** Description changed: - Ubuntu 16.04 x64 and Ubuntu 16.04 x86 - VSFTPD Version: vsftpd_3.0.3-3ubuntu2.debian + artful libpam-mysql-0.8.0-1 - When trying to use a fixed version of libpam-mysql (the one's I patched - here: https://bugs.launchpad.net/ubuntu/+source/pam-mysql/+bug/1574900) - with VSFTPD, authentication passes (no failed status in the - /var/log/auth.log file meaning libpam-mysql is working), but then VSFTPD - fails to login for a virtual user and displays the following error: + pam_mysql, when crypt=2 is set in its configuration, it expects the + password to be hashed according to the server-side PASSWORD() SQL + function. From its README: - Looking up localhost - Trying localhost:21 - Connected to localhost:21 - 220 Welcome to vsFTPd Server - USER test + 2 (or "mysql") = Use MySQL PASSWORD() function. It is possible that the + encryption function used by PAM-MySQL is different from that of the + MySQL server, as PAM-MySQL uses the function defined in MySQL's C-client + API instead of using PASSWORD() SQL function in the query. - 331 Please specify the password. - PASS xxxx - *** stack smashing detected ***: /usr/sbin/vsftpd terminated - 500 OOPS: priv_sock_get_result - Disconnecting from site localhost + pam_mysql is indeed using an incorrect hash function: it's using + my_make_scrambled_password() as a replacement for + make_scrambled_password() to locally hash the given password and compare + it with what is stored in the database: - Here is my vsftpd.conf: + char buf[42]; + my_make_scrambled_password(buf, passwd, strlen(passwd)); + vresult = strcmp(row[0], buf); - listen=YES - anonymous_enable=NO - local_enable=YES - write_enable=YES - local_umask=0002 - file_open_mode=0775 - dirmessage_enable=YES - xferlog_enable=YES - connect_from_port_20=YES - nopriv_user=ftp - chroot_local_user=YES - secure_chroot_dir=/var/run/vsftpd - pam_service_name=vsftpd - rsa_cert_file=/etc/ssl/certs/vsftpd.pem - guest_enable=YES - guest_username=ftp - local_root=/var/www/vhosts/$USER - user_sub_token=$USER - virtual_use_local_privs=YES - user_config_dir=/etc/vsftpd_user_conf - local_max_rate=2000000 # bytes per sec, 2Mbytes per sec - max_clients=50 # to avoid DOS attack, if you have a huge server, increase this.. - ftpd_banner=Welcome to vsFTPd Server - allow_writeable_chroot=YES - seccomp_sandbox=NO + row[0] is the result of the SQL query that fetches the user's password + hash - Contents of /etc/pam.d/vsftpd: + There are two problems with this: + a) my_make_scrambled_password() writes CRYPT_MAX_PASSWORD_SIZE bytes to buf, and that's way more than 42. From the mysql source code: + #define CRYPT_SALT_LENGTH 20 + #define CRYPT_MAGIC_LENGTH 3 + #define CRYPT_PARAM_LENGTH 13 + #define SHA256_HASH_LENGTH 43 + #define CRYPT_MAX_PASSWORD_SIZE (CRYPT_SALT_LENGTH + \ + SHA256_HASH_LENGTH + \ + CRYPT_MAGIC_LENGTH + \ + CRYPT_PARAM_LENGTH) - auth required pam_mysql.so user=ehcp passwd=MYPASSHERE host=localhost db=ehcp table=ftpaccounts usercolumn=ftpusername passwdcolumn=password crypt=2 - account required pam_mysql.so user=ehcp passwd=MYPASSHERE host=localhost db=ehcp table=ftpaccounts usercolumn=ftpusername passwdcolumn=password crypt=2 + 42 is the length of the hexified hash produced by + make_scrambled_password(), not my_make_scrambled_password(). - Not seeing anything in vsftpd's log that is helpful or in the syslog. + b) the output of my_make_scrambled_password() is not a hex string like + "*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19", but something like + "$5$9Ws#033Q.TZtI4^?X#026y@@{e2$OxTGgW3PiJUVZ/AChiJgAdIWQ2u2B8kA/hHZgqNj.y.". + So even if buf had the correct size, the comparison would never match + what's produced by PASSWORD() on the server side. As the documentation + admitted could happen. - Same exact setup works fine in Ubuntu 14.04 when applying this patch in - VSFTPD: - http://askubuntu.com/questions/126625/libgcc-s-so-1-must-be-installed- - for-pthread-cancel-to-work#answer-404523 + If my_make_scrambled_password() is not found in the system mysqlclient library, pam_mysql will reimplement it, and funnily enough this reimplementation actually mimicks the desired behavior of make_scrambled_password() and produces an hexified hash compatible with the server's PASSWORD() function and with the right length of 42 bytes. - The above patch should really be included in all versions of VSFTPD for - Ubuntu / Debian too. Here's hoping to smoother vsftpd package releases - in newer versions of Ubuntu. + So, if mysqlclient doesn't export my_make_scrambled_password(), + pam_mysql will work because it will use its own implementation. But in + the ubuntu case, my_make_scrambled_password() is exported and used, and + leads to this bug. - This list of VSFTPD fixes per Ubuntu release will need to grow for - Ubuntu 16.04: - - http://ehcpforce.tk/faq/index.php?sid=33661&lang=en&action=artikel&cat=1&id=3&artlang=en + To reproduce this problem, setup mysql, vsftpd and libpam-mysql on + artful as explained in bug #1574900.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1574911 Title: my_make_scrambled_password() is not a replacement for make_scrambled_password() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-mysql/+bug/1574911/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs