Package: pure-ftpd-common
Version: 1.0.35-1
Severity: important
Tags: upstream
After the 1.0.35 upgrade, my pure-authd isn't working any more. I have a
fairly simple shell script that does some IP checking which runs before the
other authentication modes. It outputs "auth_ok:0\nend\n" on success, and
"auth_ok:-1\nend\n" on failure.
It started denying all logins, and so in the process of debugging, I switched
to the default authd script that simply outputs "auth_ok:1\n..." if the
username is john. I replaced the uid/gid lines with valid uids in case that
mattered.
I think the following trace explains the problem clearly enough.
If I am reading the strace correctly, the problem is with the
safe_read/safe_write changes that were introduced between 1.0.32 and 1.0.35.
You can see that the authd returned auth_ok:1, but for some reason, either
didn't continue outputting the rest of the following echo lines, or else the
ftp-server closed the socket and stopped reading.
==> /var/log/pure-ftpd/activity.log <==
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [INFO] New connection from
204.16.245.99
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220----------
Welcome to Pure-FTPd [privsep] [TLS] ----------
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220-You are user
number 1 of 50 allowed.
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220-Local time is
now 18:42. Server port: 21.
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220-This is a
private system - No anonymous login
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 220 You will be
disconnected after 15 minutes of inactivity.
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] Command [syst] []
Dec 21 18:42:25 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 215 UNIX Type: L8
Dec 21 18:42:30 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] Command [user]
[john]
Dec 21 18:42:30 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 331 User john OK.
Password required
Dec 21 18:42:30 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] Command [pass]
[<*>]
==> strace output of pure-authd <==
0, NULL) = 4
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
read(4, "account:john\npassword:asd\nlocalh"..., 4095) = 99
pipe([5, 6]) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f7974f419f0) = 4909
close(6) = 0
read(5, "auth_ok:1\n", 4095) = 10
write(4, "auth_ok:1\n", 10) = 10
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(4909, NULL, 0, NULL) = 4909
close(5) = 0
close(4) = 0
accept(3,
==> /var/log/pure-ftpd/activity.log <==
Dec 21 18:42:36 tangelo pure-ftpd: (?@204.16.245.99) [DEBUG] 530 Login
authentication failed
Dec 21 18:42:36 tangelo pure-ftpd: (?@204.16.245.99) [WARNING] Authentication
failed for user [john]
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these lines ***
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pure-ftpd-common depends on:
ii debconf [debconf-2.0] 1.5.41
ii libpam-modules 1.1.3-6
ii perl-modules 5.14.2-6
Versions of packages pure-ftpd-common recommends:
ii pure-ftpd-postgresql [pure-ftpd] 1.0.35-1
pure-ftpd-common suggests no packages.
-- Configuration Files:
/etc/default/pure-ftpd-common changed [not included]
/etc/ftpallow changed [not included]
/etc/logrotate.d/pure-ftpd-common changed [not included]
/etc/pam.d/pure-ftpd changed [not included]
/etc/pure-ftpd/conf/PureDB [Errno 2] No such file or directory:
u'/etc/pure-ftpd/conf/PureDB'
-- debconf information:
pure-ftpd/ftpwho-setuid: false
pure-ftpd/saved-inetd-config:
pure-ftpd/standalone-or-inetd: standalone
pure-ftpd/virtualchroot: false
pure-ftpd/minuid:
pure-ftpd/config-obsolete-note:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
