Date: Sat, 18 Aug 2001 19:52:44 +0200 (CEST) From: Volker Stolz <vs@foldr.org> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/29850: ftpd.c doesn´t check via PAM/pam_acct_mgmt Message-ID: <200108181752.f7IHqh659222@monster.ikea.net>
next in thread | raw e-mail | index | archive | help
>Number: 29850 >Category: bin >Synopsis: ftpd.c doesn´t check via PAM/pam_acct_mgmt >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 18 11:00:14 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Volker Stolz >Release: FreeBSD 4.4-PRERELEASE i386 >Organization: Lehrstuhl für Informatik II >Environment: System: FreeBSD monster.ikea.net 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #27: Sun Aug 12 16:42:41 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386 >Description: ftpd doesn´t check if the account is valid using the PAM account management provided by pam_acct_mgmt. Although expired accounts will be detected (cf. PR bin/20952), other PAM modules have other reasons for denying access. >How-To-Repeat: N/A, due to lack of modules apart from pam_unix to test with. >Fix: --- ftpd.c.orig Sat Aug 18 19:29:07 2001 +++ ftpd.c Sat Aug 18 19:24:49 2001 @@ -1157,6 +1157,12 @@ syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e)); rval = 0; + + /* Check if account is expired etc. */ + + if ((e = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) + rval = 1; + break; case PAM_AUTH_ERR: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108181752.f7IHqh659222>