# HG changeset patch # User Tomas Klacko # Date 1415827579 28800 # Node ID af632779536e924dee24654c776d475d9f2d4ff2 # Parent f83e0e3cf2d7921d304dace20953266562d2ac44 19925516 proftpd unable to authenticate user after first failed attempt diff -r f83e0e3cf2d7 -r af632779536e components/proftpd/mod_solaris_priv.c --- a/components/proftpd/mod_solaris_priv.c Wed Nov 12 09:56:14 2014 -0800 +++ b/components/proftpd/mod_solaris_priv.c Wed Nov 12 13:26:19 2014 -0800 @@ -2,7 +2,7 @@ * ProFTPD - FTP server daemon * Copyright (c) 1997, 1998 Public Flood Software * Copyright (c) 2003-2010 The ProFTPD Project team - * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -242,59 +242,50 @@ return PR_DECLINED(cmd); } -static void log_err_permitted(const char* fn) { - pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": %s(%s): %s", - fn, "permitted", strerror(errno)); -} - static void log_err_effective(const char* fn) { pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": %s(%s): %s", fn, "effective", strerror(errno)); } MODRET solaris_priv_post_fail(cmd_rec *cmd) { - priv_set_t* permitted_set = NULL; priv_set_t* effective_set = NULL; - if ((permitted_set = priv_allocset()) == NULL) { - log_err_permitted("priv_allocset"); - goto out; - } if ((effective_set = priv_allocset()) == NULL) { log_err_effective("priv_allocset"); goto out; } - if (getppriv(PRIV_PERMITTED, permitted_set) != 0) { - log_err_permitted("getppriv"); - goto out; - } if (getppriv(PRIV_EFFECTIVE, effective_set) != 0) { log_err_effective("getppriv"); goto out; } - if (priv_addset(permitted_set, PRIV_PROC_AUDIT) != 0) { - log_err_permitted("priv_addset"); - goto out; - } if (priv_addset(effective_set, PRIV_PROC_AUDIT) != 0) { log_err_effective("priv_addset"); goto out; } - if (setppriv(PRIV_SET, PRIV_PERMITTED, permitted_set) != 0) { - log_err_permitted("setppriv"); + if (priv_addset(effective_set, PRIV_SYS_AUDIT) != 0) { + log_err_effective("priv_addset"); goto out; } + + if (priv_addset(effective_set, PRIV_PROC_SETID) != 0) { + log_err_effective("priv_addset"); + goto out; + } + + if (priv_addset(effective_set, PRIV_PROC_TASKID) != 0) { + log_err_effective("priv_addset"); + goto out; + } + if (setppriv(PRIV_SET, PRIV_EFFECTIVE, effective_set) != 0) { log_err_effective("setppriv"); goto out; } out: - if (permitted_set != NULL) - priv_freeset(permitted_set); if (effective_set != NULL) priv_freeset(effective_set);