From stolz@i2.informatik.rwth-aachen.de  Sat Aug 18 10:52:47 2001
Return-Path: <stolz@i2.informatik.rwth-aachen.de>
Received: from mailout02.sul.t-online.de (mailout02.sul.t-online.com [194.25.134.17])
	by hub.freebsd.org (Postfix) with ESMTP id 3C77D37B411
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Aug 2001 10:52:47 -0700 (PDT)
	(envelope-from stolz@i2.informatik.rwth-aachen.de)
Received: from fwd03.sul.t-online.de 
	by mailout02.sul.t-online.de with smtp 
	id 15YAH7-0004eq-07; Sat, 18 Aug 2001 19:52:45 +0200
Received: from theater.dyndns.org (320068889749-0001@[217.82.196.183]) by fmrl03.sul.t-online.com
	with esmtp id 15YAH6-1jAwqWC; Sat, 18 Aug 2001 19:52:44 +0200
Received: from monster.ikea.net (monster.ikea.net [192.168.2.3])
	by theater.dyndns.org (8.11.4/8.11.3) with ESMTP id f7IHrKh25824
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Aug 2001 19:53:20 +0200 (CEST)
	(envelope-from stolz@i2.informatik.rwth-aachen.de)
Received: (from vs@localhost)
	by monster.ikea.net (8.11.5/8.11.1) id f7IHqh659222;
	Sat, 18 Aug 2001 19:52:44 +0200 (CEST)
	(envelope-from vs)
Message-Id: <200108181752.f7IHqh659222@monster.ikea.net>
Date: Sat, 18 Aug 2001 19:52:44 +0200 (CEST)
From: Volker Stolz <vs@foldr.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ftpd.c doesn't check via PAM/pam_acct_mgmt
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         29850
>Category:       bin
>Synopsis:       ftpd.c doesn't check via PAM/pam_acct_mgmt
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    markm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 18 11:00:14 PDT 2001
>Closed-Date:    Sat Oct 30 15:30:28 GMT 2004
>Last-Modified:  Sat Oct 30 15:30:28 GMT 2004
>Originator:     Volker Stolz
>Release:        FreeBSD 4.4-PRERELEASE i386
>Organization:
Lehrstuhl fr Informatik II
>Environment:
System: FreeBSD monster.ikea.net 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #27: Sun Aug 12 16:42:41 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386


>Description:
ftpd doesnt check if the account is valid using the PAM account management
provided by pam_acct_mgmt. Although expired accounts will be detected
(cf. PR bin/20952), other PAM modules have other reasons for denying
access.

>How-To-Repeat:
N/A, due to lack of modules apart from pam_unix to test with.
>Fix:
--- ftpd.c.orig	Sat Aug 18 19:29:07 2001
+++ ftpd.c	Sat Aug 18 19:24:49 2001
@@ -1157,6 +1157,12 @@
 			syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
 			    pam_strerror(pamh, e));
 		rval = 0;
+
+		/* Check if account is expired etc. */
+
+		if ((e = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS)
+			rval = 1;
+
 		break;
 
 	case PAM_AUTH_ERR:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->markm 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Sat Aug 18 12:08:13 PDT 2001 
Responsible-Changed-Why:  
Mark is working on PAM. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29850 
State-Changed-From-To: open->feedback 
State-Changed-By: markm 
State-Changed-When: Mon Aug 27 03:55:27 PDT 2001 
State-Changed-Why:  
Fixed in CURRENT ftpd.c 1.75. Please confirm that this works for you and I'll merge it into STABLE. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29850 

From: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
To: freebsd-gnats-submit@FreeBSD.org, markm@FreeBSD.org
Cc:  
Subject: Re: bin/29850: ftpd.c doesn't check via PAM/pam_acct_mgmt
Date: Tue, 18 Dec 2001 17:10:56 +0100

 I didn't notice that this one was still around.
 Please MFC, it works!
 -- 
 Wonderful \hbox (0.80312pt too nice) in paragraph at lines 16--18
 Volker Stolz * stolz@i2.informatik.rwth-aachen.de
 Please use PGP or S/MIME for correspondence!
State-Changed-From-To: feedback->closed 
State-Changed-By: yar 
State-Changed-When: Sat Oct 30 15:28:10 GMT 2004 
State-Changed-Why:  
A fix was introduced to STABLE by des@ in rev. 1.62.2.52 of ftpd.c. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=29850 
>Unformatted:
