# HG changeset patch # User tomas klacko - Sun Microsystems - Prague Czech Republic # Date 1322560830 28800 # Node ID 5502502b0840ac4ee096d34176d21a62fe65104b # Parent 5828c439789b0b5208701763600c8bca07822ffd 7103026 proftpd unable to authenticate user after first failed attempt diff -r 5828c439789b -r 5502502b0840 components/proftpd/mod_solaris_priv.c --- a/components/proftpd/mod_solaris_priv.c Thu Nov 17 08:23:20 2011 -0800 +++ b/components/proftpd/mod_solaris_priv.c Tue Nov 29 02:00:30 2011 -0800 @@ -228,69 +228,6 @@ return PR_DECLINED(cmd); } -/* The POST_CMD_ERR handler for "PASS" is only called after PASS has - * failed so we need only limited set of privs to complete cleanup and logging. - */ -MODRET solaris_priv_post_fail(cmd_rec *cmd) { - int res = 0; - priv_set_t *p, *i; - - if (!use_privs) - return PR_DECLINED(cmd); - - pr_signals_block(); - - /* The only privilege we need is PRIV_NET_PRIVADDR (bind - * ports < 1024). Everything else can be discarded. We set this - * in the permitted set only, as when we switch away from root - * we lose effective anyhow, and must reset it. - * - * We also remove the basic Solaris privileges we know we will - * never need. - */ - - i = priv_allocset(); - priv_basicset(i); - priv_delset(i, PRIV_PROC_EXEC); - priv_delset(i, PRIV_PROC_FORK); - priv_delset(i, PRIV_PROC_INFO); - priv_delset(i, PRIV_PROC_SESSION); - setppriv(PRIV_SET, PRIV_INHERITABLE, i); - - p = priv_allocset(); - priv_basicset(p); - - priv_addset(p, PRIV_NET_PRIVADDR); - priv_addset(p, PRIV_PROC_AUDIT); - - priv_delset(p, PRIV_PROC_EXEC); - priv_delset(p, PRIV_PROC_FORK); - priv_delset(p, PRIV_PROC_INFO); - priv_delset(p, PRIV_PROC_SESSION); - - res = setppriv(PRIV_SET, PRIV_PERMITTED, p); - res = setppriv(PRIV_SET, PRIV_EFFECTIVE, p); - - if (setreuid(session.uid, session.uid) == -1) { - pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": setreuid: %s", - strerror(errno)); - pr_signals_unblock(); - end_login(1); - } - pr_signals_unblock(); - - if (res != -1) { - /* That's it! Disable all further id switching */ - session.disable_id_switching = TRUE; - - } else { - pr_log_pri(PR_LOG_NOTICE, MOD_SOLARIS_PRIV_VERSION ": attempt to configure " - "capabilities failed, reverting to normal operation"); - } - - return PR_DECLINED(cmd); -} - /* Initialization routines */ @@ -413,7 +350,6 @@ static cmdtable solaris_priv_cmdtab[] = { { POST_CMD, C_PASS, G_NONE, solaris_priv_post_pass, FALSE, FALSE }, - { POST_CMD_ERR, C_PASS, G_NONE, solaris_priv_post_fail, FALSE, FALSE }, { 0, NULL } };