-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The purpose of this file is to record and log specific technical notes regarding proftpd development; both current and "to-do" items. The file is _not_ distributed with tarball source code releases, and only exists inside the CVS repository. If you use this file to annotate your work, please make sure you follow the existing format. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [ Legend: - = "to do", + = "done", x = "idea has been scrapped" ] GENERAL TODO FOR 1.2.0: + Configurable logging, including formats, command levels and files. + "Global" configuration directives. New context?? New directive block, untested. + Limit connections per IP address in some configurable fashion. MaxClientsPerHost directive, by vlad@elis.tasur.edu.ru + Directive to disable wtmp, xferlog and syslog logging. 8/13/98 JSS: - Document the following directives: + +MaxInstances +MaxClientsPerHost +SystemLog +LogFormat +ExtendedLog UtmpLog 7/19/98 JSS: + LsDefaultOptions to specify default 'options' that will be applied to LIST/NLST/STAT commands in mod_ls.c + SyslogFacility directive, to configure which facility proftpd uses for ALL logging (including auth) + DirFakeMode directive, to specify "fake" permissions shown in directory listings. 7/14/98 JSS: + Make Allow/Deny CIDR 7/10/98 JSS: + Add -t argument to LIST/NLST, sort by time instead of name. + Add new directive (LoginPasswordPrompt?) to cause proftpd to skip password request if login will be denied regardless of password. + New directives to document: PersistentPasswd AuthUserFile AuthGroupFile DirFakeUser DirFakeGroup RootLogin IdentLookups ShowSymlinks (altered default in 1.1.5) 6/1/98 JSS: - TODO: + Rewrite i/o & buffer code. It was originally somewhat of a "exersise" in async i/o w/out using SIGIO/SIGURG or threads. Neat in concept, poor in execution. Creates massives problems with dynamically generated data connections (i.e. recursive directory listing), because all the data must be buffered before it can be sent. Rather, it would now be better to go to a completely sync i/o model, using SIGURG to detect transfer interruption. 5/24/98 JSS: - TODO: + "Dyanmic" static blocks. Using "" should be applied to the currently authenticated user AFTER login. Similar to how .ftpaccess works, but statically configured in the main configuration file. + AuthAliasOnly directive: forces a particular configuration to ONLY authenticate aliased usernames (only the left-most argument of `UserAlias'). All others should be treated as if the user does not exist for that config block. If applied to a or main config, this effectively means that non-alias usernames do not exist AT ALL. This would allow configurations where an anonymous context runs as a _real user_ who also has normally authenticated access to the system. i.e.: # assuming user 'frank' is a real user User frank Group users UserAlias anonymous frank UserAlias ftp frank AuthAliasOnly on # now, if a user logs in as ftp or anonymous, they are jailed # into ~frank/ftp, and the daemon runs as frank.users. # If the user logs in as frank, they are authenicated normally # and not jailed. + Expand DefaultRoot so that a root directory can be specified as "~/anon-ftp", so that all logins (for which DefaultRoot matches) are jailed into the authenticated user's $HOME/anon-ftp. + AnonymousGroup group-expression: makes all usernames matching the group-expression explicitly anonymous; no password is required. Additionally, those forced anonymous by this directive would be jailed into the proper matching DefaultRoot if one exists, otherwise jailed into their home directory. Some extra security should be placed on this so that user's w/out home directories (or DefaultRoot) are not allowed access. - Specifying a `Port 0' (i.e. non-existant port) in either the main configuration or in a VirtualHost causes proftpd to not create a socket or bind to _any_ address for the given config. This can be used to selectively disable certain virtualhosts w/out commenting out large portions of config. Rather, the config still applies, however there is no possibility of network activity taking place on the associated configuration. Intended purpose is really to allow the "main configuration" to not bind to any ip or port (although this would have no effect if SocketBindTight was off). TODO: Document this in reference.html. - Created this file in the proftpd-1.1 source tree and added to cvs. Top of file should not be altered and should always retain existing text describing the contents of this file.