Upgrading from 1.3.1_rc2-r1 to -r2 breaks authentication with mod_ldap.c if the "pam" use flag is enabled. After upgrading to -r2, proftpd logins for users in LDAP fail with "Incorrect password." After either downgrading to -r1 or merging with USE="-pam", LDAP users can authenticate again. Portage 2.1.2.7 (hardened/x86/2.6, gcc-3.4.6, glibc-2.5-r3, 2.6.20-hardened-r2 i686) ================================================================= System uname: 2.6.20-hardened-r2 i686 Pentium III (Katmai) Gentoo Base System release 1.12.9 Timestamp of tree: Mon, 11 Jun 2007 16:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r7 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.20-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -fforce-addr -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/fax /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=pentium3 -O2 -fforce-addr -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp.public.fix.fi/gentoo/ http://mirrors.ludost.net/gentoo/ ftp://213.186.33.38/gentoo-distfiles/" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="acl apache2 async bcmath berkdb bzip2 caps cgi cli crypt ctype cups discard-path dovecot-sasl expat fam fastbuild fax faxonly flatfile foomaticdb force-cgi-redirect ftp gd glibc-omitfp gnustep hardened horde iconv imap iodbc iproute2 jbig jpeg jpeg2k jpgraph largeterminal ldap ldapsam libg++ libwww logrotate mhash midi ncurses nls noauthunix nptl odbc pam passfile pcre pdo perl pg-vacuumdelay php pic png posix postgres ppds python quotas readline samba session sieve simplexml soap sockets spell spl sse ssl suhosin swat syslog tcpd tiff tokenizer truetype unicode urandom vhosts x86 xml xorg xsl zip zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Shrug; report this upstream please. Getting tired of their screw-ups on a security patch; the patch in -r1 has broken pam, now they've broken ldap. http://bugs.proftpd.org/
I've used pam authentification upto now - all worked in r1 and r2 (without ldap). Tried mod_auth_file today and it won't work in r2 but works in r1. Keeps saying: [proftpd] - USER xxx (Login failed): Incorrect password._ It could be related to this one.
Created attachment 121844 [details] proftpd-1.3.1_rc2-bug181712.patch Patch from upstream: http://bugs.proftpd.org/attachment.cgi?id=2643
Created attachment 121846 [details] proposed ebuild
*** Bug 181893 has been marked as a duplicate of this bug. ***
I've used your proftpd-1.3.1_rc2-bug181712.patch (and ebuild-r3) and things are working ok in pam auth and also mod_auth_file. Thanks,
*** Bug 182039 has been marked as a duplicate of this bug. ***
*** Bug 183141 has been marked as a duplicate of this bug. ***
this bug affects an security bug maintainers - please advice
As far as my local setup is concerned, this also affects the module mod_sql_mysql.c. Reverting back to -r1 fixed the issue.
Fixed in -r3, thanks for the help. Best regards, CHTEKK.
