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5086"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5090"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMANDPREFIX"
--></A
-->
-- LDAPHomedirOnDemandPrefix</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5101"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemandPrefix -- Enable the creation of user home directories on demand [deprecated]
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5104"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemandPrefix</B
--> [ <CODE
--CLASS="OPTION"
-->leading-path</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPHomedirOnDemandPrefix off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5131"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
-- Please take a look at <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
-- </P
--><P
-->LDAPHomedirOnDemandPrefix enables a prefix to be specified for
-- on-demand home directory creation. This is most useful if mod_ldap
-- is being used to authenticate against an LDAP directory that does
-- not return a homeDirectory attribute, either because it cannot
-- (Microsoft Active Directory, for example) or because you do not wish
-- to extend your existing directory schema.</P
--><P
-->For example, setting this directive to "/home" and logging in
-- as the user "joe" would result in his home directory being created
-- as "/home/joe". The directory will be created with the mode
-- specified in <A
--HREF="#LDAPHOMEDIRONDEMAND"
-->LDAPHomedirOnDemand</A
-->. To use
-- this directive, <A
--HREF="#LDAPHOMEDIRONDEMAND"
-->LDAPHomedirOnDemand</A
--> must be
-- enabled.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5139"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5143"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
--></A
-->
--LDAPHomedirOnDemandPrefixNoUsername</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5154"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemandPrefixNoUsername -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5157"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemandPrefixNoUsername</B
--> [ <CODE
--CLASS="OPTION"
-->"name" limit|regex|ip value</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->(docs incomplete)</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5184"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
-- Please take a look at <A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
-- </P
--><P
-->(docs incomplete)</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5189"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMANDSUFFIX"
--></A
-->
-- LDAPHomedirOnDemandSuffix</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5201"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemandSuffix -- Specify an additional directory to be created inside a user's
-- home directory on demand. [deprecated]
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5204"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemandSuffix</B
--> [ <CODE
--CLASS="OPTION"
-->additional-directory1</CODE
-->
-- <CODE
--CLASS="OPTION"
-->additional-directory2</CODE
-->
-- <CODE
--CLASS="OPTION"
-->additional-directory3</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPHomedirOnDemandSuffix ""
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.6 and later.
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5233"
--></A
--><H2
-->Description</H2
--><P
--> This directive is deprecated and was removed from mod_ldap v2.8.13.
-- It has no replacement option.
-- </P
--><P
-->to be created within a user's home directory when it is
-- created on demand. For example, if a user's home directory is
-- "/home/user", setting this configuration directive to "public_html"
-- will also create "/home/user/public_html" on demand. In mod_ldap
-- v2.7.6 and earlier, you must also activate LDAPHomedirOnDemand in
-- your configuration.</P
--><P
-->mod_ldap >= 2.8 supports multiple suffix arguments and does
-- not require LDAPHomedirOnDemand to be enabled.</P
--><P
-->mod_ldap >= 2.8.11 supports additional mode information;
-- you can add ":octal-mode" to a directory argument to have it created
-- with that mode. For example,
-- LDAPHomedirOnDemandSuffix foo:700 will create the
-- suffix directory foo with the mode 700.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5239"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5242"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPNEGATIVECACHE"
--></A
-->
-- LDAPNegativeCache</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5253"
--></A
--><H2
-->Name</H2
-->LDAPNegativeCache -- Enable negative caching for LDAP lookups</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5256"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPNegativeCache</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPNegativeCache off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v1.1 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5284"
--></A
--><H2
-->Description</H2
--><P
-->LDAPNegativeCache specifies whether or not to cache negative
-- responses from the LDAP server when using LDAP for UID/GID lookups.
-- This option is useful if you also use/are in transition from another
-- authentication system; if there are many users in your old
-- authentication system that aren't in the LDAP database, there can be
-- a significant delay when a directory listing is performed as the
-- UIDs not in the LDAP database are repeatedly looked up in an attempt
-- to present usernames instead of UIDs in directory listings. With
-- LDAPNegativeCache set to on, negative ("not found") responses from
-- the LDAP server will be cached and speed will improve on directory
-- listings that contain many users not present in the LDAP
-- database.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5287"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5290"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPPROTOCOLVERSION"
--></A
-->
--LDAPProtocolVersion</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5301"
--></A
--><H2
-->Name</H2
-->LDAPProtocolVersion -- Set the LDAP protocol version</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5304"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPProtocolVersion</B
--> [ <CODE
--CLASS="OPTION"
-->2 | 3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->3</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->2.8.13 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5331"
--></A
--><H2
-->Description</H2
--><P
-->FIX FIX FIX</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5334"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5337"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->FIXFIXFIX</P
--><P
-->FIXFIX</P
--></DIV
--><H1
--><A
--NAME="LDAPQUERYTIMEOUT"
--></A
-->
-- LDAPQueryTimeout</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5349"
--></A
--><H2
-->Name</H2
-->LDAPQueryTimeout -- Set a timeout for LDAP queries</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5352"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPQueryTimeout</B
--> [ <CODE
--CLASS="OPTION"
-->timeout-seconds</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPQueryTimeout default-api-timeout
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5379"
--></A
--><H2
-->Description</H2
--><P
-->Sets the timeout used for LDAP directory queries. The default
-- is the default timeout used by your LDAP API.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5382"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5385"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPSEARCHSCOPE"
--></A
-->
-- LDAPSearchScope</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5396"
--></A
--><H2
-->Name</H2
-->LDAPSearchScope -- Specify the search scope used in LDAP queries</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5399"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPSearchScope</B
--> [ <CODE
--CLASS="OPTION"
-->onelevel</CODE
-->
-- <CODE
--CLASS="OPTION"
-->subtree</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPSearchScope subtree
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.6 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5427"
--></A
--><H2
-->Description</H2
--><P
-->Set the scope used for LDAP searches. The default setting,
-- subtree, searches for all entries in the tree from the current level
-- down. Setting this directive to onelevel searches only one level
-- deep in the LDAP tree.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5430"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5433"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPSERVER"
--></A
-->
-- LDAPServer</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5444"
--></A
--><H2
-->Name</H2
-->LDAPServer -- Specify the LDAP server to use for lookups</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5447"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPServer</B
--> [ <CODE
--CLASS="OPTION"
-->"hostname1:port1 hostname2:port2"</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPServer "localhost"
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v1.0 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5474"
--></A
--><H2
-->Description</H2
--><P
-->LDAPServer allows you to to specify the hostname(s) and
-- port(s) of the LDAP server(s) to use for LDAP authentication. If no
-- LDAPServer configuration directive is present, the default LDAP
-- servers specified by your LDAP API will be used.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5477"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5480"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPUSETLS"
--></A
-->
-- LDAPUseTLS</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5491"
--></A
--><H2
-->Name</H2
-->LDAPUseTLS -- Enable TLS/SSL connections to the LDAP server.</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5494"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPUseTLS</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> LDAPUseTLS off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_ldap v2.8 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5522"
--></A
--><H2
-->Description</H2
--><P
-->By default, mod_ldap connects to the LDAP server via a
-- non-encrypted connection. Enabling this option causes mod_ldap to
-- use an encrypted (TLS/SSL) connection to the LDAP server. If a
-- secure connection to the LDAP server fails, mod_ldap will not
-- authenticate users (mod_ldap will *not* fall back to an unsecure
-- connection).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5525"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5528"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LEECHRATIOMSG"
--></A
-->
--LeechRatioMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5539"
--></A
--><H2
-->Name</H2
-->LeechRatioMsg -- Sets the 'over ratio' error message</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5542"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LeechRatioMsg</B
--> [ <CODE
--CLASS="OPTION"
-->LeechRatioMsg foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5569"
--></A
--><H2
-->Description</H2
--><P
-->The LeechRatioMsg directive defines the response message sent
--back to the client upon breaking their quota limits.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5572"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5575"
--></A
--><H2
-->Examples</H2
--><PRE
--CLASS="PROGRAMLISTING"
-->LeechRatioMsg "please upload as well as download"</PRE
--><P
--></P
--></DIV
--><H1
--><A
- NAME="LIMIT"
- ></A
- >
-@@ -18584,967 +13393,6 @@
- ></DIV
- ><H1
- ><A
--NAME="RADIUSACCTSERVER"
--></A
-->
--RadiusAcctServer</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6758"
--></A
--><H2
-->Name</H2
-->RadiusAcctServer -- Setup RADIUS accounting details</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6761"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusAcctServer</B
--> [ <CODE
--CLASS="OPTION"
-->server[:port] shared-secret [timeout]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6788"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P
--><P
-->Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P
--><P
-->If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6793"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#RADIUSAUTHSERVER"
-->RadiusAuthServer</A
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSAUTHSERVER"
--></A
-->
--RadiusAuthServer</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6805"
--></A
--><H2
-->Name</H2
-->RadiusAuthServer -- Setup RADIUS authenticator details</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6808"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusAuthServer</B
--> [ <CODE
--CLASS="OPTION"
-->server[:port] shared-secret [timeout]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6835"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P
--><P
-->Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P
--><P
-->If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6840"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#RADIUSAUTHSERVER"
-->RadiusAuthServer</A
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSENGINE"
--></A
-->
--RadiusEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6852"
--></A
--><H2
-->Name</H2
-->RadiusEngine -- Enable RADIUS support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6855"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusEngine</B
--> [ <CODE
--CLASS="OPTION"
-->on|off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6882"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusEngine directive enables or disables the module's runtime RADIUS engine. If it is set to off this module does no RADIUS authentication or accounting at all. Use this directive to disable the module instead of commenting out all mod_radius directives. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6885"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSLOG"
--></A
-->
--RadiusLog</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6896"
--></A
--><H2
-->Name</H2
-->RadiusLog -- Specify the logfile for reporting / debugging</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6899"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusLog</B
--> [ <CODE
--CLASS="OPTION"
-->"file"|none</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6926"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusLog directive is used to a specify a log file for mod_radius
--reporting and debugging, and can be done a per-server basis. The file
--parameter must be the full path to the file to use for logging. Note
--that this path must not be to a world-writeable directory and, unless
--AllowLogSymlinks is explicitly set to on (generally a bad idea), the
--path must not be a symbolic link.</P
--><P
-->If file is "none", no logging will be done at all; this setting can be
--used to override a RadiusLog setting inherited from a <Global> context.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6930"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSREALM"
--></A
-->
--RadiusRealm</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6941"
--></A
--><H2
-->Name</H2
-->RadiusRealm -- Setup the authentication realm</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6944"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusRealm</B
--> [ <CODE
--CLASS="OPTION"
-->realm</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6971"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusRealm directive configures a realm string that will be added to the username in the constructed RADIUS packets.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6974"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6977"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> RadiusRealm .castaglia.org</P
--></DIV
--><H1
--><A
--NAME="RADIUSUSERINFO"
--></A
-->
--RadiusUserInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6988"
--></A
--><H2
-->Name</H2
-->RadiusUserInfo -- Configure login information via RADIUS</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6991"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusUserInfo</B
--> [ <CODE
--CLASS="OPTION"
-->uid gid home shell [suppl-group-names suppl-group-ids]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7018"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusUserInfo directive is used to configure login information used for every user authenticated via RADIUS. The optional suppl-group-names and suppl-group-ids parameters are used to specify supplemental group membership for each user; the number of names and IDs must match if these parameters are used.</P
--><P
-->In order to support RADIUS servers that may use custom attributes in their Access-Accept response packets to supply user information back to the RADIUS client (mod_radius in this case), this directive allows the following syntax for some of its parameters:</P
--><P
--> <P
--CLASS="LITERALLAYOUT"
--> $(attribute-id:default-value)</P
--> </P
--><P
-->where the enclosing $() signals that the parameter is to be supplied by
--the RADIUS server, attribute-id is the custom attribute ID for which to
--search in the response packet, and default-value is the value to use in
--case the requested attribute is not present in the response packet. This
--syntax is not supported for the suppl-group-names or suppl-group-ids
--parameters.</P
--><P
-->If RadiusUserInfo is not used, mod_radius will perform pure "yes/no"
--authentication only, in the style of PAM. The information that would
--have been configured via this directive will be pulled from other sources
--(e.g. /etc/passwd, AuthUserFiles, MySQL tables, etc).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7026"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RATIOFILE"
--></A
-->
--RatioFile</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7037"
--></A
--><H2
-->Name</H2
-->RatioFile -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7040"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RatioFile</B
--> [ <CODE
--CLASS="OPTION"
-->RatioFile foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7067"
--></A
--><H2
-->Description</H2
--><P
-->The RatioFile directive ....
--Example:
--RatioFile</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7070"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7073"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RATIOS"
--></A
-->
--Ratios</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7084"
--></A
--><H2
-->Name</H2
-->Ratios -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7087"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Ratios</B
--> [ <CODE
--CLASS="OPTION"
-->Ratios foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7114"
--></A
--><H2
-->Description</H2
--><P
-->The Ratios directive ....
--Example:
--Ratios</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7117"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7120"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RATIOTEMPFILE"
--></A
-->
--RatioTempFile</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7131"
--></A
--><H2
-->Name</H2
-->RatioTempFile -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7134"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RatioTempFile</B
--> [ <CODE
--CLASS="OPTION"
-->RatioTempFile foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7161"
--></A
--><H2
-->Description</H2
--><P
-->The RatioTempFile directive ....
--Example:
--RatioTempFile</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7164"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7167"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="REQUIREVALIDSHELL"
- ></A
- >
-@@ -19656,1592 +13504,6 @@
- ></DIV
- ><H1
- ><A
--NAME="REWRITECONDITION"
--></A
-->
--RewriteCondition</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7225"
--></A
--><H2
-->Name</H2
-->RewriteCondition -- Define a rule condition</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7228"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteCondition</B
--> [ <CODE
--CLASS="OPTION"
-->condition pattern</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost>, <Anonymous>, <Directory></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7255"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteCondition directive defines a rule condition. Precede a
--<A
--HREF="#REWRITERULE"
-->RewriteRule</A
--> directive with one or more
--RewriteCondition directives. The following rewriting rule is only used if
--its pattern matches the current state of the FTP command and if these
--additional conditions apply too.</P
--><P
-->Condition is a string which can contain the following expanded constructs
--in addition to plain text:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->RewriteRule backreferences</B
--></SPAN
-->
-- </P
--><P
--> These are backreferences of the form:
-- </P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->$N</B
--></SPAN
--></P
--><P
--> (0 <= N <= 9) which provide access to the grouped
-- parts (parentheses!) of the pattern from the corresponding
-- RewriteRule directive (the one following the current bunch
-- of RewriteCondition directives). Note that $0 will refer
-- back to the entire original string being matched.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->RewriteCondition backreferences</B
--></SPAN
-->
-- </P
--><P
--> These are backreferences of the form:
-- </P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%N</B
--></SPAN
--></P
--><P
--> (0 <= N <= 9) which provide access to the grouped parts
-- (parentheses!) of the pattern from the previous
-- RewriteCondition attached to this RewriteRule.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->RewriteMap expansions:</B
--></SPAN
-->
-- </P
--><P
--> These are expansions of the form:
-- </P
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->${map-name:lookup-key|default-value}</B
--></SPAN
-->
-- </P
--><P
--> See the documentation for <A
--HREF="#REWRITEMAP"
-->RewriteMap
-- </A
--> for more details.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Variable substitutions:</B
--></SPAN
-->
-- </P
--><P
--> These are substitutions of the form:
-- </P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%a</B
--></SPAN
-->
-- client IP address
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%c</B
--></SPAN
-->
-- name of Class for current session
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%f</B
--></SPAN
-->
-- filename
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%F</B
--></SPAN
-->
-- transfer path, as seen by the client (only useful
-- for upload/download commands)
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%g</B
--></SPAN
-->
-- primary group of authenticated user
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%G</B
--></SPAN
-->
-- supplemental groups of authenticated user
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%h</B
--></SPAN
-->
-- client DNS name
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%m</B
--></SPAN
-->
-- FTP command
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%p</B
--></SPAN
-->
-- port of server handling the session
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%u</B
--></SPAN
-->
-- name of authenticated user
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%U</B
--></SPAN
-->
-- name of user sent by client via USER
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%v</B
--></SPAN
-->
-- ServerName of server handling the session
-- </P
--></LI
--></UL
--></LI
--></UL
--><P
-->Pattern is the condition pattern, i.e., a regular expression which is
--applied to the current instance of the condition, i.e., condition is
--evaluated and then matched against pattern. You can prefix the pattern
--string with a '!' character (exclamation mark) to specify a non-matching
--pattern.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7325"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#REWRITERULE"
-->RewriteRule</A
-->
--<A
--HREF="#REWRITEMAP"
-->RewriteMap</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7330"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="REWRITEENGINE"
--></A
-->
--RewriteEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7341"
--></A
--><H2
-->Name</H2
-->RewriteEngine -- Enable/disable mod_rewrite</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7344"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteEngine</B
--> [ <CODE
--CLASS="OPTION"
-->on|off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7371"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteEngine directive enables or disables the module's runtime
--rewriting engine. If it is set to off this module does no parsing or
--rewriting at all. Use this directive to disable the module instead of
--commenting out all mod_rewrite directives.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7374"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="REWRITELOCK"
--></A
-->
--RewriteLock</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7385"
--></A
--><H2
-->Name</H2
-->RewriteLock -- Set the filename for synchronization lockfile</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7388"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteLock</B
--> [ <CODE
--CLASS="OPTION"
-->filename</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7415"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteLock directive sets the filename for a synchronization lockfile
--which mod_rewrite needs to communicate with RewriteMaps of type fifo. Set
--file to a local absolute path (not on a NFS-mounted device) when you want
--to use a rewriting FIFO. It is not required for other types of rewriting maps.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7418"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="REWRITELOG"
--></A
-->
--RewriteLog</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7429"
--></A
--><H2
-->Name</H2
-->RewriteLog -- Specify a log file for mod_rewrite reporting</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7432"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteLog</B
--> [ <CODE
--CLASS="OPTION"
-->file|"none"</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7459"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteLog directive is used to a specify a log file for mod_rewrite
--reporting and debugging, and can be done a per-server basis. The file
--parameter must be the full path to the file to use for logging. Note
--that this path must <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->not</B
--></SPAN
--> be to a
--world-writeable directory and, unless AllowLogSymlinks is explicitly
--set to on (generally a bad idea), the path must
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->not</B
--></SPAN
--> be a symbolic link. In general,
--this directive should only be used for debugging your mod_rewrite
--configuration, and should be removed once debugging is completed;
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->do not use this directive in a production
--configuration.</B
--></SPAN
--></P
--><P
-->If file is "none", no logging will be done at all; this setting can be
--used to override a RewriteLog setting inherited from a <Global> context. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7466"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="REWRITEMAP"
--></A
-->
--RewriteMap</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7477"
--></A
--><H2
-->Name</H2
-->RewriteMap -- Define a rewrite map</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7480"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteMap</B
--> [ <CODE
--CLASS="OPTION"
-->map-name map-type:map-soure</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7507"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteMap directive defines a rewriting map which can be used inside
--rule substitution strings by the mapping-functions to insert/substitute
--fields through a key lookup. The source of this lookup can be of various types.</P
--><P
-->The map-name is the name of the map and will be used to specify a
--mapping-function for the substitution strings of a rewriting rule via
--one of the following constructs:</P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->${ map-name : lookup-key }</B
--></SPAN
--></P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->${ map-name : lookup-key</B
--></SPAN
-->
-- |
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->default-value</B
--></SPAN
--></P
--><P
-->When such a construct occurs the map map-name is consulted and the key
--lookup-key is resolved. If the key is found, the map-function construct
--is substituted by subst-value. If the key is not found then it is
--substituted by default-value or by the empty string if no default-value
--was specified.</P
--><P
-->The following combinations for map-type and map-src can be used:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Standard Plain Text</B
--></SPAN
-->
-- </P
--><P
--> map-type: txt, map-src: Unix filesystem path to
-- valid regular file.
-- </P
--><P
--> This is the standard rewriting map feature where
-- the map-src is a plain ASCII file containing either blank
-- lines, comment lines (starting with a '#' character) or
-- pairs like the following - one per line.
-- </P
--><P
--> <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->matching-key subst-value</B
--></SPAN
-->
-- </P
--><DIV
--CLASS="EXAMPLE"
--><A
--NAME="EXAMPLE-USERMAP"
--></A
--><P
--><B
-->Example 1-1. Example Usermap</B
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> # --------------------------------------------
-- # usermap.txt -- map for rewriting user names
-- # --------------------------------------------
--
-- Dave.Admin dave # The Uber-admin
-- root anonymous # no one should be logging in as root anyway
-- </PRE
--></DIV
--><P
--> And, to configure this map to be used:
-- </P
--><PRE
--CLASS="PROGRAMLISTING"
--> RewriteMap real-to-user txt:/path/to/file/usermap.txt
-- </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->FIFO/Named Pipe</B
--></SPAN
--></P
--><P
--> map-type: fifo, map-src: Unix filesystem path
-- to valid FIFO.
-- </P
--><P
--> For this rewriting map, map-src is a FIFO (a.k.a. named pipe).
-- To create it, you can use the mkfifo(1) command. An
-- external program that opens the FIFO for reading and
-- writing <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->must</B
--></SPAN
--> be started
-- before proftpd is started. This program can communicate
-- with the rewriting engine via the FIFO. For each mapping
-- lookup, it can read the key to lookup as a newline-terminated
-- string from the FIFO. It then has to write back to the FIFO
-- the looked-up value as a newline-terminated string, or just
-- simply newline character (denoting an empty string) if there
-- is no corresponding value for the given key).
-- </P
--><P
--> An example program which will implement a 1:1 mapping
-- (i.e., key == value) could be:
-- </P
--><DIV
--CLASS="EXAMPLE"
--><A
--NAME="EXAMPLE-FIFONAMEDPIPE"
--></A
--><P
--><B
-->Example 1-2. Example FIFO/Named Pipe 1:1 mapping</B
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->#!/usr/bin/perl
-- use strict;
--
-- use File::Basename qw(basename);
-- use Getopt::Long;
-- use IO::Handle;
-- use IO::Select;
--
-- my $default_delay = 0.5;
-- my $program = basename($0);
-- my %opts = ();
--
-- GetOptions(\%opts, 'delay=f', 'fifo=s', 'help', 'verbose');
--
-- usage() if $opts{'help'};
--
-- my $delay = $opts{'delay'} ? $opts{'delay'} : $default_delay;
--
-- die "$program: missing required --fifo parameter\n" unless $opts{'fifo'};
-- my $fifo = $opts{'fifo'};
--
-- my $verbose = $opts{'verbose'} ? 1 : 0;
--
-- open(my $fifo_fh, "+> $fifo") or die "$program: unable to open $fifo: $!\n";
--
-- # Instantiate a Select object for knowing when to read from and write to
-- # the FIFO.
-- my $sel = IO::Select->new();
--
-- while (1) {
--
-- # Blocking select() for reading.
-- $sel->add($fifo_fh);
--
-- print STDERR "$program: selecting for reading\n" if $verbose;
-- my ($rfh) = $sel->can_read();
--
-- my $key = <$rfh>;
-- print STDERR "$program: read '$key'\n" if $verbose;
--
-- # Lookup a value for the given key.
-- my $value = lookup_value($key);
--
-- # Clear the Select object's filehandles.
-- $sel->remove();
--
-- print $fifo_fh "$value\n" if $verbose;
-- $fifo_fh->flush();
--
-- print STDERR "$program: wrote '$value'\n" if $verbose;
--
-- # Wait for the buffer's byte to be cleared before reading again.
-- wait_fifo($fifo_fh);
-- }
--
-- close($fifo_fh);
-- print STDOUT "$program: done\n" if $verbose;
--
-- exit 0;
--
-- # --------------------------------------------------------------------------
-- sub lookup_value {
-- my ($key) = @_;
--
-- # NOTE: do something to obtain a value for the given key here.
-- chomp(my $value = $key);
--
-- return $value;
-- }
--
-- # --------------------------------------------------------------------------
-- sub usage {
-- print STDOUT <<END_OF_USAGE;
--
-- usage: $program [options]
--
-- --delay Configure the buffer check delay.
-- The default is $default_delay seconds.
--
-- --fifo Configure the path to the FIFO. Required.
--
-- --help Displays this message.
--
-- --verbose Enables verbose output while $program runs.
--
-- END_OF_USAGE
--
-- exit 0;
-- }
--
-- # --------------------------------------------------------------------------
-- sub wait_fifo {
-- my ($fh) = @_;
--
-- # Now we get tricky. Use ioctl(2) to poll the number of bytes to
-- # be read from the FIFO filehandle. When the number drops to zero,
-- # it means that the data we just wrote has been read from the buffer
-- # by some other process, so we can go back to the top of this loop.
-- # Otherwise, if this program loops faster than the reader/writer on
-- # the other end of the FIFO, we'd end up reading the data we just
-- # wrote. Quite annoying, actually.
-- #
-- # Note: this value must be manually extracted from the system header files
-- # using the following program:
-- #
-- # -------- fionread.c -------------------
-- # #include <sys/ioctl.h>
-- #
-- # int main(int argc, char *argv[]) {
-- # printf("%#08x\n", FIONREAD);
-- # return 0;
-- # }
-- # ---------------------------------------
-- #
-- # > cc -o fionread fionread.c
-- # > ./fionread
--
-- my $FIONREAD = 0x00541b;
--
-- my $size = pack('L', 0);
-- ioctl($fh, $FIONREAD, $size) or die "$program: unable to use ioctl: $!\n";
-- $size = unpack('L', $size);
--
-- while ($size != 0) {
-- print STDERR "$program: waiting for buffer to be read\n" if $verbose;
-- select(undef, undef, undef, $delay);
--
-- $size = pack('L', 0);
-- ioctl($fh, $FIONREAD, $size) or die "$program: unable to use ioctl: $!\n";
-- $size = unpack('L', $size);
-- }
-- }
--
-- </PRE
--></DIV
--><P
--> To make use of this example script, simply implement your
-- lookup code in the lookup_value() subroutine. Be very
-- careful with such scripts, though:
-- </P
--><P
--></P
--><OL
--TYPE="1"
--><LI
--STYLE="list-style-type: disc"
--><P
--> "Keep it simple, stupid" (KISS), because if
-- this program hangs it will hang proftpd when
-- the rule occurs. Well, keep it as simple as
-- possible...
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> Avoid one common mistake: avoid buffered I/O
-- if possible. This can cause a deadloop. If
-- necessary, be sure to flush the filehandle
-- before reading, and after writing.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--> Use the RewriteLock directive to define a
-- lockfile mod_rewrite can use to synchronize
-- the communication to the FIFO program. By
-- default no such synchronization takes place.
-- </P
--></LI
--></OL
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Internal Function</B
--></SPAN
--></P
--><P
--> map-type: int, map-src: Internal mod_rewrite function.
-- </P
--><P
--> Here the map-src is a mod_rewrite built-in function.
-- Currently you cannot create your own, but the following
-- functions already exist:
-- </P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->toupper</B
--></SPAN
--></P
--><P
--> Converts the looked up key to all upper case.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->tolower</B
--></SPAN
--></P
--><P
--> Converts the looked up key to all lower case.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->unescape</B
--></SPAN
--></P
--><P
--> Translates hex-encodings in the looked up key back
-- to special characters.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->utf8trans</B
--></SPAN
--></P
--><P
--> Translates UTF-8 encodings in the lookup up key into
-- Latin-1 characters.
-- </P
--></LI
--></UL
--></LI
--></UL
--><P
-->The RewriteMap directive can occur more than once. For each mapping-function
--use one RewriteMap directive to declare its rewriting map name.</P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Note:</B
--></SPAN
--> For plain text files the looked-up
--keys are cached in-core until the mtime of the text map file changes or
--the server does a restart. This way you can have map-functions in rules
--which are used for <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->every</B
--></SPAN
--> request. This
--is no problem, because the parsing of the text files only happens once!</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7575"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
--></P
--></DIV
--><H1
--><A
--NAME="REWRITERULE"
--></A
-->
--RewriteRule</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7587"
--></A
--><H2
-->Name</H2
-->RewriteRule -- Define a rewrite rule</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7590"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteRule</B
--> [ <CODE
--CLASS="OPTION"
-->pattern substitution</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost>, <Anonymous>, <Directory></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7617"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteRule directive is the real rewriting workhorse. The configuration
--directive can occur more than once. Each directive defines a single
--rewriting rule. The order of definition of these rules is important,
--because this order is used when applying the rules at run-time.</P
--><P
-->Pattern can be POSIX regular expression which gets applied to the current
--FTP command argument(s).</P
--><P
-->Some hints about the syntax of regular expressions:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Text:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> . Any single character
-- [chars] Character class: one of chars
-- [^chars] Character class: none of chars
-- text1|text2 Alternative: text1 or text2
-- </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Quantifiers:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> ? 0 or 1 of the preceding text
-- * 0 or N of the preceding text (N > 0)
-- + 1 or N of the preceding text (N > 1)
-- </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Grouping:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> (text) Grouping of text
-- (either to set the borders of an alternative or
-- for making backreferences where the Nth group can
-- be used on the RHS of a RewriteRule with $N)
-- </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Anchors:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> ^ Start of line anchor
-- $ End of line anchor
-- </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Escaping:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> \char Escape that particular char
-- (for instance to specify the chars ".[]()" etc.)
-- </PRE
--></LI
--></UL
--><P
-->For more information about regular expressions have a look at your local
--regex(3) manpage. If you are interested in more detailed information about
--regular expressions and their variants (POSIX regex, Perl regex, etc.) have
--a look at the following dedicated book on this topic:</P
--><P
-->Mastering Regular Expressions
--Jeffrey E.F. Friedl
--Nutshell Handbook Series
--O'Reilly & Associates, Inc. 1997
--ISBN 1-56592-257-3</P
--><P
-->Additionally in mod_rewrite the NOT character ('!') is a possible pattern
--prefix. This gives you the ability to negate a pattern; to say, for instance:
--"if the current argument(s) does NOT match this pattern". This can be used
--for exceptional cases, where it is easier to match the negative pattern,
--or as a last default rule.</P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Notice:</B
--></SPAN
--> When using the NOT character to
--negate a pattern you cannot have grouped wildcard parts in the pattern.
--This is impossible because when the pattern does NOT match, there are no
--contents for the groups. In consequence, if negated patterns are used,
--you cannot use $N in the substitution string.</P
--><P
-->Substitution of a rewriting rule is the string which is substituted for
--(or replaces) the original argument(s) for which pattern matched. Beside
--plain text you can use:</P
--><P
--></P
--><OL
--TYPE="1"
--><LI
--><P
--> $N backreferences to the RewriteRule pattern
-- </P
--></LI
--><LI
--><P
--> %N backreferences to the last matched RewriteCondition pattern
-- </P
--></LI
--><LI
--><P
--> variables as in RewriteCondition test strings
-- </P
--></LI
--><LI
--><P
--> map function calls (${map-name:lookup-key|default-value})
-- </P
--></LI
--></OL
--><P
-->Backreferences are $<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->N</B
--></SPAN
-->
--(<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->N</B
--></SPAN
-->=0..9) identifiers which will be replaced
--by the contents of the <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->N</B
--></SPAN
-->th group of the
--matched pattern. The variables are the same as for the condition of a
--<A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
--> directive, with two
--additions:</P
--><P
--></P
--><UL
--><LI
--><P
--> %<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->P</B
--></SPAN
-->
-- process ID
-- </P
--></LI
--><LI
--><P
--> %<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->t</B
--></SPAN
-->
-- Unix time since the epoch, in seconds
-- </P
--></LI
--></UL
--><P
-->The map functions come from the <A
--HREF="#REWRITEMAP"
-->RewriteMap</A
-->
--directive and are explained there. These four types of variables are
--expanded in the order of the above list.</P
--><P
-->All of the rewriting rules are applied to substitution. The command
--argument(s) is completely replaced by the substitution.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7673"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
-->
--<A
--HREF="#REWRITEMAP"
-->RewriteMap</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7678"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
- NAME="RLIMITCPU"
- ></A
- >
-@@ -21815,115 +14077,6 @@
- ></DIV
- ><H1
- ><A
--NAME="SAVERATIOS"
--></A
-->
--SaveRatios</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7924"
--></A
--><H2
-->Name</H2
-->SaveRatios -- FIXME FIXME</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7927"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SaveRatios</B
--> [ <CODE
--CLASS="OPTION"
-->SaveRatios foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7954"
--></A
--><H2
-->Description</H2
--><P
-->The SaveRatios directive ....
--Example:
--SaveRatios</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7957"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7960"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="SCOREBOARDFILE"
- ></A
- >
-@@ -22585,7 +14738,7 @@
- ></A
- ><H2
- >Name</H2
-->SetEnv -- (docs incomplete)</DIV
-+>SetEnv -- Set environment variable</DIV
- ><DIV
- CLASS="REFSYNOPSISDIV"
- ><A
-@@ -23038,3443 +15191,6 @@
- ></DIV
- ><H1
- ><A
--NAME="SQLAUTHENTICATE"
--></A
-->
-- SQLAuthenticate</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8431"
--></A
--><H2
-->Name</H2
-->SQLAuthenticate -- Specify authentication methods and what to authenticate
-- </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8434"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLAuthenticate</B
--> {on | off}</P
--><P
--> or</P
--><P
--><B
--CLASS="COMMAND"
-->SQLAuthenticate</B
--> [ users
-- ] [ groups
-- ] [ userset [fast]
-- ] [ groupset [fast]
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> SQLAuthenticate <SAMP
--CLASS="COMPUTEROUTPUT"
-->on</SAMP
-->
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <Global>, <VirtualHost>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
--> mod_sql
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> 1.2.5rc1 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8472"
--></A
--><H2
-->Description</H2
--><P
-->The SQLAuthenticate directive configures mod_sql's authentication behavior,
--controlling whether to provide user and/or group information during
--authentication, and how that provisioning is performed. The parameters may
--appear in any order.</P
--><P
-->The available parameter values are:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->on</B
--></SPAN
--></P
--><P
--> Shorthand for SQLAuthenticate users groups userset groupset.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->off</B
--></SPAN
--></P
--><P
--> Disables all mod_sql authentication functions.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->users</B
--></SPAN
--></P
--><P
--> If present, mod_sql will do user lookups. If not present,
-- mod_sql will do no user lookups at all, including the
-- {set|get|end}pwent() calls (see below).
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->groups</B
--></SPAN
--></P
--><P
--> If present, mod_sql will do group lookups. If not present,
-- mod_sql will do no group lookups at all, including the
-- {set|get|end}grent() calls (see below).
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->userset[fast]</B
--></SPAN
--></P
--><P
--> If present, mod_sql will process the potentially expensive
-- {set|get|end}pwent() calls. If not present, mod_sql will
-- not process these calls. Adding the suffix "fast" tells
-- mod_sql to process the users as a single large query, rather
-- than making a query per user. This may significantly reduce
-- the number of queries against the database at the expense
-- of increased memory use. This parameter will have no effect
-- if "users" is not specified.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->groupset[fast]</B
--></SPAN
--></P
--><P
--> If present, mod_sql will process the potentially expensive
-- {set|get|end}grent() calls. If not present, mod_sql will
-- not process these calls. Adding the suffix "fast" tells
-- mod_sql to process the groups as a single large query,
-- rather than making a query per group. This may significantly
-- reduce the number of queries against the database at the
-- expense of increased memory use. This parameter will have no
-- effect if "groups" is not specified.
-- </P
--></LI
--></UL
--><P
-->The SQLLog and SQLShowInfo directives will always be processed by mod_sql.
--The SQLAuthenticate directive only affects the user and group
--lookup/authentication portions of the module.</P
--><P
-->Turning off (i.e. by not including) the userset or groupset parameters
--affects the functionality of mod_sql. Not allowing these lookups may remove
--the ability to control access or control functionality by group membership,
--depending on your other authentication handlers and the data available to
--them. At the same time, choosing not to do these lookups may dramatically
--speed login for many large sites.</P
--><P
-->The "fast" suffix is not appropriate for every site. Normally, mod_sql will
--retrieve a list of users and groups, and get information from the database
--on a per-user or per-group basis. This is query intensive: it requires
--(nn + 1) queries, where n is the number of users or groups to lookup. By
--choosing "fast" lookups, mod_sql will make a single SELECT query to get
--information from the database.</P
--><P
-->In exchange for the radical reduction in the number of queries, the single
--query will increase the memory consumption of the process; all group or user
--information will be read at once rather than in discrete chunks.</P
--></DIV
--><DIV
--CLASS="REFSECT2"
--><A
--NAME="AEN8505"
--></A
--><H3
-->Group Table Structure</H3
--><P
-->Normally <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->mod_sql</B
--></SPAN
--> allows multiple group
--members per row, and multiple rows per group. If you use the "fast"
--option for groupset, you <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->must</B
--></SPAN
--> use only one
--row per group. For example, normally mod_sql treats the following three
--tables in exactly the same way:</P
--><P
--CLASS="LITERALLAYOUT"
-->|--------------------------------------------------|<br>
--| GROUPNAME | GID | MEMBERS |<br>
--|--------------------------------------------------|<br>
--| group1 | 1000 | naomi |<br>
--| group1 | 1000 | priscilla |<br>
--| group1 | 1000 | gertrude |<br>
--|--------------------------------------------------|<br>
--<br>
--|--------------------------------------------------|<br>
--| GROUPNAME | GID | MEMBERS |<br>
--|--------------------------------------------------|<br>
--| group1 | 1000 | naomi, priscilla |<br>
--| group1 | 1000 | gertrude |<br>
--|--------------------------------------------------|<br>
--<br>
--|--------------------------------------------------|<br>
--| GROUPNAME | GID | MEMBERS |<br>
--|--------------------------------------------------|<br>
--| group1 | 1000 | naomi, priscilla, gertrude |<br>
--|--------------------------------------------------|</P
--><P
-->If you use the "fast" option, mod_sql assumes that all entries are
--structured like the last example.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8512"
--></A
--><H2
-->See also</H2
--><P
--> <A
--HREF="#SQLUSERINFO"
-->SQLUserInfo</A
-->
-- <A
--HREF="#SQLGROUPINFO"
-->SQLGroupInfo</A
-->
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8517"
--></A
--><H2
-->Examples</H2
--></DIV
--><H1
--><A
--NAME="SQLAUTHTYPES"
--></A
-->
--SQLAuthTypes</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8527"
--></A
--><H2
-->Name</H2
-->SQLAuthTypes -- Specify the allowed authentication types and their check order</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8530"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLAuthTypes</B
--> [ <CODE
--CLASS="OPTION"
-->[OpenSSL]</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[Crypt]</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[Backend]</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[Plaintext]</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[Empty]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8565"
--></A
--><H2
-->Description</H2
--><P
-->This directive deprecates 'SQLEmptyPasswords',
--'SQLScrambledPasswords', 'SQLSSLHashedPasswords',
--'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'.</P
--><P
-->The SQLAuthTypes directive specifies which authentication method
--are to be allowed, and their order of use.
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->You must specify at least one authentication
--method.</B
--></SPAN
--></P
--><P
-->The current supported authentication methods are:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Backend</B
--></SPAN
--></P
--><P
--> Allows database-specific backend passwords. Not all
-- backend databases support this option. For example,
-- MySQL datatabases use this option to authenticate MySQL
-- 'PASSWORD()' encrypted passwords. The Postgres backend,
-- however, does nothing.<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Caveat
-- </B
--></SPAN
-->: if your MySQL activity log is world-readable,
-- the user password <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->will be visible
-- </B
--></SPAN
-->. You have been warned.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Crypt</B
--></SPAN
--></P
--><P
--> Allows passwords in the database to be of Unix crypt(3) form.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Empty</B
--></SPAN
--></P
--><P
--> Allows empty passwords in the database, which match
-- against <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->any</B
--></SPAN
--> password
-- the user may give. The database field must be a truly
-- empty string; NULL values are not acceptable as empty
-- passwords. <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Be very careful if using
-- this authentication method.</B
--></SPAN
-->
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->OpenSSL</B
--></SPAN
--></P
--><P
--> Allows passwords in the database to be of the form
-- '{digest-name}hashed-value', where hashed-value
-- is the base64-encoded digest of the passsword.
-- Only available if you define HAVE_OPENSSL when you
-- compile proftpd and you link with OpenSSL's libcrypto
-- library.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Plaintext</B
--></SPAN
--></P
--><P
--> Allows passwords in the database to be in plaintext.
-- </P
--></LI
--></UL
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8596"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8599"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> SQLAuthTypes Crypt Empty</P
--><P
-->configures mod_sql to first attempt to verify the password using the
--Unix crypt(3) function, then, if that fails, determine if the password
--in the database is empty (thus matching any given password). If all of
--the configured authentication methods fail, mod_sql will fail to
--authenticate the user.</P
--></DIV
--><H1
--><A
--NAME="SQLBACKEND"
--></A
-->
--SQLBackend</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8611"
--></A
--><H2
-->Name</H2
-->SQLBackend -- Set the SQL backend module</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8614"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLBackend</B
--> [ <CODE
--CLASS="OPTION"
-->backend</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->Depends</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.3.0rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8641"
--></A
--><H2
-->Description</H2
--><P
-->In 1.3.0rc1, the mod_sql module gained the ability to be compiled with multiple
--backend modules supported, e.g. to have both mod_sql_mysql and mod_sql_postgres
--usable in the same proftpd daemon. The SQLBackend directive configures which of
--these different database backends should be used.</P
--><P
-->If there is only one backend module compiled in, the SQLBackend directive is not
--needed. If there are multiple backend modules compiled and no SQLBackend directive
--is specified, then mod_sql will default to using the first backend module listed.
--For instance, if you configured proftpd using a configure command such as:
--
-- ./configure --with-modules=mod_sql:mod_sql_postgres:mod_sql_mysql ...
--
--then mod_sql would default to using mod_sql_postgres as the backend module to use.</P
--><P
-->You might have multiple <VirtualHost> sections which use different SQL backends.
--Use "mysql" for the mod_sql_mysql module, and "postgres" for the mod_sql_postgres
--module.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8646"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8649"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> <VirtualHost 1.2.3.4><br>
-- SQLBackend mysql<br>
-- ...<br>
-- </VirtualHost><br>
--<br>
-- <VirtualHost 5.6.7.8><br>
-- SQLBackend postgres<br>
-- ...<br>
-- </VirtualHost></P
--></DIV
--><H1
--><A
--NAME="SQLCONNECTINFO"
--></A
-->
--SQLConnectInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8660"
--></A
--><H2
-->Name</H2
-->SQLConnectInfo -- Specify connection information for the backend</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8663"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLConnectInfo</B
--> [ <CODE
--CLASS="OPTION"
-->connection-info</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[username]</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[password]</CODE
-->] [ <CODE
--CLASS="OPTION"
-->[policy]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8696"
--></A
--><H2
-->Description</H2
--><P
-->This directive deprecates 'MySQLInfo', 'PostgresInfo', and
--'PostgresPort'.</P
--><P
-->The SQLConnectInfo directive configures the information necessary to
--connect to the backend database. The connection-info parameter specifies
--the database, host, port, and other backend-specific information. The
--optional username and password parameters specify a username and password
--to use when connecting to the database. Both default to NULL, which the
--backend will treat in some backend-specific manner. If you specify a
--password, you <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->must</B
--></SPAN
--> specify a username.
--If no SQLConnectInfo directive is specified, mod_sql will disable itself.</P
--><P
-->Any given database backend has the opportunity, though not necessarily
--the responsibility, to check for syntax errors in the connection-info
--field at server startup, but you should not expect semantic errors
--(i.e., cannot connect to the database) to be caught until mod_sql
--attempts to connect for a given host.</P
--><P
-->A given database connection is governed by a connection policy that
--specifies when a connection should be opened and when it should be
--closed. There are three options:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->PERSESSION</B
--></SPAN
--></P
--><P
--> Open a database connection at the start of the session
-- and close the database connection at the end of the session.
-- </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->number (<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->TIMED</B
--></SPAN
-->)</P
--><P
--> Timed database connections that close themselves
-- after number seconds of inactivity.
-- </P
--></LI
--></UL
--><P
-->If a connection policy is not specified, if the policy is not a number or
--is a number less than 1, or if the policy is the string "PERSESSION",
--the PERSESSION policy will be used.</P
--><P
-->If the connection policy is any number greater than 0, it specifies the
--number of seconds that a connection will be held open without activity.
--After that many seconds of database inactivity, the connection to the
--database will be closed. As soon as database activity starts again,
--the connection will be opened and the timer will restart.</P
--><P
-->The MySQL and Postgres backends' connection-info is expected to be of the form:</P
--><P
-->database[@hostname][:port]</P
--><P
-->hostname will default to a backend-specific hostname (which happens to be
--'localhost' for both the MySQL and Postgres backends), and port will default
--to a backend-specific default port (3306 for the MySQL backend, 5432 for
--the Postgres backend).</P
--><P
-->From the MySQL documentation:</P
--><P
-->the value of host may be either a hostname or an IP address. If host is
--NULL or the string "localhost", a connection to the local host is assumed.
--If the OS supports sockets (Unix) or named pipes (Windows), they are used
--instead of TCP/IP to connect to the server.</P
--><P
-->From the PostgreSQL documentation:</P
--><P
-->If [the hostname] begins with a slash, it specifies Unix-domain
--communication rather than TCP/IP communication; the value is the
--name of the directory in which the socket file is stored. The default
--is to connect to a Unix-domain socket in /tmp.</P
--><P
-->If you plan to use the TIMED connection policy, consider the effect of
--directives such as DefaultRoot on local socket communication: once a user
--has been chroot()ed, the local socket file will probably not be available
--within the chroot directory tree, and attempts to reopen communication will
--fail. One way around this may be to use hardlinks within the user's
--directory tree. PERSESSION connections are not affected by this because
--the database will be opened prior to the chroot() call, and held open
--for the life of the session. Network communications are not affected by
--this problem. For example, while localhost would not work for MySQL since
--the MySQL client library will try to use socket communications for that
--host, 127.0.0.1 will work (as long as your database is setup to accept
--these connections).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8722"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8725"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> # Connect to the database 'ftpusers' via the default port at host<br>
-- # 'foo.com'. Use a NULL username and NULL password when connecting.<br>
-- # A connection policy of PERSESSION is used.<br>
-- SQLConnectInfo [email protected]<br>
--<br>
-- # Connect to the database 'ftpusers' via port 3000 at host 'localhost'.<br>
-- # Use the username 'admin' and a NULL password when connecting.<br>
-- # A connection policy of PERSESSION is used.<br>
-- SQLConnectInfo ftpusers:3000 admin<br>
--<br>
-- # Connect to the database 'ftpusers' via port 3000 at host 'foo.com'.<br>
-- # Use the username 'admin' and password 'mypassword' when connecting.<br>
-- # A connection policy of PERSESSION is used.<br>
-- SQLConnectInfo [email protected]:3000 admin mypassword<br>
--<br>
-- # Connect to the database 'ftpusers' via port 3000 at host 'foo.com'.<br>
-- # Use a username of 'admin' and a password of 'mypassword' when<br>
-- # connecting. A 30 second timer of connection inactivity is activated.<br>
-- SQLConnectInfo [email protected]:3000 admin mypassword 30</P
--><P
-->Backends may require different information in the connection-info field;
--check your backend module for more detailed information.</P
--></DIV
--><H1
--><A
--NAME="SQLDEFAULTGID"
--></A
-->
--SQLDefaultGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8737"
--></A
--><H2
-->Name</H2
-->SQLDefaultGID -- Configure the default GID for users</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8740"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLDefaultGID</B
--> [ <CODE
--CLASS="OPTION"
-->defaultgid</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->65533</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8767"
--></A
--><H2
-->Description</H2
--><P
-->Sets the default GID for users. Must be greater than SQLMinID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8770"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLMINID"
-->SQLMinID</A
-->
--<A
--HREF="#SQLMINUSERGID"
-->SQLMinUserGID</A
--></P
--></DIV
--><H1
--><A
--NAME="SQLDEFAULTHOMEDIR"
--></A
-->
--SQLDefaultHomedir</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8783"
--></A
--><H2
-->Name</H2
-->SQLDefaultHomedir -- Configure the default homedir</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8786"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLDefaultHomedir</B
--> [ <CODE
--CLASS="OPTION"
-->path</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8813"
--></A
--><H2
-->Description</H2
--><P
-->The SQLDefaultHomedir directive configures a default home directory for all
--users authenticated with this module, overriding any (deprecated)
--SQLHomedirField directive. If no home directory is set with either directive,
--authentication fails. This directive does not change the data retrieved from
--the database: if you specify a home directory field to SQLUserInfo, that
--field's data will be returned as the user's home directory, whether that
--data is a legal directory, or an empty string, or NULL.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8816"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLUSERINFO"
-->SQLUserInfo</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8820"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLDEFAULTUID"
--></A
-->
--SQLDefaultUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8831"
--></A
--><H2
-->Name</H2
-->SQLDefaultUID -- Configure the default UID for users</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8834"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLDefaultUID</B
--> [ <CODE
--CLASS="OPTION"
-->defaultuid</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->65533</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8861"
--></A
--><H2
-->Description</H2
--><P
-->Sets the default UID for users. Must be greater than SQLMinID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8864"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLMINID"
-->SQLMinID</A
-->
--<A
--HREF="#SQLMINUSERUID"
-->SQLMinUserUID</A
--></P
--></DIV
--><H1
--><A
--NAME="SQLENGINE"
--></A
-->
--SQLEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8877"
--></A
--><H2
-->Name</H2
-->SQLEngine -- Configure how mod_sql will operate</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8880"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLEngine</B
--> [ <CODE
--CLASS="OPTION"
-->on|off|auth|log</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->SQLEngine on</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost>, <Anonymous></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.3.0rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8907"
--></A
--><H2
-->Description</H2
--><P
-->The SQLEngine directive is used to specify how mod_sql will operate. By
--default, SQLEngine is on, and mod_sql will operate as normal. Setting
--SQLEngine to off will effectively disable the module.</P
--><P
-->In addition to on and off, SQLEngine accepts two other values: auth and
--log. If you wish to use mod_sql for authentication and not for logging
--(via SQLLog), use auth. Conversely, to do only SQLLog-type logging, and
--no authentication, use log.</P
--><P
-->This directive can be used to have <Anonymous> sections that do not use
--mod_sql (see the example below).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8912"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8915"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> <Anonymous ~ftp><br>
-- ...<br>
-- SQLEngine off<br>
-- ...<br>
-- </Anonymous></P
--></DIV
--><H1
--><A
--NAME="SQLGROUPINFO"
--></A
-->
--SQLGroupInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8926"
--></A
--><H2
-->Name</H2
-->SQLGroupInfo -- Configure the group table and fields that hold group information</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8929"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLGroupInfo</B
--> [ <CODE
--CLASS="OPTION"
-->group-table group-name gid members</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->"groups groupname gid members"</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8956"
--></A
--><H2
-->Description</H2
--><P
-->The SQLGroupInfo directive configures the group table and fields that hold group information. The parameters for this directive are described below:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->grouptable</P
--><P
--> Specifies the name of the table that holds group information.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->groupname</P
--><P
--> Specifies the field in the group table that holds the group name.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->gid</P
--><P
--> Specifies the field in the group table that holds the group's GID.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->members</P
--><P
--> Specifies the field in the group table that holds the group members.</P
--></LI
--></UL
--><P
-->If you need to change any of these field names from the default, you need
--to specify all of them.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8973"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8976"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLGROUPWHERECLAUSE"
--></A
-->
--SQLGroupWhereClause</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8987"
--></A
--><H2
-->Name</H2
-->SQLGroupWhereClause -- Configure a WHERE clause for every group query</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8990"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLGroupWhereClause</B
--> [ <CODE
--CLASS="OPTION"
-->where-clause</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9017"
--></A
--><H2
-->Description</H2
--><P
-->The directive is used to configure a WHERE clause that is added to every
--group query. The WHERE clause must contain all relevant punctuation, and
--must not contain a leading "and".</P
--><P
-->Starting with ProFTPD 1.3.1rc1 the SQLGroupWhereClause also supports the
--variables supported by <A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
-->
--except for the "%{n}" variable</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9022"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9026"
--></A
--><H2
-->Examples</H2
--><P
-->As an example of a possible use for this directive, imagine if your group
--table included a "LoginAllowed" field:</P
--><P
--CLASS="LITERALLAYOUT"
--> SQLGroupWhereClause "LoginAllowed = 'true'"</P
--><P
-->would be appended to every group-related query as the string:</P
--><P
--CLASS="LITERALLAYOUT"
--> " WHERE (LoginAllowed = 'true')"</P
--></DIV
--><H1
--><A
--NAME="SQLHOMEDIRONDEMAND"
--></A
-->
--SQLHomedirOnDemand</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9040"
--></A
--><H2
-->Name</H2
-->SQLHomedirOnDemand -- Have mod_sql create home directories as needed [deprecated]</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9043"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLHomedirOnDemand</B
--> [ <CODE
--CLASS="OPTION"
-->on|off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 up to 1.3.1rc1</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9070"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with ProFTPD 1.3.1rc1.
--Please use <A
--HREF="#CREATEHOME"
-->CreateHome</A
--> instead.</P
--><P
-->The SQLHomedirOnDemand directive configures mod_sql to automatically
--create a user's home directory if that directory does not exist during
--the login process.</P
--></DIV
--><H1
--><A
--NAME="SQLLOG"
--></A
-->
--SQLLog</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9083"
--></A
--><H2
-->Name</H2
-->SQLLog -- Log information to a database table</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9086"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLLog</B
--> [ <CODE
--CLASS="OPTION"
-->cmd-set query-name ["IGNORE_ERRORS"</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9113"
--></A
--><H2
-->Description</H2
--><P
-->This directive is used to log information to a database table. Multiple
--SQLLog directives can be in effect for any command; for example, a user
--changing directories can trigger multiple logging statements.</P
--><P
-->The first parameter to SQLLog, the cmd-set, is a comma-separated (no spaces)
--list of FTP commands for which this log command will trigger. The list of
--commands is too long to list in entirety; commands include CWD, DELE, HELP,
--LIST, MKD, MODE, NLST, PASS, PASV, PORT and many more. For the complete list
--check the FTP RFCs. Normally mod_sql will log events after they have
--completed successfully; in the case of the QUIT command, mod_sql logs prior
--to the server's processing of the command. (Note, however, that the client
--may not issue a QUIT before logging out; in this case, use a command of EXIT
--rather than QUIT. EXIT is not a real FTP command, but it is used here to
--provide a means for having SQLLog work whenever a session ends.)</P
--><P
-->FTP commands in the command set will only be logged if they complete
--successfully. Prefixing any command with "ERR_" will cause logging to occur
--only if there was an error in the command's processing. To log both errors
--and successful completion of a given command X, therefore, you'll need both
--"X" and "ERR_X" in your cmd-set.</P
--><P
-->The special command "*" matches all FTP commands, while "ERR_*" matches all
--errors.</P
--><P
-->The second parameter is the name of a query defined by a SQLNamedQuery
--directive. The query must be an UPDATE, INSERT, or FREEFORM type query;
--explicit SELECT queries will not be processed.</P
--><P
-->The third parameter is optional. If you add "IGNORE_ERRORS" as the third
--parameter, SQLLog will not check for errors in the processing of the named
--query. Any value for this parameter other than the string "IGNORE_ERRORS"
--(case-insensitive) will not cause errors to be ignored.</P
--><P
-->Normally, SQLLog directives are considered important enough that errors in
--their processing will cause mod_sql to abort the client session. References
--to non-existent named queries will not abort the client session, but may
--result in database corruption (in the sense that the expected database
--UPDATE or INSERT will not occur). Check your directives carefully.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9122"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9125"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> SQLLog PASS updatecount<br>
-- SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users</P
--><P
-->together, these replicate the deprecated "SQLLoginCountField count" directive;
--if the current user was "joe", this would translate into the query "UPDATE
--users SET count=count+1 WHERE userid='joe'". This query would run whenever a
--user was first authenticated.</P
--><P
--CLASS="LITERALLAYOUT"
--> SQLLog CWD updatedir<br>
-- SQLNamedQuery updatedir UPDATE "cwd='%d' where userid='%u'" users</P
--><P
-->together these replicate the logging side of the deprecated "SQLLogDirs cwd"
--directive; if the current user was "joe" and the current working directory
--were /tmp, this would translate into the query "UPDATE users SET cwd='/tmp'
--WHERE userid='joe'". This query would run whenever a user changed directories.</P
--><P
--CLASS="LITERALLAYOUT"
--> SQLLog RETR,STOR insertfileinfo<br>
-- SQLNamedQuery insertfileinfo INSERT "'%f', %b, '%u@%v', now()" filehistory</P
--><P
-->would log the name of any file stored or retrieved, the number of bytes
--transferred, the user and host doing the transfer, and the time of transfer
--(at least in MySQL). This would translate into a query like: "INSERT INTO
--filehistory VALUES ('somefile', 12345, '[email protected]', '21-05-2001 20:01:00')"</P
--></DIV
--><H1
--><A
--NAME="SQLLOGFILE"
--></A
-->
--SQLLogFile</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9141"
--></A
--><H2
-->Name</H2
-->SQLLogFile -- Specify a log file for mod_sql reporting and debugging</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9144"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLLogFile</B
--> [ <CODE
--CLASS="OPTION"
-->file</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.8rc2 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9171"
--></A
--><H2
-->Description</H2
--><P
-->The SQLLogFile directive is used to a specify a log file for mod_sql
--reporting and debugging, and can be done a per-server basis. The file
--parameter must be the full path to the file to use for logging. Note
--that this path must not be to a world-writeable directory and, unless
--AllowLogSymlinks is explicitly set to on (generally a bad idea), the
--path must not be a symbolic link.</P
--><P
-->If file is "none", no logging will be done at all; this setting can be
--used to override a SQLLogFile setting inherited from a ;ltgt& context. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9175"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9178"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLMINID"
--></A
-->
--SQLMinID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9189"
--></A
--><H2
-->Name</H2
-->SQLMinID -- Set SQLMinUserGID and SQLMinUserID in one place</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9192"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLMinID</B
--> [ <CODE
--CLASS="OPTION"
-->minimum-id</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->999</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9219"
--></A
--><H2
-->Description</H2
--><P
-->SQLMinID is a quick way of setting both SQLMinUserGID and SQLMinUserUID.
--These values are checked whenever retrieving a user's GID or UID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9222"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLMINUSERGID"
-->SQLMinUserGID</A
-->
--<A
--HREF="#SQLMINUSERUID"
-->SQLMinUserUID</A
--></P
--></DIV
--><H1
--><A
--NAME="SQLMINUSERGID"
--></A
-->
--SQLMinUserGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9235"
--></A
--><H2
-->Name</H2
-->SQLMinUserGID -- Set a minimum GID</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9238"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLMinUserGID</B
--> [ <CODE
--CLASS="OPTION"
-->minimum-gid</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->999</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9265"
--></A
--><H2
-->Description</H2
--><P
-->SQLMinUserGID is checked whenever retrieving a user's GID. If the retrieved
--value for GID is less than the value of SQLMinUserGID, it is reported as the
--value of SQLDefaultGID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9268"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9271"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLMINUSERUID"
--></A
-->
--SQLMinUserUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9282"
--></A
--><H2
-->Name</H2
-->SQLMinUserUID -- Set a minimum UID</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9285"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLMinUserUID</B
--> [ <CODE
--CLASS="OPTION"
-->minimum-uid</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->999</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9312"
--></A
--><H2
-->Description</H2
--><P
-->SQLMinUserUID is checked whenever retrieving a user's UID. If the retrieved
--value for UID is less than the value of SQLMinUserUID, it is reported as the
--value of SQLDefaultUID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9315"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9318"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLNAMEDQUERY"
--></A
-->
--SQLNamedQuery</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9329"
--></A
--><H2
-->Name</H2
-->SQLNamedQuery -- Specify a query and an identifier for SQLShowInfo and SQLLog</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9332"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLNamedQuery</B
--> [ <CODE
--CLASS="OPTION"
-->"name" limit|regex|ip value</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->(docs incomplete)</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9359"
--></A
--><H2
-->Description</H2
--><P
-->SQLNamedQuery specifies a query and an identifier (name) for later use by
--SQLShowInfo and SQLLog.</P
--><P
-->It is strongly recommended that you read documentation on the LogFormat
--and ExtendedLog directives, as the meta-sequences available to SQLNamedQuery
--are largely equivalent.</P
--><P
-->The first parameter, name, should be unique across all named queries and
--must not contain spaces. The result of re-using a name is undefined.</P
--><P
-->The second parameter, type, is the type of query, either "SELECT", "UPDATE",
--"INSERT", or "FREEFORM". See the note below for information on FREEFORM type
--queries.</P
--><P
-->The third parameter is the substance of the database query itself; this
--should match the form of the second parameter. The meta-sequences accepted
--are exactly equivalent to the LogFormat directive except the following are
--not accepted:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->%{FOOBAR}e</P
--><P
-->For LogFormat, this logs the content of environment variable "FOOBAR". This
--is not bavailable in mod_sql.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->%{format}t and %t</P
--><P
-->These two meta-sequences logged the local server time; they are not available
--in mod_sql. Your database undoubtedly provides another way to get the time;
--for example, MySQL provides the now() function.</P
--></LI
--></UL
--><P
-->and the following is in addition to the LogFormat meta-sequences:</P
--><P
--> <P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->%d</P
--><P
-->The current working directory or "-" if none.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->%{n}</P
--><P
-->This meta-sequence is used internally by mod_sql and other third-party
--modules and patches to pass information to the database. Using this
--meta-sequence in anything other than an INSERT or UPDATE query is an
--error, and using this meta-sequence unless directed to by a third-party
--module or patch is also an error.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->%{env:VAR}</P
--><P
-->Starting with ProFTPD 1.3.1rc1 the SQLNamedQuery directive is able to make
--use of environment variables in the format "%{env:VAR}". The value
--of the environment variable VAR will be substituted into the SQL statement.</P
--></LI
--></UL
--> </P
--><P
-->The correct form of a query will be built from the directive arguments,
--except in the case of FREEFORM queries which will be sent directly to the
--database. The examples below show the way queries are built from the arguments.</P
--><P
-->The fourth parameter, table, is only necessary for UPDATE or INSERT type
--queries, but is required for those types.</P
--><P
-->Note: FREEFORM queries are a necessary evil; the simplistic query semantics
--of the UPDATE, INSERT, and SELECT type queries do not sufficiently expose
--the capabilities of most backend databases. At the same time, using a
--FREEFORM query makes it impossible for mod_sql to check whether the query
--type is appropriate, making sure that a SELECT query is not used in a SQLLog
--directive, for instance. Wherever possible, it is recommended that a specific
--query type be used.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9388"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLSHOWINFO"
-->SQLShowInfo</A
-->
--<A
--HREF="#SQLLOG"
-->SQLLog</A
-->
--<A
--HREF="#LOGFORMAT"
-->LogFormat</A
-->
--<A
--HREF="#EXTENDEDLOG"
-->ExtendedLog</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9395"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->SQLNamedQuery count SELECT "count from users where userid='%u'"</P
--><P
-->creates a query named "count" which could be used by SQLShowInfo to inform
--a user of their login count. The actual query would look something like
--"SELECT count FROM users WHERE userid='matilda'" for user "matilda".</P
--><P
--CLASS="LITERALLAYOUT"
-->SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users</P
--><P
-->creates a query named "updatecount" which could be used by SQLLog to update
--a user login counter in the table users. The actual query would look something
--like "UPDATE users SET count=count+1 WHERE userid='persephone'" for user
--"persephone".</P
--><P
--CLASS="LITERALLAYOUT"
-->SQLNamedQuery accesslog INSERT "now(), '%u'" accesslog</P
--><P
-->creates a query named "accesslog" which could be used by SQLLog to track
--access times by clients. The actual query would look something like "INSERT
--INTO accesslog VALUES (now(), 'pandora')" for user "pandora". Note that this
--may be too simplistic for your table structure, since most databases require
--data for all columns to be provided in an INSERT statement of this form. See
--the following FREEFORM query for an example of something which may suit your
--needs better.</P
--><P
--CLASS="LITERALLAYOUT"
-->SQLNamedQuery accesslog FREEFORM "INSERT INTO accesslog(date, user) VALUES (now(), '%u')"</P
--><P
-->creates a query named "accesslog" which could be used by SQLLog to track
--access times by clients. The actual query would look something like "INSERT
--INTO accesslog(date, user) VALUES (now(), 'tilda')" for user "tilda".</P
--></DIV
--><H1
--><A
--NAME="SQLNEGATIVECACHE"
--></A
-->
-- SQLNegativeCache</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9413"
--></A
--><H2
-->Name</H2
-->SQLNegativeCache -- Enable negative caching for SQL lookups</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9416"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLNegativeCache</B
--> [ <CODE
--CLASS="OPTION"
-->on</CODE
-->
-- <CODE
--CLASS="OPTION"
-->off</CODE
-->
-- ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--> SQLNegativeCache off
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--> server config, <VirtualHost>, <Global>
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql
-- </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
--> mod_sql v4.10 and later
-- </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9444"
--></A
--><H2
-->Description</H2
--><P
-->SQLNegativeCache specifies whether or not to cache negative
-- responses from SQL lookups when using SQL for UID/GID lookups.
-- Depending on your SQL tables, there can be a significant delay
-- when a directory listing is performed as the UIDs not in the
-- SQL database are repeatedly looked up in an attempt to present
-- usernames instead of UIDs in directory listings. With
-- SQLNegativeCache set to on, negative ("not found") responses from
-- SQL queries will be cached and speed will improve on directory
-- listings that contain many users not present in the SQL
-- database.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9447"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9450"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="SQLRATIOS"
--></A
-->
--SQLRatios</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9461"
--></A
--><H2
-->Name</H2
-->SQLRatios -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9464"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLRatios</B
--> [ <CODE
--CLASS="OPTION"
-->"name" limit|regex|ip value</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9491"
--></A
--><H2
-->Description</H2
--><P
-->mod_ratio is currently lacking a module maintainer. This directive is
--left over and not officially supported.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9494"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9497"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->(docs incomplete)</P
--></DIV
--><H1
--><A
--NAME="SQLRATIOSTATS"
--></A
-->
--SQLRatioStats</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9508"
--></A
--><H2
-->Name</H2
-->SQLRatioStats -- (docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9511"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLRatioStats</B
--> [ <CODE
--CLASS="OPTION"
-->"name" limit|regex|ip value</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9538"
--></A
--><H2
-->Description</H2
--><P
-->mod_ratio is currently lacking a module maintainer. This directive is
--left over and not officially supported.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9541"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9544"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->(docs incomplete)</P
--></DIV
--><H1
--><A
--NAME="SQLSHOWINFO"
--></A
-->
--SQLShowInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9555"
--></A
--><H2
-->Name</H2
-->SQLShowInfo -- Create a message to be sent to the user after any successful command</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9558"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLShowInfo</B
--> [ <CODE
--CLASS="OPTION"
-->cmd-set numeric query-string</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9585"
--></A
--><H2
-->Description</H2
--><P
-->This directive creates a message to be sent to the user after any successful
--command.</P
--><P
-->The first parameter, the cmd-set, is a comma separated (no spaces) list of
--FTP commands for which this log command will trigger. The list of commands
--is too long to list in entirety; commands include: CWD, DELE, HELP, LIST,
--MKD, MODE, NLST, PASS, PASV, PORT and many more. For the complete list check
--the FTP RFCs.</P
--><P
-->FTP commands in the command set will only be triggered if they complete
--successfully. Prefixing any command with "ERR_" will show information only
--if there was an error in command processing. To send a message on both
--errors and successfull completion of a given command X, therefore, you'll
--need both "X" and "ERR_X" in your cmd-set.</P
--><P
-->The special command "*" matches all FTP commands, while "ERR_*" matches
--all errors.</P
--><P
-->The second parameter, numeric, specifies the numeric value of the message
--returned to the FTP client. Do not choose a number blindly: message numbers
--may be parsed by clients. In most cases you will want to use 214, the "Help
--message" numeric. It specifies that the information is only meant to be human
--readable.</P
--><P
-->The third parameter, query-string, is exactly equivalent to the query-string
--parameter to the SQLLog directive, with one addition:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->%{name}</P
--><P
-->The first return value from the SQLNamedQuery identified by "name". There
--is currently no way to retrieve more than one value from the database at
--a time.</P
--></LI
--></UL
--><P
-->Any references to non-existent named queries, non-SELECT or -FREEFORM type
--queries, or references to queries which return a NULL first value, will be
--replaced with the string "{null}".</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9598"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9601"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--> SQLNamedQuery count SELECT "count from users where userid='%u'"<br>
-- SQLShowInfo PASS "230" "You've logged on %{count} times, %u"</P
--><P
-->As long as the information is in the database, these two directives specify
--that the user will be greeted with their login count each time they
--successfully login. Note the use of the "230" numeric, which means "User
--logged in, proceed". "230" is appropriate in this case because the message
--will be sent immediately after their password has been accepted and the
--session has started.</P
--></DIV
--><H1
--><A
--NAME="SQLUSERINFO"
--></A
-->
--SQLUserInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9613"
--></A
--><H2
-->Name</H2
-->SQLUserInfo -- Configure the user table and fields that hold user information</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9616"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLUserInfo</B
--> [ <CODE
--CLASS="OPTION"
-->user-table user-name passwd uid gid home-dir shell</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->"users userid passwd uid gid homedir shell"</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9643"
--></A
--><H2
-->Description</H2
--><P
-->The SQLUserInfo directive configures the user table and fields that hold
--user information. If you need to change any of these field names from the
--default, you must specify all of them, whether NULL or not. The parameters
--are described below:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->usertable</P
--><P
-->Specifies the name of the table that holds user information.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->username</P
--><P
-->Specifies the field in the user table that holds the username.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->passwd</P
--><P
-->Specifies the field in the user table that holds the user's password.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->uid</P
--><P
-->Specifies the field in the user table that holds the user's UID. When a
--UID is retrieved from the database it is checked against the value of
--SQLMinUserUID. If the field name is specified as "NULL" the database will
--not be queried for this value and the user's UID will be set to the value
--of SQLDefaultUID.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->gid</P
--><P
-->Specifies the field in the user table that holds the user's GID. When a GID
--is retrieved from the database it is checked against the value of
--SQLMinUserGID. If the field name is specified as "NULL" the database will
--not be queried for this value and the user's GID will be set to the value
--of SQLDefaultGID.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->homedir</P
--><P
-->Specifies the field in the user table that holds the user's home directory.
--If the fieldname is specified as "NULL" the database will not be queried for
--this value and the user's home directory will be set to the value of
--SQLDefaultHomedir. If no home directory is set with either directive, user
--authentication will be automatically turned off.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->shell</P
--><P
-->Specifies the field in the user table that holds the user's shell. If the
--fieldname is specified as "NULL" the database will not be queried and the
--shell will be reported as an empty string ("").</P
--></LI
--></UL
--><P
-->As of 1.2.9rc1, the SQLUserInfo directive accepts an alternate syntax:</P
--><P
--CLASS="LITERALLAYOUT"
--> SQLUserInfo custom:/name</P
--><P
-->where name refers to a configured SELECT SQLNamedQuery. This named query
--must return one row, and return the following columns, in this order:
--username, passwd, uid, gid, homedir, shell. The configured query may make use
--of the variables mentioned in the SQLLog description. This syntax allows the
--administrator a flexible way of constructing queries as needed. Note that if
--you want use the given USER name, you should use the %U variable, not %u; the
--latter requires the locally authenticated user name, which is exactly what
--SQLUserInfo is meant to provide.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9671"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLLOG"
-->SQLLog</A
-->
--<A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9676"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLUSERWHERECLAUSE"
--></A
-->
--SQLUserWhereClause</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9687"
--></A
--><H2
-->Name</H2
-->SQLUserWhereClause -- Configure a WHERE clause for every user query<</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9690"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLUserWhereClause</B
--> [ <CODE
--CLASS="OPTION"
-->where-clause</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, <Global>, <VirtualHost></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9717"
--></A
--><H2
-->Description</H2
--><P
-->The directive is used to configure a WHERE clause that is added to every
--user query. The WHERE clause must contain all relevant punctuation, and
--must not contain a leading "and".</P
--><P
-->Starting with ProFTPD 1.3.1rc1 the SQLUserWhereClause also supports the
--variables supported by <A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
-->
--except for the "%{n}" variable</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9722"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9726"
--></A
--><H2
-->Examples</H2
--><P
-->As an example of a possible use for this directive, imagine if your user
--table included a "LoginAllowed" field:</P
--><P
--CLASS="LITERALLAYOUT"
--> SQLUserWhereClause "LoginAllowed = 'true'"</P
--><P
-->would be appended to every user-related query as the string:</P
--><P
--CLASS="LITERALLAYOUT"
--> " WHERE (LoginAllowed = 'true')"</P
--></DIV
--><H1
--><A
- NAME="STOREUNIQUEPREFIX"
- ></A
- >
-@@ -30450,7 +19166,7 @@
- ></A
- ><H2
- >Name</H2
-->TLSPassPhraseProvider -- FIXFIXFIX</DIV
-+>TLSPassPhraseProvider -- Configure external provider for key</DIV
- ><DIV
- CLASS="REFSYNOPSISDIV"
- ><A
-@@ -31916,7 +20632,7 @@
- ></A
- ><H2
- >Name</H2
-->UnsetEnv -- (docs incomplete)</DIV
-+>UnsetEnv -- Unset environment variable</DIV
- ><DIV
- CLASS="REFSYNOPSISDIV"
- ><A
-@@ -33037,115 +21753,6 @@
- ></DIV
- ><H1
- ><A
--NAME="USERRATIO"
--></A
-->
--UserRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN12397"
--></A
--><H2
-->Name</H2
-->UserRatio -- Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN12400"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->UserRatio</B
--> [ <CODE
--CLASS="OPTION"
-->UserRatio foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
--><Directory>, <Anonymous>, <Limit>,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12427"
--></A
--><H2
-->Description</H2
--><P
-->The UserRatio directive ....
--Example:
--UserRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12430"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12433"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="USESENDFILE"
- ></A
- >
-@@ -34223,7 +22830,7 @@
- ></A
- ><H2
- >Name</H2
-->mod_tls -- Prevent information leak through timing attacks</DIV
-+>mod_delay -- Prevent information leak through timing attacks</DIV
- ><DIV
- CLASS="REFSYNOPSISDIV"
- ><A
-@@ -34301,167 +22908,6 @@
- ></DIV
- ><H1
- ><A
--NAME="MOD-LDAP"
--></A
-->
-- mod_ldap</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN12810"
--></A
--><H2
-->Name</H2
-->mod_ldap -- LDAP authentication support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN12813"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->mod_ldap</B
--> </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12816"
--></A
--><H2
-->Description</H2
--><P
--> mod_ldap provides LDAP authentication support for ProFTPD. It
-- supports many features useful in "toaster" environments such as
-- default UID/GID and autocreation/autogeneration of home directories.
-- </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12819"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#LDAPALIASDEREFERENCE"
-->LDAPAliasDereference</A
-->
--<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
--<A
--HREF="#LDAPAUTHBINDS"
-->LDAPAuthBinds</A
-->
--<A
--HREF="#LDAPDEFAULTAUTHSCHEME"
-->LDAPDefaultAuthScheme</A
-->
--<A
--HREF="#LDAPDEFAULTGID"
-->LDAPDefaultGID</A
-->
--<A
--HREF="#LDAPDEFAULTUID"
-->LDAPDefaultUID</A
-->
--<A
--HREF="#LDAPDNINFO"
-->LDAPDNInfo</A
-->
--<A
--HREF="#LDAPDOAUTH"
-->LDAPDoAuth</A
-->
--<A
--HREF="#LDAPDOGIDLOOKUPS"
-->LDAPDoGIDLookups</A
-->
--<A
--HREF="#LDAPDOQUOTALOOKUPS"
-->LDAPDoQuotaLookups</A
-->
--<A
--HREF="#LDAPDOUIDLOOKUPS"
-->LDAPDoUIDLookups</A
-->
--<A
--HREF="#LDAPFORCEDEFAULTGID"
-->LDAPForceDefaultGID</A
-->
--<A
--HREF="#LDAPFORCEDEFAULTUID"
-->LDAPForceDefaultUID</A
-->
--<A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
--<A
--HREF="#LDAPFORCEHOMEDIRONDEMAND"
-->LDAPForceHomedirOnDemand</A
-->
--<A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
--<A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
--<A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
--<A
--HREF="#LDAPHOMEDIRONDEMAND"
-->LDAPHomedirOnDemand</A
-->
--<A
--HREF="#LDAPHOMEDIRONDEMANDPREFIX"
-->LDAPHomedirOnDemandPrefix</A
-->
--<A
--HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
-->LDAPHomedirOnDemandPrefixNoUsername</A
-->
--<A
--HREF="#LDAPHOMEDIRONDEMANDSUFFIX"
-->LDAPHomedirOnDemandSuffix</A
-->
--<A
--HREF="#LDAPNEGATIVECACHE"
-->LDAPNegativeCache</A
-->
--<A
--HREF="#LDAPPROTOCOLVERSION"
-->LDAPProtocolVersion</A
-->
--<A
--HREF="#LDAPQUERYTIMEOUT"
-->LDAPQueryTimeout</A
-->
--<A
--HREF="#LDAPSEARCHSCOPE"
-->LDAPSearchScope</A
-->
--<A
--HREF="#LDAPSERVER"
-->LDAPServer</A
-->
--<A
--HREF="#LDAPUSETLS"
-->LDAPUseTLS</A
--> </P
--></DIV
--><H1
--><A
- NAME="MOD-LOG"
- ></A
- >
-@@ -34600,427 +23046,6 @@
- ></DIV
- ><H1
- ><A
--NAME="MOD-RADIUS"
--></A
-->
--mod_radius</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN12900"
--></A
--><H2
-->Name</H2
-->mod_radius -- RADIUS based authentication support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN12903"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->mod_radius</B
--> </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12906"
--></A
--><H2
-->Description</H2
--><P
-->This module provides RADIUS authentication and accounting support.</P
--><P
-->Strong authentication is in demand for Internet services. For many, this means using the RADIUS (Remote Authentication Dial-In User Service) protocol.</P
--><P
-->However, there are caveats to using RADIUS for authentication. RADIUS packets are sent in the clear, which means that they can easily be sniffed. First, do not have your authenticating RADIUS servers exposed to the Internet; keep them protected within your LAN. Second, it is highly recommended to use separate RADIUS servers for each of your services.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12911"
--></A
--><H2
-->RADIUS Authentication</H2
--><P
-->The RADIUS protocol can be used for answering the question "Should this user be allowed to login?" However, the "yes/no" answer is not everything that proftpd needs to log a user in; the server also requires the UID and GID to use for the authenticated user, home directory, and shell. This information is usually not available from the RADIUS servers, which means that using RADIUS to provide all the necessary login information can be problematic. The RadiusUserInfo directive is meant to be used to address this issue, to provide the missing information.</P
--><P
-->In those cases where the RADIUS servers can provide that additional login information, via custom attributes, the RadiusUserInfo directive can also be used obtain that information as well.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12915"
--></A
--><H2
-->RADIUS Accounting</H2
--><P
-->While RADIUS is primarily used for authentication, the protocol also allows for accounting of user activities. The mod_radius module makes use of this ability, using RADIUS accounting packets to transmit the following data:</P
--><P
--> * Acct-Authentic: How the user was authenticated (e.g. locally, or via RADIUS)
-- * Acct-Session-Id: The process ID of the FTP session
-- * Acct-Session-Time: The duration of the FTP session, in seconds
-- * Acct-Input-Octets: The number of bytes uploaded (includes appending to files)
-- * Acct-Output-Octets: The number of bytes downloaded
-- Merely configuring a RadiusAcctServer enables the module's accounting capabilities.
-- Common Attributes
-- The following RADIUS attributes are sent with every RADIUS packet generated by mod_radius:
-- * User-Name: The name of the logging-in user
-- * NAS-Identifier: Always "ftp"
-- * NAS-IP-Address: IP address of FTP server
-- * NAS-Port: Port of FTP server
-- * NAS-Port-Type: Always Virtual.
-- * Calling-Station-Id: IP address of connecting FTP client</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12919"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#RADIUSACCTSERVER"
-->RadiusAcctServer</A
-->
--<A
--HREF="#RADIUSAUTHSERVER"
-->RadiusAuthServer</A
-->
--<A
--HREF="#RADIUSENGINE"
-->RadiusEngine</A
-->
--<A
--HREF="#RADIUSLOG"
-->RadiusLog</A
-->
--<A
--HREF="#RADIUSREALM"
-->RadiusRealm</A
-->
--<A
--HREF="#RADIUSUSERINFO"
-->RadiusUserInfo</A
--> </P
--></DIV
--><H1
--><A
--NAME="MOD-RATIO"
--></A
-->
--mod_ratio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN12933"
--></A
--><H2
-->Name</H2
-->mod_ratio -- FIX ME FIX ME</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN12936"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->mod_ratio</B
--> </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12939"
--></A
--><H2
-->Description</H2
--><P
-->FIXME
--FIXME
--FIXME</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12942"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#ANONRATIO"
-->AnonRatio</A
-->
--<A
--HREF="#BYTERATIOERRMSG"
-->ByteRatioErrMsg</A
-->
--<A
--HREF="#CWDRATIOMSG"
-->CwdRatioMsg</A
-->
--<A
--HREF="#FILERATIOERRMSG"
-->FileRatioErrMsg</A
-->
--<A
--HREF="#GROUPRATIO"
-->GroupRatio</A
-->
--<A
--HREF="#HOSTRATIO"
-->HostRatio</A
-->
--<A
--HREF="#LEECHRATIOMSG"
-->LeechRatioMsg</A
-->
--<A
--HREF="#RATIOFILE"
-->RatioFile</A
-->
--<A
--HREF="#RATIOS"
-->Ratios</A
-->
--<A
--HREF="#RATIOTEMPFILE"
-->RatioTempFile</A
-->
--<A
--HREF="#SAVERATIOS"
-->SaveRatios</A
-->
--<A
--HREF="#USERRATIO"
-->UserRatio</A
--> </P
--></DIV
--><H1
--><A
--NAME="MOD-README"
--></A
-->
--mod_readme</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN12962"
--></A
--><H2
-->Name</H2
-->mod_readme -- "README" file support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN12965"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->mod_readme</B
--> </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12968"
--></A
--><H2
-->Description</H2
--><P
-->FIXME
--FIXME
--FIXME</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12971"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#DISPLAYREADME"
-->DisplayReadme</A
--> </P
--></DIV
--><H1
--><A
--NAME="AEN12975"
--></A
--></H1
--><A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
--><A
--HREF="#REWRITEENGINE"
-->RewriteEngine</A
--><A
--HREF="#REWRITELOCK"
-->RewriteLock</A
--><A
--HREF="#REWRITELOG"
-->RewriteLog</A
--><A
--HREF="#REWRITEMAP"
-->RewriteMap</A
--><A
--HREF="#REWRITERULE"
-->RewriteRule</A
--><H1
--><A
--NAME="MOD-SQL"
--></A
-->
--mod_sql</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN12987"
--></A
--><H2
-->Name</H2
-->mod_sql -- SQL support module</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN12990"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->mod_sql</B
--> </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12993"
--></A
--><H2
-->Description</H2
--><P
-->This module provides the necessary support for SQL based authentication, logging and other features as required.
--It replaces the SQL modules which were shipped with 1.2.0rc2 and earlier.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN12996"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLAUTHENTICATE"
-->SQLAuthenticate</A
-->
--<A
--HREF="#SQLAUTHTYPES"
-->SQLAuthTypes</A
-->
--<A
--HREF="#SQLBACKEND"
-->SQLBackend</A
-->
--<A
--HREF="#SQLCONNECTINFO"
-->SQLConnectInfo</A
-->
--<A
--HREF="#SQLDEFAULTGID"
-->SQLDefaultGID</A
-->
--<A
--HREF="#SQLDEFAULTHOMEDIR"
-->SQLDefaultHomedir</A
-->
--<A
--HREF="#SQLDEFAULTUID"
-->SQLDefaultUID</A
-->
--<A
--HREF="#SQLENGINE"
-->SQLEngine</A
-->
--<A
--HREF="#SQLGROUPINFO"
-->SQLGroupInfo</A
-->
--<A
--HREF="#SQLGROUPWHERECLAUSE"
-->SQLGroupWhereClause</A
-->
--<A
--HREF="#SQLHOMEDIRONDEMAND"
-->SQLHomedirOnDemand</A
-->
--<A
--HREF="#SQLLOG"
-->SQLLog</A
-->
--<A
--HREF="#SQLLOGFILE"
-->SQLLogFile</A
-->
--<A
--HREF="#SQLMINID"
-->SQLMinID</A
-->
--<A
--HREF="#SQLMINUSERGID"
-->SQLMinUserGID</A
-->
--<A
--HREF="#SQLMINUSERUID"
-->SQLMinUserUID</A
-->
--<A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
-->
--<A
--HREF="#SQLNEGATIVECACHE"
-->SQLNegativeCache</A
-->
--<A
--HREF="#SQLRATIOS"
-->SQLRatios</A
-->
--<A
--HREF="#SQLRATIOSTATS"
-->SQLRatioStats</A
-->
--<A
--HREF="#SQLSHOWINFO"
-->SQLShowInfo</A
-->
--<A
--HREF="#SQLUSERINFO"
-->SQLUserInfo</A
-->
--<A
--HREF="#SQLUSERWHERECLAUSE"
-->SQLUserWhereClause</A
--> </P
--></DIV
--><H1
--><A
- NAME="MOD-TLS"
- ></A
- >
-@@ -35263,7 +23288,7 @@
- ></A
- ><H2
- >Name</H2
-->mod_xfer -- FIX ME FIX ME</DIV
-+>mod_xfer -- control transfer</DIV
- ><DIV
- CLASS="REFSYNOPSISDIV"
- ><A
+
--- a/components/proftpd/patches/proftpd-error_code.patch Wed Jun 18 11:31:57 2014 -0700
+++ b/components/proftpd/patches/proftpd-error_code.patch Thu Jun 19 02:03:25 2014 -0700
@@ -1,9 +1,12 @@
+diff --git a/include/dirtree.h b/include/dirtree.h
+index 0f41986..fe7b14b 100644
--- a/include/dirtree.h
+++ b/include/dirtree.h
-@@ -113,6 +113,9 @@ typedef struct cmd_struc {
+@@ -126,6 +126,10 @@ typedef struct cmd_struc {
pr_table_t *notes; /* Private data for passing/retaining between handlers */
int cmd_id; /* Index into commands list, for faster comparisons */
++
+ int error_code; /* Stores errno of failed file transfer
+ * commands. Required for Solaris auditing.
+ */
@@ -11,10 +14,10 @@
struct config_struc {
diff --git a/modules/mod_core.c b/modules/mod_core.c
-index ff400f6..18a47c2 100644
+index e33ee11..f680748 100644
--- a/modules/mod_core.c
+++ b/modules/mod_core.c
-@@ -4554,6 +4554,7 @@ MODRET core_rmd(cmd_rec *cmd) {
+@@ -4775,6 +4775,7 @@ MODRET core_rmd(cmd_rec *cmd) {
dir = dir_canonical_path(cmd->tmp_pool, dir);
if (dir == NULL) {
int xerrno = EINVAL;
@@ -22,7 +25,7 @@
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4563,6 +4564,7 @@ MODRET core_rmd(cmd_rec *cmd) {
+@@ -4784,6 +4785,7 @@ MODRET core_rmd(cmd_rec *cmd) {
if (!dir_check_canon(cmd->tmp_pool, cmd, cmd->group, dir, NULL)) {
int xerrno = EACCES;
@@ -30,7 +33,7 @@
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4572,6 +4574,7 @@ MODRET core_rmd(cmd_rec *cmd) {
+@@ -4793,6 +4795,7 @@ MODRET core_rmd(cmd_rec *cmd) {
if (pr_fsio_rmdir(dir) < 0) {
int xerrno = errno;
@@ -38,7 +41,7 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error removing directory '%s': %s", cmd->argv[0], session.user,
-@@ -4628,6 +4631,7 @@ MODRET core_mkd(cmd_rec *cmd) {
+@@ -4849,6 +4852,7 @@ MODRET core_mkd(cmd_rec *cmd) {
dir = dir_canonical_path(cmd->tmp_pool, dir);
if (dir == NULL) {
int xerrno = EINVAL;
@@ -46,7 +49,7 @@
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4637,6 +4641,7 @@ MODRET core_mkd(cmd_rec *cmd) {
+@@ -4858,6 +4862,7 @@ MODRET core_mkd(cmd_rec *cmd) {
if (!dir_check_canon(cmd->tmp_pool, cmd, cmd->group, dir, NULL)) {
int xerrno = EACCES;
@@ -54,7 +57,7 @@
pr_log_debug(DEBUG8, "%s command denied by <Limit> config", cmd->argv[0]);
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4648,6 +4653,7 @@ MODRET core_mkd(cmd_rec *cmd) {
+@@ -4869,6 +4874,7 @@ MODRET core_mkd(cmd_rec *cmd) {
if (pr_fsio_smkdir(cmd->tmp_pool, dir, 0777, session.fsuid,
session.fsgid) < 0) {
int xerrno = errno;
@@ -62,7 +65,7 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error making directory '%s': %s", cmd->argv[0], session.user,
-@@ -4694,6 +4700,7 @@ MODRET core_mdtm(cmd_rec *cmd) {
+@@ -4915,6 +4921,7 @@ MODRET core_mdtm(cmd_rec *cmd) {
!dir_check(cmd->tmp_pool, cmd, cmd->group, path, NULL) ||
pr_fsio_stat(path, &st) == -1) {
int xerrno = errno;
@@ -70,23 +73,23 @@
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4805,6 +4812,7 @@ MODRET core_dele(cmd_rec *cmd) {
+@@ -5026,6 +5033,7 @@ MODRET core_dele(cmd_rec *cmd) {
path = dir_canonical_path(cmd->tmp_pool, path);
if (path == NULL) {
int xerrno = ENOENT;
-+ cmd->error_code = ENONET;
++ cmd->error_code = ENOENT;
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4814,6 +4822,7 @@ MODRET core_dele(cmd_rec *cmd) {
+@@ -5035,6 +5043,7 @@ MODRET core_dele(cmd_rec *cmd) {
- if (!dir_check_canon(cmd->tmp_pool, cmd, cmd->group, path, NULL)) {
+ if (!dir_check(cmd->tmp_pool, cmd, cmd->group, path, NULL)) {
int xerrno = errno;
+ cmd->error_code = errno;
pr_log_debug(DEBUG7, "deleting '%s' denied by <Limit> configuration", path);
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4830,6 +4839,7 @@ MODRET core_dele(cmd_rec *cmd) {
+@@ -5051,6 +5060,7 @@ MODRET core_dele(cmd_rec *cmd) {
pr_fs_clear_cache();
if (pr_fsio_lstat(path, &st) < 0) {
int xerrno = errno;
@@ -94,7 +97,7 @@
pr_log_debug(DEBUG3, "unable to lstat '%s': %s", path, strerror(xerrno));
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -4844,6 +4854,7 @@ MODRET core_dele(cmd_rec *cmd) {
+@@ -5065,6 +5075,7 @@ MODRET core_dele(cmd_rec *cmd) {
*/
if (S_ISDIR(st.st_mode)) {
int xerrno = EISDIR;
@@ -102,7 +105,7 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error deleting '%s': %s", cmd->argv[0], session.user,
-@@ -4860,6 +4871,7 @@ MODRET core_dele(cmd_rec *cmd) {
+@@ -5081,6 +5092,7 @@ MODRET core_dele(cmd_rec *cmd) {
if (pr_fsio_unlink(path) < 0) {
int xerrno = errno;
@@ -110,7 +113,15 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error deleting '%s': %s", cmd->argv[0], session.user,
-@@ -4951,6 +4963,7 @@ MODRET core_rnto(cmd_rec *cmd) {
+@@ -5165,6 +5177,7 @@ MODRET core_rnto(cmd_rec *cmd) {
+ pr_log_debug(DEBUG6, "AllowOverwrite denied permission for %s", path);
+ pr_response_add_err(R_550, _("%s: Rename permission denied"), cmd->arg);
+ errno = EACCES;
++ cmd->error_code = EACCES;
+ return PR_ERROR(cmd);
+ }
+
+@@ -5172,6 +5185,7 @@ MODRET core_rnto(cmd_rec *cmd) {
!dir_check_canon(cmd->tmp_pool, cmd, cmd->group, path, NULL) ||
pr_fsio_rename(session.xfer.path, path) == -1) {
int xerrno = errno;
@@ -118,7 +129,7 @@
if (xerrno != EXDEV) {
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
-@@ -4997,6 +5010,7 @@ MODRET core_rnto(cmd_rec *cmd) {
+@@ -5223,6 +5237,7 @@ MODRET core_rnto(cmd_rec *cmd) {
*/
if (pr_fs_copy_file(session.xfer.path, path) < 0) {
xerrno = errno;
@@ -126,7 +137,7 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error copying '%s' to '%s': %s", cmd->argv[0], session.user,
-@@ -5012,6 +5026,8 @@ MODRET core_rnto(cmd_rec *cmd) {
+@@ -5238,6 +5253,8 @@ MODRET core_rnto(cmd_rec *cmd) {
/* Once copied, unlink the original file. */
if (pr_fsio_unlink(session.xfer.path) < 0) {
@@ -135,8 +146,8 @@
pr_log_debug(DEBUG0, "error unlinking '%s': %s", session.xfer.path,
strerror(errno));
}
-@@ -5069,6 +5085,7 @@ MODRET core_rnfr(cmd_rec *cmd) {
- !dir_check_canon(cmd->tmp_pool, cmd, cmd->group, path, NULL) ||
+@@ -5295,6 +5312,7 @@ MODRET core_rnfr(cmd_rec *cmd) {
+ !dir_check(cmd->tmp_pool, cmd, cmd->group, path, NULL) ||
!exists(path)) {
int xerrno = errno;
+ cmd->error_code = errno;
@@ -144,18 +155,18 @@
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
diff --git a/modules/mod_xfer.c b/modules/mod_xfer.c
-index c153bb3..762b542 100644
+index bcfb487..41c597e 100644
--- a/modules/mod_xfer.c
+++ b/modules/mod_xfer.c
-@@ -1211,6 +1211,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
-
+@@ -1190,6 +1190,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
if (cmd->argc < 2) {
- pr_response_add_err(R_500, _("'%s' not understood"), get_full_cmd(cmd));
+ pr_response_add_err(R_500, _("'%s' not understood"),
+ pr_cmd_get_displayable_str(cmd, NULL));
+ cmd->error_code = EINVAL;
errno = EINVAL;
return PR_ERROR(cmd);
}
-@@ -1221,6 +1222,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+@@ -1200,6 +1201,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
if (!path ||
!dir_check(cmd->tmp_pool, cmd, cmd->group, path, NULL)) {
int xerrno = errno;
@@ -163,7 +174,7 @@
pr_log_debug(DEBUG8, "%s %s denied by <Limit> configuration", cmd->argv[0],
cmd->arg);
-@@ -1233,6 +1235,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+@@ -1232,6 +1234,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
if (xfer_check_limit(cmd) < 0) {
pr_response_add_err(R_451, _("%s: Too many transfers"), cmd->arg);
errno = EPERM;
@@ -171,7 +182,7 @@
return PR_ERROR(cmd);
}
-@@ -1245,6 +1248,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+@@ -1244,6 +1247,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
pr_log_debug(DEBUG6, "AllowOverwrite denied permission for %s", cmd->arg);
pr_response_add_err(R_550, _("%s: Overwrite permission denied"), cmd->arg);
errno = EACCES;
@@ -179,16 +190,15 @@
return PR_ERROR(cmd);
}
-@@ -1268,6 +1272,8 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+@@ -1267,6 +1271,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
/* Deliberately use EISDIR for anything non-file (e.g. directories). */
errno = EISDIR;
+ cmd->error_code = EISDIR;
-+
return PR_ERROR(cmd);
}
}
-@@ -1286,6 +1292,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+@@ -1285,6 +1290,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
session.restart_pos = 0L;
session.xfer.xfer_type = STOR_DEFAULT;
errno = EPERM;
@@ -196,20 +206,15 @@
return PR_ERROR(cmd);
}
-@@ -1304,9 +1311,11 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
-
+@@ -1306,6 +1312,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
/* Otherwise everthing is good */
if (pr_table_add(cmd->notes, "mod_xfer.store-path",
-- pstrdup(cmd->pool, path), 0) < 0)
-+ pstrdup(cmd->pool, path), 0) < 0) {
+ pstrdup(cmd->pool, path), 0) < 0) {
+ cmd->error_code = errno;
- pr_log_pri(PR_LOG_NOTICE, "notice: error adding 'mod_xfer.store-path': %s",
- strerror(errno));
-+ }
-
- c = find_config(CURRENT_CONF, CONF_PARAM, "HiddenStores", FALSE);
- if (c &&
-@@ -1319,6 +1328,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+ if (errno != EEXIST) {
+ pr_log_pri(PR_LOG_NOTICE,
+ "notice: error adding 'mod_xfer.store-path': %s", strerror(errno));
+@@ -1326,6 +1333,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
pr_response_add_err(R_501,
_("REST not compatible with server configuration"));
errno = EINVAL;
@@ -217,7 +222,7 @@
return PR_ERROR(cmd);
}
-@@ -1328,6 +1338,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
+@@ -1335,6 +1343,7 @@ MODRET xfer_pre_stor(cmd_rec *cmd) {
pr_response_add_err(R_550,
_("APPE not compatible with server configuration"));
errno = EINVAL;
@@ -225,15 +230,15 @@
return PR_ERROR(cmd);
}
-@@ -1391,6 +1402,7 @@ MODRET xfer_pre_stou(cmd_rec *cmd) {
-
+@@ -1400,6 +1409,7 @@ MODRET xfer_pre_stou(cmd_rec *cmd) {
tmpfd = mkstemp(filename);
if (tmpfd < 0) {
+ int xerrno = errno;
+ cmd->error_code = errno;
- pr_log_pri(PR_LOG_ERR, "error: unable to use mkstemp(): %s",
- strerror(errno));
-@@ -1416,6 +1428,7 @@ MODRET xfer_pre_stou(cmd_rec *cmd) {
+ pr_log_pri(PR_LOG_WARNING, "error: unable to use mkstemp(): %s",
+ strerror(xerrno));
+@@ -1428,6 +1438,7 @@ MODRET xfer_pre_stou(cmd_rec *cmd) {
if (!filename ||
!dir_check(cmd->tmp_pool, cmd, cmd->group, filename, NULL)) {
int xerrno = errno;
@@ -241,7 +246,30 @@
/* Do not forget to delete the file created by mkstemp(3) if there is
* an error.
-@@ -1495,6 +1508,7 @@ MODRET xfer_pre_appe(cmd_rec *cmd) {
+@@ -1461,12 +1472,14 @@ MODRET xfer_pre_stou(cmd_rec *cmd) {
+
+ /* Deliberately use EISDIR for anything non-file (e.g. directories). */
+ errno = EISDIR;
++ cmd->error_code = errno;
+ return PR_ERROR(cmd);
+ }
+
+ /* Otherwise everthing is good */
+ if (pr_table_add(cmd->notes, "mod_xfer.store-path",
+ pstrdup(cmd->pool, filename), 0) < 0) {
++ cmd->error_code = errno;
+ if (errno != EEXIST) {
+ pr_log_pri(PR_LOG_NOTICE,
+ "notice: error adding 'mod_xfer.store-path': %s", strerror(errno));
+@@ -1492,6 +1505,7 @@ MODRET xfer_post_stou(cmd_rec *cmd) {
+ mode_t mode = 0666;
+
+ if (pr_fsio_chmod(cmd->arg, mode) < 0) {
++ cmd->error_code = errno;
+
+ /* Not much to do but log the error. */
+ pr_log_pri(PR_LOG_NOTICE, "error: unable to chmod '%s' to %04o: %s",
+@@ -1510,6 +1524,7 @@ MODRET xfer_pre_appe(cmd_rec *cmd) {
if (xfer_check_limit(cmd) < 0) {
pr_response_add_err(R_451, _("%s: Too many transfers"), cmd->arg);
errno = EPERM;
@@ -249,15 +277,7 @@
return PR_ERROR(cmd);
}
-@@ -1550,6 +1564,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
- O_WRONLY|(session.restart_pos ? 0 : O_CREAT|O_EXCL));
- if (stor_fh == NULL) {
- ferrno = errno;
-+ cmd->error_code = errno;
-
- (void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
- "error opening '%s': %s", cmd->argv[0], session.user,
-@@ -1562,6 +1577,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+@@ -1580,6 +1595,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
if (stor_fh) {
if (pr_fsio_lseek(stor_fh, 0, SEEK_END) == (off_t) -1) {
@@ -265,7 +285,7 @@
pr_log_debug(DEBUG4, "unable to seek to end of '%s' for appending: %s",
cmd->arg, strerror(errno));
(void) pr_fsio_close(stor_fh);
-@@ -1570,6 +1586,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+@@ -1588,6 +1604,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
} else {
ferrno = errno;
@@ -273,7 +293,7 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error opening '%s': %s", cmd->argv[0], session.user,
-@@ -1583,6 +1600,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+@@ -1601,6 +1618,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
O_WRONLY|(session.restart_pos ? 0 : O_TRUNC|O_CREAT));
if (stor_fh == NULL) {
ferrno = errno;
@@ -281,7 +301,7 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error opening '%s': %s", cmd->argv[0], session.user,
-@@ -1596,11 +1614,13 @@ MODRET xfer_stor(cmd_rec *cmd) {
+@@ -1614,11 +1632,13 @@ MODRET xfer_stor(cmd_rec *cmd) {
int xerrno = 0;
if (pr_fsio_lseek(stor_fh, session.restart_pos, SEEK_SET) == -1) {
@@ -295,7 +315,15 @@
pr_log_debug(DEBUG4, "unable to stat '%s': %s", cmd->arg,
strerror(errno));
xerrno = errno;
-@@ -1748,6 +1768,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+@@ -1755,6 +1775,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+ pr_data_abort(EPERM, FALSE);
+ errno = EPERM;
+ #endif
++ cmd->error_code = errno;
+ return PR_ERROR(cmd);
+ }
+
+@@ -1766,6 +1787,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
res = pr_fsio_write(stor_fh, lbuf, len);
if (res != len) {
int xerrno = EIO;
@@ -303,53 +331,62 @@
if (res < 0)
xerrno = errno;
-@@ -1806,18 +1827,21 @@ MODRET xfer_stor(cmd_rec *cmd) {
- */
- #if defined(EDQUOT)
+@@ -1795,6 +1817,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+
+ /* default abort errno, in case session.d et al has already gone away */
+ int xerrno = ECONNABORTED;
++ cmd->error_code = ECONNABORTED;
+
+ stor_abort();
+
+@@ -1814,6 +1837,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
+
+ if (stor_complete() < 0) {
+ int xerrno = errno;
++ cmd->error_code = errno;
+
+ _log_transfer('i', 'i');
+
+@@ -1826,12 +1850,14 @@ MODRET xfer_stor(cmd_rec *cmd) {
if (xerrno == EDQUOT) {
-+ cmd->error_code = EDQUOT;
pr_response_add_err(R_552, "%s: %s", cmd->arg, strerror(xerrno));
errno = xerrno;
++ cmd->error_code = errno;
return PR_ERROR(cmd);
}
#elif defined(EFBIG)
if (xerrno == EFBIG) {
-+ cmd->error_code = EFBIG;
pr_response_add_err(R_552, "%s: %s", cmd->arg, strerror(xerrno));
errno = xerrno;
++ cmd->error_code = errno;
return PR_ERROR(cmd);
}
#endif
-
-+ cmd->error_code = EFBIG;
- pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
- errno = xerrno;
- return PR_ERROR(cmd);
-@@ -1826,6 +1850,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
- if (session.xfer.path &&
+@@ -1845,6 +1871,7 @@ MODRET xfer_stor(cmd_rec *cmd) {
session.xfer.path_hidden) {
if (pr_fsio_rename(session.xfer.path_hidden, session.xfer.path) != 0) {
+ int xerrno = errno;
+ cmd->error_code = errno;
/* This should only fail on a race condition with a chmod/chown
* or if STOR_APPEND is on and the permissions are squirrely.
-@@ -1924,6 +1949,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
- if (cmd->argc < 2) {
- pr_response_add_err(R_500, _("'%s' not understood"), get_full_cmd(cmd));
+@@ -1947,6 +1974,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
+ pr_response_add_err(R_500, _("'%s' not understood"),
+ pr_cmd_get_displayable_str(cmd, NULL));
errno = EINVAL;
+ cmd->error_code = EINVAL;
return PR_ERROR(cmd);
}
-@@ -1933,6 +1959,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
+@@ -1956,6 +1984,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
if (!dir ||
!dir_check(cmd->tmp_pool, cmd, cmd->group, dir, NULL)) {
int xerrno = errno;
-+ cmd->error_code = EINVAL;
++ cmd->error_code;
pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
-@@ -1955,6 +1982,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
+@@ -1978,12 +2007,14 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
if (xfer_check_limit(cmd) < 0) {
pr_response_add_err(R_451, _("%s: Too many transfers"), cmd->arg);
errno = EPERM;
@@ -357,7 +394,14 @@
return PR_ERROR(cmd);
}
-@@ -1977,6 +2005,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
+ fmode = file_mode(dir);
+ if (fmode == 0) {
+ int xerrno = errno;
++ cmd->error_code = errno;
+
+ pr_response_add_err(R_550, "%s: %s", cmd->arg, strerror(xerrno));
+
+@@ -2000,6 +2031,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
/* Deliberately use EISDIR for anything non-file (e.g. directories). */
errno = EISDIR;
@@ -365,7 +409,7 @@
return PR_ERROR(cmd);
}
-@@ -1991,6 +2020,7 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
+@@ -2014,12 +2046,14 @@ MODRET xfer_pre_retr(cmd_rec *cmd) {
cmd->arg);
session.restart_pos = 0L;
errno = EPERM;
@@ -373,7 +417,14 @@
return PR_ERROR(cmd);
}
-@@ -2020,6 +2050,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
+ /* Otherwise everthing is good */
+ if (pr_table_add(cmd->notes, "mod_xfer.retr-path",
+ pstrdup(cmd->pool, dir), 0) < 0) {
++ cmd->error_code = errno;
+ if (errno != EEXIST) {
+ pr_log_pri(PR_LOG_NOTICE, "notice: error adding 'mod_xfer.retr-path': %s",
+ strerror(errno));
+@@ -2046,6 +2080,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
retr_fh = pr_fsio_open(dir, O_RDONLY);
if (retr_fh == NULL) {
int xerrno = errno;
@@ -381,25 +432,23 @@
(void) pr_trace_msg("fileperms", 1, "%s, user '%s' (UID %lu, GID %lu): "
"error opening '%s': %s", cmd->argv[0], session.user,
-@@ -2033,6 +2064,8 @@ MODRET xfer_retr(cmd_rec *cmd) {
+@@ -2059,6 +2094,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
if (pr_fsio_stat(dir, &st) < 0) {
/* Error stat'ing the file. */
int xerrno = errno;
+ cmd->error_code = errno;
-+
pr_fsio_close(retr_fh);
errno = xerrno;
-@@ -2057,6 +2090,8 @@ MODRET xfer_retr(cmd_rec *cmd) {
+@@ -2083,6 +2119,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
if (pr_fsio_lseek(retr_fh, session.restart_pos,
SEEK_SET) == (off_t) -1) {
int xerrno = errno;
+ cmd->error_code = errno;
-+
pr_fsio_close(retr_fh);
errno = xerrno;
retr_fh = NULL;
-@@ -2115,6 +2150,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
+@@ -2143,6 +2180,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
retr_abort();
/* Set errno to EPERM ("Operation not permitted") */
@@ -407,12 +456,11 @@
pr_data_abort(EPERM, FALSE);
return PR_ERROR(cmd);
}
-@@ -2146,6 +2182,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
+@@ -2174,6 +2212,7 @@ MODRET xfer_retr(cmd_rec *cmd) {
* is preserved; errno itself might be overwritten in retr_abort().
*/
int xerrno = errno;
+ cmd->error_code = errno;
retr_abort();
-
-
+ pr_data_abort(xerrno, FALSE);
--- a/components/proftpd/patches/proftpd-manpage-see-also.patch Wed Jun 18 11:31:57 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
---- a/src/proftpd.8.in
-+++ b/src/proftpd.8.in
-@@ -125,7 +125,7 @@ can be found on
- .BR http://www.proftpd.org/credits.html
- .PD
- .SH SEE ALSO
--.BR inetd(8), ftp(1), ftpwho(1), ftpcount(1), ftpshut(8)
-+.BR inetd(8), ftp(1), proftpd.conf(4), ftpwho(1), ftpcount(1), ftpshut(8)
- .PP
- Full documentation on ProFTPD, including configuration and FAQs, is available at
- .BR http://www.proftpd.org/
--- a/components/proftpd/patches/proftpd-pam.patch Wed Jun 18 11:31:57 2014 -0700
+++ b/components/proftpd/patches/proftpd-pam.patch Thu Jun 19 02:03:25 2014 -0700
@@ -1,3 +1,5 @@
+http://bugs.proftpd.org/show_bug.cgi?id=4070
+
--- proftpd-1.3.3e/include/auth.h Tue Sep 8 22:34:03 2009
+++ proftpd-1.3.3e-pam/include/auth.h Tue May 24 10:37:40 2011
@@ -59,6 +59,35 @@
--- a/components/proftpd/patches/proftpd-retry.patch Wed Jun 18 11:31:57 2014 -0700
+++ b/components/proftpd/patches/proftpd-retry.patch Thu Jun 19 02:03:25 2014 -0700
@@ -1,97 +1,47 @@
--- a/src/data.c
+++ b/src/data.c
-@@ -333,6 +333,7 @@ static int data_pasv_open(char *reason, off_t size) {
+@@ -337,6 +337,7 @@ static int data_pasv_open(char *reason, off_t size) {
static int data_active_open(char *reason, off_t size) {
conn_t *c;
- int rev;
+ int bind_port, rev;
+ int retries = 0;
pr_netaddr_t *bind_addr;
+ unsigned char *root_revoke = NULL;
- if (!reason && session.xfer.filename)
-@@ -348,45 +349,55 @@ static int data_active_open(char *reason, off_t size) {
- bind_addr = pr_netaddr_v6tov4(session.xfer.p, session.c->local_addr);
+@@ -368,7 +369,9 @@ static int data_active_open(char *reason, off_t size) {
+ bind_port = INPORT_ANY;
}
-- session.d = pr_inet_create_conn(session.pool, -1, bind_addr,
-- session.c->local_port-1, TRUE);
+- session.d = pr_inet_create_conn(session.pool, -1, bind_addr, bind_port, TRUE);
+ for (;;) {
-+ session.d = pr_inet_create_conn(session.pool, -1, bind_addr,
-+ session.c->local_port-1, TRUE);
++ session.d = pr_inet_create_conn(session.pool, -1, bind_addr, bind_port,
++ TRUE);
-- /* Set the "stalled" timer, if any, to prevent the connection
-- * open from taking too long
-- */
-- if (timeout_stalled) {
-- pr_timer_add(timeout_stalled, PR_TIMER_STALLED, NULL, stalled_timeout_cb,
-- "TimeoutStalled");
-- }
-+ /* Set the "stalled" timer, if any, to prevent the connection
-+ * open from taking too long
-+ */
-+ if (timeout_stalled) {
-+ pr_timer_add(timeout_stalled, PR_TIMER_STALLED, NULL, stalled_timeout_cb,
-+ "TimeoutStalled");
-+ }
-
-- rev = pr_netaddr_set_reverse_dns(ServerUseReverseDNS);
-+ rev = pr_netaddr_set_reverse_dns(ServerUseReverseDNS);
-
-- /* Protocol and socket options should be set before handshaking. */
-+ /* Protocol and socket options should be set before handshaking. */
+ /* Default remote address to which to connect for an active transfer,
+ * if the client has not specified a different address via PORT/EPRT,
+@@ -416,6 +419,15 @@ static int data_active_open(char *reason, off_t size) {
-- if (session.xfer.direction == PR_NETIO_IO_RD) {
-- pr_inet_set_socket_opts(session.d->pool, session.d,
-- (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0);
-+ if (session.xfer.direction == PR_NETIO_IO_RD) {
-+ pr_inet_set_socket_opts(session.d->pool, session.d,
-+ (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0);
-
-- } else {
-- pr_inet_set_socket_opts(session.d->pool, session.d,
-- 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0));
-- }
-+ } else {
-+ pr_inet_set_socket_opts(session.d->pool, session.d,
-+ 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0));
+ if (pr_inet_connect(session.d->pool, session.d, &session.data_addr,
+ session.data_port) == -1) {
++
++ if (session.d->xerrno == EADDRINUSE && retries < 16) {
++ destroy_pool(session.d->pool);
++ pr_signals_handle();
++ /* Wait up to MSL to avoid TIME_WAIT. */
++ sleep(retries++);
++ continue;
+ }
-
-- /* Make sure that the necessary socket options are set on the socket prior
-- * to the call to connect(2).
-- */
-- pr_inet_set_proto_opts(session.pool, session.d, main_server->tcp_mss_len, 0,
-- IPTOS_THROUGHPUT, 1);
-- pr_inet_generate_socket_event("core.data-connect", main_server,
-- session.d->local_addr, session.d->listen_fd);
-+ /* Make sure that the necessary socket options are set on the socket prior
-+ * to the call to connect(2).
-+ */
-+ pr_inet_set_proto_opts(session.pool, session.d, main_server->tcp_mss_len, 0,
-+ IPTOS_THROUGHPUT, 1);
-+ pr_inet_generate_socket_event("core.data-connect", main_server,
-+ session.d->local_addr, session.d->listen_fd);
-
-- if (pr_inet_connect(session.d->pool, session.d, &session.data_addr,
-+ if (pr_inet_connect(session.d->pool, session.d, &session.data_addr,
- session.data_port) == -1) {
-- pr_response_add_err(R_425, _("Unable to build data connection: %s"),
-- strerror(session.d->xerrno));
-- destroy_pool(session.d->pool);
-- session.d = NULL;
-- return -1;
-+ if (session.d->xerrno == EADDRINUSE && retries < 16) {
-+ destroy_pool(session.d->pool);
-+ pr_signals_handle();
-+ /* Wait up to MSL to avoid TIME_WAIT. */
-+ sleep(retries++);
-+ continue;
-+ }
-+ pr_response_add_err(R_425, _("Unable to build data connection: %s"),
-+ strerror(session.d->xerrno));
-+ destroy_pool(session.d->pool);
-+ session.d = NULL;
-+ return -1;
-+ } else
-+ break;
++
+ pr_log_debug(DEBUG6,
+ "Error connecting to %s#%u for active data transfer: %s",
+ pr_netaddr_get_ipstr(&session.data_addr), session.data_port,
+@@ -427,6 +439,9 @@ static int data_active_open(char *reason, off_t size) {
+ destroy_pool(session.d->pool);
+ session.d = NULL;
+ return -1;
++ } else
++ break;
++
}
c = pr_inet_openrw(session.pool, session.d, NULL, PR_NETIO_STRM_DATA,
--- a/components/proftpd/proftpd.conf.4 Wed Jun 18 11:31:57 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-'\" te
-.\" Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
-.TH proftpd.conf 4 "12 Jul 2012" "SunOS 5.11" "File Formats"
-.SH NAME
-proftpd.conf \- configuration file for the proftpd FTP server
-.SH SYNOPSIS
-.LP
-.nf
-\fB/etc/proftpd.conf\fR
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The file \fB/etc/proftpd.conf\fR contains configuration for the \fBproftpd\fR(8) FTP server. The configuration documentation is located in \fBfile:///usr/share/doc/proftpd/Configuration.html\fR.
-.sp
-.LP
-
-.SH SEE ALSO
-.sp
-.LP
-\fBproftpd\fR(8)
--- a/components/proftpd/proftpd.p5m Wed Jun 18 11:31:57 2014 -0700
+++ b/components/proftpd/proftpd.p5m Thu Jun 19 02:03:25 2014 -0700
@@ -142,7 +142,7 @@
file path=usr/share/man/man1/ftpcount.1
file path=usr/share/man/man1/ftptop.1
file path=usr/share/man/man1/ftpwho.1
-file proftpd.conf.4 path=usr/share/man/man4/proftpd.conf.4
+file path=usr/share/man/man5/proftpd.conf.5
file path=usr/share/man/man5/xferlog.5
file path=usr/share/man/man8/ftpdctl.8
file path=usr/share/man/man8/ftpscrub.8
@@ -159,11 +159,11 @@
com.oracle.info.description="the ProFPTD GSS Engine" \
com.oracle.info.name=mod_gss \
com.oracle.info.tpno=$(TPNO_MOD_GSS) \
- com.oracle.info.version=1.3.6
+ com.oracle.info.version=$(COMPONENT_VERSION_1)
license proftpd.license license="GPLv2 (proftpd)" \
com.oracle.info.description="the ProFTPD server and utilities" \
com.oracle.info.name=proftpd \
com.oracle.info.tpno=$(TPNO_PROFTPD) \
- com.oracle.info.version=1.3.4c
+ com.oracle.info.version=$(COMPONENT_VERSION)
user ftpuser=false gcos-field="FTPD Reserved UID" username="ftp" uid=21 group="ftp"