Bug 120187 - ftp/Pure-FTPd doesn't support TLS authentication by default.
Summary: ftp/Pure-FTPd doesn't support TLS authentication by default.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-31 14:40 UTC by Filip Palian
Modified: 2008-02-14 12:00 UTC (History)
0 users

See Also:

Attachments
file.diff (761 bytes, patch)
2008-01-31 14:40 UTC, Filip Palian 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Palian 2008-01-31 14:40:03 UTC 
Pure-FTPd version 1.0.21_1 was compiled from ports, with the following options passed to configure script:

--with-everything
--with-paranoidmsg
--with-virtualchroot
--with-tls             // Support for the secure authentication.
--with-largefile
--with-pgsql
--with-privsep
--without-banner
--with-sendfile


The pure-ftpd binary was run with the following configuration:

/usr/local/sbin/pure-ftpd -A -c50 -B -C8 -d -D -E -fftp -H -I15 -lpgsql:/usr/local/etc/pureftpd-pgsql.conf -L2000:8 -m4 -p49000:50000 -P<ext_IP> -s -U133:022 -u80 -i -g/var/run/pure-ftpd.pid -k99 -Z -Y1


I've noticed, that Pure-FTPd executed with both "-P" and "-Y" flags, doesn't work properly. It means, clients were not able to authenticate themselves using AUTH TLS. Pure-FTPd during feature negotation (FEAT) didn't include FEAT_TLS, so clients were using plain text authentication.


Feature negotation log without a fix:
---> FEAT
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  TVFS
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<--- 211 End.
---> QUIT    // Using secure authentication was forced.


Feature negotation log with a fix:
---> FEAT
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  TVFS
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTA
<---  AUTH TLS
<---  PBSZ
<--- 211 End.
---> AUTH TLS
<--- 234 AUTH TLS OK.

Fix: Applay a patch included with this Problem Report.

Patch attached with submission follows:
How-To-Repeat: 1) Compile Pure-FTPd with TLS support (--with-TLS)
2) Run pure-ftpd binary with "-P" and "-Y" flags.
3) Try to connect with Pure-FTPd daemon with AUTH TLS (debug mode).
Comment 1 Beech Rintoul freebsd_committer freebsd_triage 2008-01-31 19:37:33 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->beech

I'll take it
Comment 2 Beech Rintoul freebsd_committer freebsd_triage 2008-01-31 20:03:55 UTC 
Responsible Changed
From-To: beech->garga

Maintainer is committer, over to maintainer.
Comment 3 dfilter service freebsd_committer freebsd_triage 2008-02-14 11:55:31 UTC 
garga       2008-02-14 11:55:22 UTC

  FreeBSD ports repository

  Modified files:
    ftp/pure-ftpd        Makefile pkg-plist 
  Added files:
    ftp/pure-ftpd/files  patch-src_ftpd.c pkg-message.in 
  Removed files:
    ftp/pure-ftpd        pkg-message 
  Log:
  - Fix a problem with AUTH TLS [1]
  - Bump PORTREVISION
  - Some cosmetic changes (e.g. indentation)
  - Move pkg-message to files/pkg-message.in
  - Respect NOPORTEXAMPLES
  - Use INSTALL_SCRIPT to install ${PREFIX}/sbin/pure-ftpd.pl
  
  PR:             ports/120187 [1]
  Submitted by:   Filip Palian <filip.palian@expro.pl> [1]
  
  Revision  Changes    Path
  1.60      +28 -24    ports/ftp/pure-ftpd/Makefile
  1.1       +21 -0     ports/ftp/pure-ftpd/files/patch-src_ftpd.c (new)
  1.1       +8 -0      ports/ftp/pure-ftpd/files/pkg-message.in (new)
  1.2       +0 -5      ports/ftp/pure-ftpd/pkg-message (dead)
  1.22      +0 -6      ports/ftp/pure-ftpd/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Renato Botelho freebsd_committer freebsd_triage 2008-02-14 11:55:55 UTC 
State Changed
From-To: open->closed

Committed. Thanks!