Tags: patch
Okay... now everybody say "try and use your own patches before
uploading, stupid!"
THIS patch compiles, and fixes the issue (I just verified on an etch
system).
diff -r -u ../unpatched/include/auth.h ./include/auth.h
--- ../unpatched/include/auth.h 2005-06-10 19:21:10.000000000 +0200
+++ ./include/auth.h 2008-05-13 15:09:48.755758112 +0200
@@ -1,6 +1,6 @@
/*
* ProFTPD - FTP server daemon
- * Copyright (c) 2004-2005 The ProFTPD Project team
+ * Copyright (c) 2004-2007 The ProFTPD Project team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -86,6 +86,7 @@
config_rec *pr_auth_get_anon_config(pool *p, char **, char **, char **);
/* For internal use only. */
+int init_auth(void);
int set_groups(pool *, gid_t, array_header *);
#endif /* PR_MODULES_H */
diff -r -u ../unpatched/modules/mod_core.c ./modules/mod_core.c
--- ../unpatched/modules/mod_core.c 2006-02-21 07:55:38.000000000 +0100
+++ ./modules/mod_core.c 2008-05-13 15:09:48.755758112 +0200
@@ -4344,6 +4344,8 @@
config_rec *c = NULL;
unsigned int *debug_level = NULL;
+ init_auth();
+
/* Check for a server-specific TimeoutIdle. */
c = find_config(main_server->conf, CONF_PARAM, "TimeoutIdle", FALSE);
if (c != NULL)
Only in ./modules: mod_core.c.orig
diff -r -u ../unpatched/src/auth.c ./src/auth.c
--- ../unpatched/src/auth.c 2005-06-14 20:11:12.000000000 +0200
+++ ./src/auth.c 2008-05-13 15:49:35.882146455 +0200
@@ -30,6 +30,10 @@
#include "conf.h"
+static pool *auth_pool = NULL;
+static pr_table_t *auth_tab = NULL;
+static const char *trace_channel = "auth";
+
/* The difference between this function, and pr_cmd_alloc(), is that this
* allocates the cmd_rec directly from the given pool, whereas pr_cmd_alloc()
* will allocate a subpool from the given pool, and allocate its cmd_rec
@@ -63,7 +67,7 @@
return c;
}
-static modret_t *dispatch_auth(cmd_rec *cmd, char *match) {
+static modret_t *dispatch_auth(cmd_rec *cmd, char *match, module **m) {
authtable *authtab = NULL;
modret_t *mr = NULL;
@@ -71,6 +75,10 @@
&cmd->stash_index);
while (authtab) {
+ if (m && *m && *m != authtab->m) {
+ goto next;
+ }
+
pr_log_debug(DEBUG6, "dispatching auth request \"%s\" to module mod_%s",
match, authtab->m->name);
@@ -81,8 +89,18 @@
if (MODRET_ISHANDLED(mr) ||
- MODRET_ISERROR(mr))
+ MODRET_ISERROR(mr)) {
+
+ /* Return a pointer, if requested, to the module which answered the
+ * auth request. This is used, for example, by auth_getpwnam() for
+ * associating the answering auth module with the data looked up.
+ */
+ if (m)
+ *m = authtab->m;
+
break;
+ }
+next:
authtab = pr_stash_get_symbol(PR_SYM_AUTH, match, authtab,
&cmd->stash_index);
}
@@ -95,7 +114,7 @@
modret_t *mr = NULL;
cmd = make_cmd(p, 0);
- mr = dispatch_auth(cmd, "setpwent");
+ mr = dispatch_auth(cmd, "setpwent", NULL);
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
@@ -110,13 +129,20 @@
modret_t *mr = NULL;
cmd = make_cmd(p, 0);
- mr = dispatch_auth(cmd, "endpwent");
+ mr = dispatch_auth(cmd, "endpwent", NULL);
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
cmd->tmp_pool = NULL;
}
+ if (auth_tab) {
+ pr_log_debug(DEBUG5, "emptying authcache");
+ (void) pr_table_empty(auth_tab);
+ (void) pr_table_free(auth_tab);
+ auth_tab = NULL;
+ }
+
return;
}
@@ -125,7 +151,7 @@
modret_t *mr = NULL;
cmd = make_cmd(p, 0);
- mr = dispatch_auth(cmd, "setgrent");
+ mr = dispatch_auth(cmd, "setgrent", NULL);
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
@@ -140,7 +166,7 @@
modret_t *mr = NULL;
cmd = make_cmd(p, 0);
- mr = dispatch_auth(cmd, "endgrent");
+ mr = dispatch_auth(cmd, "endgrent", NULL);
if (cmd->tmp_pool) {
destroy_pool(cmd->tmp_pool);
@@ -156,7 +182,7 @@
struct passwd *res = NULL;
cmd = make_cmd(p, 0);
- mr = dispatch_auth(cmd, "getpwent");
+ mr = dispatch_auth(cmd, "getpwent", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
res = mr->data;
@@ -190,7 +216,7 @@
struct group *res = NULL;
cmd = make_cmd(p, 0);
- mr = dispatch_auth(cmd, "getgrent");
+ mr = dispatch_auth(cmd, "getgrent", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
res = mr->data;
@@ -217,11 +243,13 @@
cmd_rec *cmd = NULL;
modret_t *mr = NULL;
struct passwd *res = NULL;
+ module *m = NULL;
cmd = make_cmd(p, 1, name);
- mr = dispatch_auth(cmd, "getpwnam");
+ mr = dispatch_auth(cmd, "getpwnam", &m);
- if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
+ if (MODRET_ISHANDLED(mr) &&
+ MODRET_HASDATA(mr))
res = mr->data;
if (cmd->tmp_pool) {
@@ -246,6 +274,46 @@
return NULL;
}
+ if (!auth_tab && auth_pool) {
+ auth_tab = pr_table_alloc(auth_pool, 0);
+ }
+
+ if (m && auth_tab) {
+ int count = 0;
+ void *value = NULL;
+
+ value = palloc(auth_pool, sizeof(module *));
+ *((module **) value) = m;
+
+ count = pr_table_exists(auth_tab, name);
+ if (count <= 0) {
+ if (pr_table_add(auth_tab, pstrdup(auth_pool, name), value,
+ sizeof(module *)) < 0) {
+ pr_log_debug(DEBUG3,
+ "error adding module 'mod_%s.c' for user '%s' to the authcache: %s",
+ m->name, name, strerror(errno));
+
+ } else {
+ pr_log_debug(DEBUG5,
+ "stashed module 'mod_%s.c' for user '%s' in the authcache",
+ m->name, name);
+ }
+
+ } else {
+ if (pr_table_set(auth_tab, pstrdup(auth_pool, name), value,
+ sizeof(module *)) < 0) {
+ pr_log_debug(DEBUG3,
+ "error setting module 'mod_%s.c' for user '%s' in the authcache: %s",
+ m->name, name, strerror(errno));
+
+ } else {
+ pr_log_debug(DEBUG5,
+ "stashed module 'mod_%s.c' for user '%s' in the authcache",
+ m->name, name);
+ }
+ }
+ }
+
pr_log_debug(DEBUG10, "retrieved UID %lu for user '%s'",
(unsigned long) res->pw_uid, name);
return res;
@@ -257,7 +325,7 @@
struct passwd *res = NULL;
cmd = make_cmd(p, 1, (void *) &uid);
- mr = dispatch_auth(cmd, "getpwuid");
+ mr = dispatch_auth(cmd, "getpwuid", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
res = mr->data;
@@ -295,7 +363,7 @@
struct group *res = NULL;
cmd = make_cmd(p, 1, name);
- mr = dispatch_auth(cmd, "getgrnam");
+ mr = dispatch_auth(cmd, "getgrnam", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
res = mr->data;
@@ -328,7 +396,7 @@
struct group *res = NULL;
cmd = make_cmd(p, 1, (void *) &gid);
- mr = dispatch_auth(cmd, "getgrgid");
+ mr = dispatch_auth(cmd, "getgrgid", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr))
res = mr->data;
@@ -358,10 +426,51 @@
int pr_auth_authenticate(pool *p, const char *name, const char *pw) {
cmd_rec *cmd = NULL;
modret_t *mr = NULL;
+ module *m = NULL;
int res = PR_AUTH_NOPWD;
cmd = make_cmd(p, 2, name, pw);
- mr = dispatch_auth(cmd, "auth");
+
+ /* First, check for the mod_auth_pam.c module.
+ *
+ * PAM is a bit of hack in this Auth API, because PAM only provides
+ * yes/no checks, and is not a source of user information.
+ */
+ m = pr_module_get("mod_auth_pam.c");
+ if (m) {
+ mr = dispatch_auth(cmd, "auth", &m);
+
+ if (MODRET_ISHANDLED(mr)) {
+ pr_log_debug(DEBUG4,
+ "module 'mod_auth_pam.c' used for authenticating user '%s'", name);
+
+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+ cmd->tmp_pool = NULL;
+ }
+
+ return res;
+ }
+
+ m = NULL;
+ }
+
+ if (auth_tab) {
+
+ /* Fetch the specific module to be used for authenticating this user. */
+ void *v = pr_table_get(auth_tab, name, NULL);
+ if (v) {
+ m = *((module **) v);
+
+ pr_log_debug(DEBUG4,
+ "using module 'mod_%s.c' from authcache to authenticate user '%s'",
+ m->name, name);
+ }
+ }
+
+ mr = dispatch_auth(cmd, "auth", m ? &m : NULL);
if (MODRET_ISHANDLED(mr))
res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
@@ -380,10 +489,51 @@
int pr_auth_check(pool *p, const char *cpw, const char *name, const char *pw) {
cmd_rec *cmd = NULL;
modret_t *mr = NULL;
+ module *m = NULL;
int res = PR_AUTH_BADPWD;
cmd = make_cmd(p, 3, cpw, name, pw);
- mr = dispatch_auth(cmd, "check");
+
+ /* First, check for the mod_auth_pam.c module.
+ *
+ * PAM is a bit of hack in this Auth API, because PAM only provides
+ * yes/no checks, and is not a source of user information.
+ */
+ m = pr_module_get("mod_auth_pam.c");
+ if (m) {
+ mr = dispatch_auth(cmd, "check", &m);
+
+ if (MODRET_ISHANDLED(mr)) {
+ pr_log_debug(DEBUG4,
+ "module 'mod_auth_pam.c' used for authenticating user '%s'", name);
+
+ res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
+
+ if (cmd->tmp_pool) {
+ destroy_pool(cmd->tmp_pool);
+ cmd->tmp_pool = NULL;
+ }
+
+ return res;
+ }
+
+ m = NULL;
+ }
+
+ if (auth_tab) {
+
+ /* Fetch the specific module to be used for authenticating this user. */
+ void *v = pr_table_get(auth_tab, name, NULL);
+ if (v) {
+ m = *((module **) v);
+
+ pr_log_debug(DEBUG4,
+ "using module 'mod_%s.c' from authcache to authenticate user '%s'",
+ m->name, name);
+ }
+ }
+
+ mr = dispatch_auth(cmd, "check", m ? &m : NULL);
if (MODRET_ISHANDLED(mr))
res = MODRET_HASDATA(mr) ? PR_AUTH_RFC2228_OK : PR_AUTH_OK;
@@ -402,7 +552,7 @@
int res = TRUE;
cmd = make_cmd(p, 1, name);
- mr = dispatch_auth(cmd, "requires_pass");
+ mr = dispatch_auth(cmd, "requires_pass", NULL);
if (MODRET_ISHANDLED(mr))
res = FALSE;
@@ -427,7 +577,7 @@
memset(namebuf, '\0', sizeof(namebuf));
cmd = make_cmd(p, 1, (void *) &uid);
- mr = dispatch_auth(cmd, "uid2name");
+ mr = dispatch_auth(cmd, "uid2name", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
res = mr->data;
@@ -452,7 +602,7 @@
memset(namebuf, '\0', sizeof(namebuf));
cmd = make_cmd(p, 1, (void *) &gid);
- mr = dispatch_auth(cmd, "gid2name");
+ mr = dispatch_auth(cmd, "gid2name", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
res = mr->data;
@@ -474,7 +624,7 @@
uid_t res = (uid_t) -1;
cmd = make_cmd(p, 1, name);
- mr = dispatch_auth(cmd, "name2uid");
+ mr = dispatch_auth(cmd, "name2uid", NULL);
if (MODRET_ISHANDLED(mr))
res = *((uid_t *) mr->data);
@@ -495,7 +645,7 @@
gid_t res = (gid_t) -1;
cmd = make_cmd(p, 1, name);
- mr = dispatch_auth(cmd, "name2gid");
+ mr = dispatch_auth(cmd, "name2gid", NULL);
if (MODRET_ISHANDLED(mr))
res = *((gid_t *) mr->data);
@@ -527,7 +677,7 @@
cmd = make_cmd(p, 3, name, group_ids ? *group_ids : NULL,
group_names ? *group_names : NULL);
- mr = dispatch_auth(cmd, "getgroups");
+ mr = dispatch_auth(cmd, "getgroups", NULL);
if (MODRET_ISHANDLED(mr) && MODRET_HASDATA(mr)) {
res = *((int *) mr->data);
@@ -821,3 +971,10 @@
return res;
}
+/* Internal use only. To be called in the session process. */
+int init_auth(void) {
+ auth_pool = make_sub_pool(permanent_pool);
+ pr_pool_tag(auth_pool, "Auth API");
+
+ return 0;
+}
