proftpd 1.3.5a-1build1 with SQLAuthTypes other than plaintext doesn't recognize passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
proftpd-dfsg (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
On Ubuntu server 16.04.1 AMD64, i can't login on proftpd since no plaintext passwords aren't recognized anymore.
I'm usually running Backend SQLAuthTypes.
Version information :
~# proftpd -V
Compile-time Settings:
Version: 1.3.5a (maint)
Platform: LINUX [Linux 4.4.0-38-generic x86_64]
Built: Tue Apr 5 2016 13:36:50 UTC
Built With:
configure 'CFLAGS=-g -O2 -fstack-
CFLAGS: -g -O2 -fstack-
LDFLAGS: -L$(top_srcdir)/lib -Wl,-Bsymbolic-
LIBS: -lpcreposix -lpcre -lssl -lcrypto -lcap -lmemcached -lmemcachedutil -lpam -lsupp -lcrypt -ldl
Files:
Configuration File:
/
Pid File:
/
Scoreboard File:
/
Header Directory:
/
Shared Module Directory:
/
Features:
+ Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
+ Lastlog support
+ Memcache support
+ ncurses support
+ NLS support
+ OpenSSL support
+ PCRE support
+ POSIX ACL support
+ Shadow file support
+ Sendfile support
+ Trace support
Tunable Options:
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
PR_
Logs from running proftpd -nd10 :
2016-10-02 15:49:21,579 ftp proftpd[11000] : retrieved UID 33 for user 'test'
2016-10-02 15:49:21,579 ftp proftpd[11000] : no supplemental groups found for user 'test'
2016-10-02 15:49:21,580 ftp proftpd[11000] : USER test (Login failed): No such user found
2016-10-02 15:49:21,580 ftp proftpd[11000] : dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_sql
2016-10-02 15:49:21,580 ftp proftpd[11000] : dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_vroot
2016-10-02 15:49:21,580 ftp proftpd[11000] : dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_wrap2
2016-10-02 15:49:21,580 ftp proftpd[11000] : dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
2016-10-02 15:49:21,583 ftp proftpd[11000] : dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_sql
2016-10-02 15:49:21,583 ftp proftpd[11000] : dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
2016-10-02 15:49:21,584 ftp proftpd[11000] : dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
2016-10-02 15:49:21,597 ftp proftpd[11000] : mod_tls/2.6: scrubbing 1 passphrase from memory
Log from sql module :
2016-10-02 15:35:24,628 mod_sql/4.3[10669]: query "SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (userid='test') AND (((LoginAllowed = 'true'))) LIMIT 1"
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: entering mysql cmd_close
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: connection 'default' count is now 1
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: exiting mysql cmd_close
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: exiting mysql cmd_select
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: cache miss for user 'test'
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: user 'test' cached
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: + pwd.pw_name : test
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: + pwd.pw_uid : 33
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: + pwd.pw_gid : 33
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: + pwd.pw_dir : /var/www
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: + pwd.pw_shell : /bin/false
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: <<< cmd_getpwnam
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: >>> cmd_getgrgid
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: cache miss for GID '33'
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: entering mysql cmd_select
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: entering mysql cmd_open
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: connection 'default' count is now 2
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: exiting mysql cmd_open
2016-10-02 15:35:24,629 mod_sql/4.3[10669]: query "SELECT groupname FROM groups WHERE (gid = 33) LIMIT 1"
2016-10-02 15:35:24,630 mod_sql/4.3[10669]: entering mysql cmd_close
2016-10-02 15:35:24,630 mod_sql/4.3[10669]: connection 'default' count is now 1
2016-10-02 15:35:24,630 mod_sql/4.3[10669]: exiting mysql cmd_close
2016-10-02 15:35:24,630 mod_sql/4.3[10669]: exiting mysql cmd_select
2016-10-02 15:35:24,630 mod_sql/4.3[10669]: <<< cmd_getgrgid
2016-10-02 15:35:24,630 mod_sql/4.3[10669]: >>> cmd_getgroups
...
2016-10-02 15:38:20,605 mod_sql/4.3[10728]: query "SELECT groupname, gid, members FROM groups WHERE (members = 'test' OR members LIKE 'test,%' OR members LIKE '%,test' OR members LIKE '%,test,%')"
2016-10-02 15:38:20,605 mod_sql/4.3[10728]: entering mysql cmd_close
2016-10-02 15:38:20,605 mod_sql/4.3[10728]: connection 'default' count is now 1
2016-10-02 15:38:20,605 mod_sql/4.3[10728]: exiting mysql cmd_close
2016-10-02 15:38:20,605 mod_sql/4.3[10728]: exiting mysql cmd_select
2016-10-02 15:38:20,605 mod_sql/4.3[10728]: <<< cmd_getgroups
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: >>> cmd_auth
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: entering mysql cmd_escapestring
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: entering mysql cmd_open
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: connection 'default' count is now 2
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: exiting mysql cmd_open
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: entering mysql cmd_close
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: connection 'default' count is now 1
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: exiting mysql cmd_close
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: exiting mysql cmd_escapestring
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: cache hit for user 'test'
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: >>> cmd_check
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: checking password using SQLAuthType 'Backend'
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: entering mysql cmd_checkauth
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: password mismatch
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: exiting mysql cmd_checkauth
2016-10-02 15:38:20,606 mod_sql/4.3[10728]: 'Backend' SQLAuthType handler reports failure
proftpd.conf :
Include /etc/proftpd/
DefaultAddress 178.33.254.58
SocketBindTight on
UseIPv6 on
IdentLookups off
ServerName "ftp"
ServerIdent off
ServerType standalone
DeferWelcome on
MultilineRFC2228 on
#DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
ListOptions "-l"
DenyFilter \*.*/
DefaultRoot ~
RequireValidShell off
Port 21
AllowForeignAddress on
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/
SystemLog /var/log/
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/
ControlsInterval 5
ControlsSocket /var/run/
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
Include /etc/proftpd/
Include /etc/proftpd/
* sql.conf
<IfModule mod_sql.c>
SQLBackend mysql
SQLEngine on
SQLAuthenticate on
SQLAuthTypes Backend
SQLConnectInfo proftpd@localhost proftpd XXXXXXXXXXXXX
SQLUserInfo users userid passwd uid gid homedir shell
SQLUserWhereClause "LoginAllowed = 'true'"
SQLGroupInfo groups groupname gid members
SQLAuthenticate users* groups*
SQLLogFile /var/log/
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" users
SQLMinID 33
SQLMinUserGID 33
SQLMinUserUID 33
SQLDefaultUID 33
SQLDefaultGID 33
<IfModule mod_auth_pam.c>
AuthPAM off
</IfModule>
</IfModule>
If i change SQLAuthTypes to PlainText and set plaintext password in users table, it works.
I tried with sha-512 :
LoadModule mod_sql_passwd.c
SQLAuthTypes SHA512
Generated a password and put it to an user in my mysql database :
mkpasswd -m sha-512
Then, tried to connect :
2016-10-05 18:11:05,859 mod_sql/4.3[5030]: checking password using SQLAuthType 'sha512'
2016-10-05 18:11:05,859 mod_sql/4.3[5030]: 'sha512' SQLAuthType handler reports failure
Changed in proftpd (Ubuntu): | |
status: | New → Confirmed |
affects: | proftpd (Ubuntu) → proftpd-dfsg (Ubuntu) |
Anything new to this ... i have got the same problem!!