Package: pure-ftpd-common Version: 1.0.35-1 Severity: important Tags: upstream
After the 1.0.35 upgrade, my pure-authd isn't working any more. I have a fairly simple shell script that does some IP checking which runs before the other authentication modes. It outputs "auth_ok:0\nend\n" on success, and "auth_ok:-1\nend\n" on failure. It started denying all logins, and so in the process of debugging, I switched to the default authd script that simply outputs "auth_ok:1\n..." if the username is john. I replaced the uid/gid lines with valid uids in case that mattered. I think the following trace explains the problem clearly enough. If I am reading the strace correctly, the problem is with the safe_read/safe_write changes that were introduced between 1.0.32 and 1.0.35. You can see that the authd returned auth_ok:1, but for some reason, either didn't continue outputting the rest of the following echo lines, or else the ftp-server closed the socket and stopped reading. ==> /var/log/pure-ftpd/activity.log <== Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [INFO] New connection from 204.16.245.99 Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220-You are user number 1 of 50 allowed. Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220-Local time is now 18:42. Server port: 21. Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220-This is a private system - No anonymous login Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220 You will be disconnected after 15 minutes of inactivity. Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] Command [syst] [] Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 215 UNIX Type: L8 Dec 21 18:42:30 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] Command [user] [john] Dec 21 18:42:30 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 331 User john OK. Password required Dec 21 18:42:30 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] Command [pass] [<*>] ==> strace output of pure-authd <== 0, NULL) = 4 fcntl(4, F_SETFD, FD_CLOEXEC) = 0 read(4, "account:john\npassword:asd\nlocalh"..., 4095) = 99 pipe([5, 6]) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f7974f419f0) = 4909 close(6) = 0 read(5, "auth_ok:1\n", 4095) = 10 write(4, "auth_ok:1\n", 10) = 10 --- SIGCHLD (Child exited) @ 0 (0) --- wait4(4909, NULL, 0, NULL) = 4909 close(5) = 0 close(4) = 0 accept(3, ==> /var/log/pure-ftpd/activity.log <== Dec 21 18:42:36 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 530 Login authentication failed Dec 21 18:42:36 tangelo pure-ftpd: (?@204.16.245.99) [WARNING] Authentication failed for user [john] Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pure-ftpd-common depends on: ii debconf [debconf-2.0] 1.5.41 ii libpam-modules 1.1.3-6 ii perl-modules 5.14.2-6 Versions of packages pure-ftpd-common recommends: ii pure-ftpd-postgresql [pure-ftpd] 1.0.35-1 pure-ftpd-common suggests no packages. -- Configuration Files: /etc/default/pure-ftpd-common changed [not included] /etc/ftpallow changed [not included] /etc/logrotate.d/pure-ftpd-common changed [not included] /etc/pam.d/pure-ftpd changed [not included] /etc/pure-ftpd/conf/PureDB [Errno 2] No such file or directory: u'/etc/pure-ftpd/conf/PureDB' -- debconf information: pure-ftpd/ftpwho-setuid: false pure-ftpd/saved-inetd-config: pure-ftpd/standalone-or-inetd: standalone pure-ftpd/virtualchroot: false pure-ftpd/minuid: pure-ftpd/config-obsolete-note: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org