From owner-freebsd-bugs Sat Aug 18 11: 0:29 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E4A0837B40D for ; Sat, 18 Aug 2001 11:00:14 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f7II0Eo06984; Sat, 18 Aug 2001 11:00:14 -0700 (PDT) (envelope-from gnats) Received: from mailout02.sul.t-online.de (mailout02.sul.t-online.com [194.25.134.17]) by hub.freebsd.org (Postfix) with ESMTP id 3C77D37B411 for ; Sat, 18 Aug 2001 10:52:47 -0700 (PDT) (envelope-from stolz@i2.informatik.rwth-aachen.de) Received: from fwd03.sul.t-online.de by mailout02.sul.t-online.de with smtp id 15YAH7-0004eq-07; Sat, 18 Aug 2001 19:52:45 +0200 Received: from theater.dyndns.org (320068889749-0001@[217.82.196.183]) by fmrl03.sul.t-online.com with esmtp id 15YAH6-1jAwqWC; Sat, 18 Aug 2001 19:52:44 +0200 Received: from monster.ikea.net (monster.ikea.net [192.168.2.3]) by theater.dyndns.org (8.11.4/8.11.3) with ESMTP id f7IHrKh25824 for ; Sat, 18 Aug 2001 19:53:20 +0200 (CEST) (envelope-from stolz@i2.informatik.rwth-aachen.de) Received: (from vs@localhost) by monster.ikea.net (8.11.5/8.11.1) id f7IHqh659222; Sat, 18 Aug 2001 19:52:44 +0200 (CEST) (envelope-from vs) Message-Id: <200108181752.f7IHqh659222@monster.ikea.net> Date: Sat, 18 Aug 2001 19:52:44 +0200 (CEST) From: Volker Stolz To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/29850: ftpd.c doesn´t check via PAM/pam_acct_mgmt Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29850 >Category: bin >Synopsis: ftpd.c doesn´t check via PAM/pam_acct_mgmt >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 18 11:00:14 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Volker Stolz >Release: FreeBSD 4.4-PRERELEASE i386 >Organization: Lehrstuhl für Informatik II >Environment: System: FreeBSD monster.ikea.net 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #27: Sun Aug 12 16:42:41 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386 >Description: ftpd doesn´t check if the account is valid using the PAM account management provided by pam_acct_mgmt. Although expired accounts will be detected (cf. PR bin/20952), other PAM modules have other reasons for denying access. >How-To-Repeat: N/A, due to lack of modules apart from pam_unix to test with. >Fix: --- ftpd.c.orig Sat Aug 18 19:29:07 2001 +++ ftpd.c Sat Aug 18 19:24:49 2001 @@ -1157,6 +1157,12 @@ syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e)); rval = 0; + + /* Check if account is expired etc. */ + + if ((e = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) + rval = 1; + break; case PAM_AUTH_ERR: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message