On Thu, Sep 29, 2005 at 06:37:07PM -0700, Max Alekseyev wrote: > >>I have 'debug' and 'dump' options for pam_userdb.so in /etc/pam.d/vsftpd, > >>but I didn't notice any difference in auth.log besides that > >>version 0.79 does not grant access as 0.76 does: > > > >>Sep 29 15:29:20 quark pam_userdb[7435]: user 'guest' granted acces > >>(please also note a spelling error in the word "access")
> >Or do you mean you get this message > >in your logs with 0.76, and no log messages from pam_userdb with 0.79? > That's it! No such message with 0.79, but no any error either, just silence. > >>I've tried to change vsftpd_login.db database format to db4.2 but that > >>didn't help. > >>So I was forced to degrade libpam-modules back to 0.76 and vsftpd works > >>fine again. > >Can you tell me whether downgrading to 0.79-1 also works? > No. Version 0.79-1 is suffering the same bug. Ok. I've found one problem already which should be fixed; it may be causing the problem you're experiencing, although I would have thought you would notice the resulting segfaults it causes... Anyway, could you try rebuilding the PAM package with the attached patch, and let me know whether it fixes your problem? Can you also forward your full PAM config to the BTS? Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Index: Linux-PAM/modules/pam_userdb/pam_userdb.c
===================================================================
--- Linux-PAM/modules/pam_userdb/pam_userdb.c (revision 363)
+++ Linux-PAM/modules/pam_userdb/pam_userdb.c (working copy)
@@ -83,7 +83,7 @@
ctrl |= PAM_KEY_ONLY_ARG;
else if (!strncasecmp(*argv,"db=", 3))
{
- *database = strdup((*argv) + 3);
+ *database = (*argv) + 3;
if ((*database == NULL) || (strlen (*database) == 0))
_pam_log(LOG_ERR,
"pam_parse: could not parse argument \"%s\"",
@@ -91,7 +91,7 @@
}
else if (!strncasecmp(*argv,"crypt=", 6))
{
- *cryptmode = strdup((*argv) + 6);
+ *cryptmode = (*argv) + 6;
if ((*cryptmode == NULL) || (strlen (*cryptmode) == 0))
_pam_log(LOG_ERR,
"pam_parse: could not parse argument \"%s\"",
@@ -174,7 +174,7 @@
return 0; /* found it, data contents don't matter */
}
- if (strncasecmp(cryptmode, "crypt", 5) == 0) {
+ if (cryptmode && !strncasecmp(cryptmode, "crypt", 5)) {
/* crypt(3) password storage */
@@ -208,15 +208,15 @@
* default to plaintext password storage
*/
- if (strlen(pass) != data.dsize) {
- compare = 1; /* wrong password len -> wrong password */
- } else if (ctrl & PAM_ICASE_ARG) {
+ if (strlen(pass) != data.dsize) {
+ compare = 1; /* wrong password len -> wrong password */
+ } else if (ctrl & PAM_ICASE_ARG) {
compare = strncasecmp(data.dptr, pass, data.dsize);
- } else {
+ } else {
compare = strncmp(data.dptr, pass, data.dsize);
- }
+ }
- if (strncasecmp(cryptmode, "none", 4) && ctrl & PAM_DEBUG_ARG) {
+ if (cryptmode && strncasecmp(cryptmode, "none", 4) && ctrl &
PAM_DEBUG_ARG) {
_pam_log(LOG_INFO, "invalid value for crypt parameter: %s",
cryptmode);
_pam_log(LOG_INFO, "defaulting to plaintext password mode");
signature.asc
Description: Digital signature
