#ifndef VSF_TUNABLES_H
#define VSF_TUNABLES_H
/* tunables_load_defaults()
* PURPOSE
* Load the default values into the global settings variables.
*/
void tunables_load_defaults();
/* Configurable preferences */
/* Booleans */
extern int tunable_anonymous_enable; /* Allow anon logins */
extern int tunable_local_enable; /* Allow local logins */
extern int tunable_pasv_enable; /* Allow PASV */
extern int tunable_port_enable; /* Allow PORT */
extern int tunable_chroot_local_user; /* Restrict local to home dir */
extern int tunable_write_enable; /* Global enable writes */
extern int tunable_anon_upload_enable; /* Enable STOR for anon users */
extern int tunable_anon_mkdir_write_enable; /* MKD for anon */
extern int tunable_anon_other_write_enable; /* APPE DELE RMD RNFR for anon */
extern int tunable_chown_uploads; /* chown() anon uploaded files */
extern int tunable_connect_from_port_20; /* PORT connects from port 20 */
extern int tunable_xferlog_enable; /* Log transfers to a file */
extern int tunable_dirmessage_enable; /* Look for + output .message */
extern int tunable_anon_world_readable_only; /* Only serve world readable */
extern int tunable_async_abor_enable; /* Enable async ABOR requests */
extern int tunable_ascii_upload_enable; /* Permit ASCII upload */
extern int tunable_ascii_download_enable; /* Permit ASCII download */
extern int tunable_one_process_model; /* Go faster stripes ;-) */
extern int tunable_xferlog_std_format; /* Log details like wu-ftpd */
extern int tunable_pasv_promiscuous; /* Allow any PASV connect IP */
extern int tunable_deny_email_enable; /* Ban a list of anon e-mails */
extern int tunable_chroot_list_enable; /* chroot() based on list file */
extern int tunable_setproctitle_enable; /* Try to use setproctitle() */
extern int tunable_text_userdb_names; /* For "ls", lookup text names */
extern int tunable_ls_recurse_enable; /* Allow ls -R */
extern int tunable_log_ftp_protocol; /* Log FTP requests/responses */
extern int tunable_guest_enable; /* Remap guest users */
extern int tunable_userlist_enable; /* Explicit user allow or deny */
extern int tunable_userlist_deny; /* Is user list allow or deny? */
extern int tunable_use_localtime; /* Use local time or GMT? */
extern int tunable_check_shell; /* Use /etc/shells for non-PAM */
extern int tunable_hide_ids; /* Show "ftp" in ls listings */
extern int tunable_listen; /* Standalone (no inetd) mode? */
extern int tunable_port_promiscuous; /* Any any PORT connect IP */
extern int tunable_passwd_chroot_enable; /* chroot() based on passwd */
extern int tunable_no_anon_password; /* Do not ask for anon pword */
extern int tunable_tcp_wrappers; /* Standalone: do tcp wrappers */
extern int tunable_use_sendfile; /* Use sendfile() if we can */
extern int tunable_force_dot_files; /* Show dotfiles without -a */
extern int tunable_listen_ipv6; /* Standalone with IPv6 listen */
extern int tunable_dual_log_enable; /* Log vsftpd.log AND xferlog */
extern int tunable_syslog_enable; /* Use syslog not vsftpd.log */
extern int tunable_background; /* Background listener process */
extern int tunable_virtual_use_local_privs; /* Virtual user => local privs */
extern int tunable_session_support; /* utmp, wtmp, pam_session */
extern int tunable_download_enable; /* Can download anything? */
extern int tunable_dirlist_enable; /* Can see any dirs? */
extern int tunable_chmod_enable; /* Is CHMOD allowed? (local) */
extern int tunable_secure_email_list_enable; /* Require specific anon email */
extern int tunable_run_as_launching_user; /* Runs as launching user */
extern int tunable_no_log_lock; /* Don't lock log files */
extern int tunable_ssl_enable; /* Allow SSL/TLS AUTH */
extern int tunable_allow_anon_ssl; /* Allow anonymous use of SSL */
extern int tunable_force_local_logins_ssl; /* Require local logins use SSL */
extern int tunable_force_local_data_ssl; /* Require local data uses SSL */
extern int tunable_sslv2; /* Allow SSLv2 */
extern int tunable_sslv3; /* Allow SSLv3 */
extern int tunable_tlsv1; /* Allow TLSv1 */
extern int tunable_tlsv1_1; /* Allow TLSv1.1 */
extern int tunable_tlsv1_2; /* Allow TLSv1.2 */
extern int tunable_tilde_user_enable; /* Support e.g. ~chris */
extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */
extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */
extern int tunable_mdtm_write; /* Allow MDTM to set timestamps */
extern int tunable_lock_upload_files; /* Lock uploading files */
extern int tunable_pasv_addr_resolve; /* DNS resolve pasv_addr */
extern int tunable_reverse_lookup_enable; /* Get hostname before pam auth */
extern int tunable_userlist_log; /* Log every failed login attempt */
extern int tunable_debug_ssl; /* Verbose SSL logging */
extern int tunable_require_cert; /* SSL client cert required */
extern int tunable_validate_cert; /* SSL certs must be valid */
extern int tunable_strict_ssl_read_eof; /* Need SSL_shutdown() on read */
extern int tunable_strict_ssl_write_shutdown; /* Need SSL_shutdown() on write */
extern int tunable_ssl_request_cert; /* Ask client for cert */
extern int tunable_delete_failed_uploads; /* Delete an upload that failed */
extern int tunable_implicit_ssl; /* Use implicit SSL protocol */
extern int tunable_ptrace_sandbox; /* DEPRECATED ptrace sandbox */
extern int tunable_require_ssl_reuse; /* Require re-used data conn */
extern int tunable_isolate; /* Use container clone() flags */
extern int tunable_isolate_network; /* Use CLONE_NEWNET */
extern int tunable_ftp_enable; /* Allow FTP protocol */
extern int tunable_http_enable; /* Allow HTTP protocol */
extern int tunable_seccomp_sandbox; /* seccomp filter sandbox */
extern int tunable_allow_writeable_chroot; /* Allow misconfiguration */
/* Integer/numeric defines */
extern unsigned int tunable_accept_timeout;
extern unsigned int tunable_connect_timeout;
extern unsigned int tunable_local_umask;
extern unsigned int tunable_anon_umask;
extern unsigned int tunable_ftp_data_port;
extern unsigned int tunable_idle_session_timeout;
extern unsigned int tunable_data_connection_timeout;
extern unsigned int tunable_pasv_min_port;
extern unsigned int tunable_pasv_max_port;
extern unsigned int tunable_anon_max_rate;
extern unsigned int tunable_local_max_rate;
extern unsigned int tunable_listen_port;
extern unsigned int tunable_max_clients;
extern unsigned int tunable_file_open_mode;
extern unsigned int tunable_max_per_ip;
extern unsigned int tunable_trans_chunk_size;
extern unsigned int tunable_delay_failed_login;
extern unsigned int tunable_delay_successful_login;
extern unsigned int tunable_max_login_fails;
extern unsigned int tunable_chown_upload_mode;
/* String defines */
extern const char* tunable_secure_chroot_dir;
extern const char* tunable_ftp_username;
extern const char* tunable_chown_username;
extern const char* tunable_xferlog_file;
extern const char* tunable_vsftpd_log_file;
extern const char* tunable_message_file;
extern const char* tunable_nopriv_user;
extern const char* tunable_ftpd_banner;
extern const char* tunable_banned_email_file;
extern const char* tunable_chroot_list_file;
extern const char* tunable_pam_service_name;
extern const char* tunable_guest_username;
extern const char* tunable_userlist_file;
extern const char* tunable_anon_root;
extern const char* tunable_local_root;
extern const char* tunable_banner_file;
extern const char* tunable_pasv_address;
extern const char* tunable_listen_address;
extern const char* tunable_user_config_dir;
extern const char* tunable_listen_address6;
extern const char* tunable_cmds_allowed;
extern const char* tunable_hide_file;
extern const char* tunable_deny_file;
extern const char* tunable_user_sub_token;
extern const char* tunable_email_password_file;
extern const char* tunable_rsa_cert_file;
extern const char* tunable_dsa_cert_file;
extern const char* tunable_dh_param_file;
extern const char* tunable_ecdh_param_file;
extern const char* tunable_ssl_ciphers;
extern const char* tunable_rsa_private_key_file;
extern const char* tunable_dsa_private_key_file;
extern const char* tunable_ca_certs_file;
extern const char* tunable_cmds_denied;
#endif /* VSF_TUNABLES_H */