Bug 1490354

Summary:	pure-ftpd authentication fails after upgrade from 1.0.42 to 1.0.46
Product:	[Fedora] Fedora	Reporter:	Saso Tavcar <fast>
Component:	pure-ftpd	Assignee:	Jaromír Cápík <jaromir.capik>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	urgent	Docs Contact:
Priority:	unspecified
Version:	26	CC:	fast, gregswift, jaromir.capik, mi, msehnout, olysonek
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:	pure-ftpd-1.0.47-1.fc26 pure-ftpd-1.0.47-1.fc27 pure-ftpd-1.0.47-3.fc28	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-03-27 19:27:21 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Saso Tavcar 2017-09-11 12:04:03 UTC

Description of problem:

pure-ftpd authentication fails


Version-Release number of selected component (if applicable):

pure-ftpd-1.0.46-1.fc26.x86_64


How reproducible:


Upgrade from pure-ftpd-1.0.42-4.fc24.x86_64 to pure-ftpd-1.0.46-1.fc26.x86_64.

Also MySQL authentication is broken for both versions (after upgrade libs to MariaDB 10.1.26), PureDB is working for 10.0.42 but not for 10.0.46.


Steps to Reproduce:


[root@ftp2 pure-ftpd]# sestatus 
SELinux status:                 disabled

[root@ftp2 pure-ftpd]# rpm -qa |grep pure-ftpd
pure-ftpd-1.0.42-4.fc24.x86_64

[root@ftp2 pure-ftpd]# ftp localhost
Trying ::1...
Connected to localhost (::1).
Name (localhost:root): a2u
331 User a2u OK. Password required
Password:
230-OK. Current directory is /
230-1 files used (0%) - authorized: 10000 files
230 7096 Kbytes used (1%) - authorized: 512000 Kb
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.

[root@ftp2 pure-ftpd]# dnf -y  update pureftpd
Last metadata expiration check: 2:40:47 ago on Mon 11 Sep 2017 11:03:03 AM CEST.
No match for argument: pureftpd
Error: No packages marked for upgrade.
[root@ftp2 pure-ftpd]# dnf -y  update pure-ftpd
Last metadata expiration check: 2:40:52 ago on Mon 11 Sep 2017 11:03:03 AM CEST.
Dependencies resolved.
========================================================================================================================================================================================================
 Package                                         Arch                                         Version                                               Repository                                     Size
========================================================================================================================================================================================================
Upgrading:
 pure-ftpd                                       x86_64                                       1.0.46-1.fc26                                         updates                                       258 k

Transaction Summary
========================================================================================================================================================================================================
Upgrade  1 Package

Total download size: 258 k
Downloading Packages:
pure-ftpd-1.0.46-1.fc26.x86_64.rpm                                                                                                                                      146 kB/s | 258 kB     00:01    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                   102 kB/s | 258 kB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Running scriptlet: None                                                                                                                                                                           1/1 
  Preparing        :                                                                                                                                                                                1/1 
  Upgrading        : pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 1/2 
  Running scriptlet: pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 1/2 
warning: /etc/pure-ftpd/pure-ftpd.conf created as /etc/pure-ftpd/pure-ftpd.conf.rpmnew
  Running scriptlet: pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 2/2 
  Cleanup          : pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 2/2 
  Running scriptlet: pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 2/2 
  Verifying        : pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 1/2 
  Verifying        : pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 2/2 

Upgraded:
  pure-ftpd.x86_64 1.0.46-1.fc26                                                                                                                                                                        

Complete!


[root@ftp2 pure-ftpd]# systemctl restart pure-ftpd.service

[root@ftp2 pure-ftpd]# ftp localhost
Trying ::1...
Connected to localhost (::1).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 13:44. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:root): a2u
331 User a2u OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.


[root@ftp2 pure-ftpd]# dnf downgrade pure-ftpd
Last metadata expiration check: 2:41:53 ago on Mon 11 Sep 2017 11:03:03 AM CEST.
Dependencies resolved.
========================================================================================================================================================================================================
 Package                                         Arch                                         Version                                                Repository                                    Size
========================================================================================================================================================================================================
Downgrading:
 pure-ftpd                                       x86_64                                       1.0.42-4.fc24                                          fedora                                       263 k

Transaction Summary
========================================================================================================================================================================================================
Downgrade  1 Package

Total download size: 263 k
Is this ok [y/N]: y
Downloading Packages:
pure-ftpd-1.0.42-4.fc24.x86_64.rpm                                                                                                                                      499 kB/s | 263 kB     00:00    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                   201 kB/s | 263 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Running scriptlet: None                                                                                                                                                                           1/1 
  Preparing        :                                                                                                                                                                                1/1 
  Downgrading      : pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 1/2 
  Running scriptlet: pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 1/2 
warning: /etc/pure-ftpd/pure-ftpd.conf created as /etc/pure-ftpd/pure-ftpd.conf.rpmnew
  Running scriptlet: pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 2/2 
  Erasing          : pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 2/2 
  Running scriptlet: pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 2/2 
  Verifying        : pure-ftpd-1.0.42-4.fc24.x86_64                                                                                                                                                 1/2 
  Verifying        : pure-ftpd-1.0.46-1.fc26.x86_64                                                                                                                                                 2/2 

Downgraded:
  pure-ftpd.x86_64 1.0.42-4.fc24                                                                                                                                                                        

Complete!


[root@ftp2 pure-ftpd]# systemctl restart pure-ftpd.service


[root@ftp2 pure-ftpd]# rpm -qa  |grep pure-ftp
pure-ftpd-1.0.42-4.fc24.x86_64


[root@ftp2 pure-ftpd]# systemctl restart pure-ftpd.service
[root@ftp2 pure-ftpd]# ftp localhost
Trying ::1...
Connected to localhost (::1).


Name (localhost:root): a2u
331 User a2u OK. Password required
Password:
230-OK. Current directory is /
230-1 files used (0%) - authorized: 10000 files
230 7096 Kbytes used (1%) - authorized: 512000 Kb
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.


Actual results:


Expected results:

Authentication should succeed for PureDB and/or MySQL.


Additional info:

Comment 1 Ondřej Lysoněk 2017-09-16 07:37:34 UTC

Can you test if pure-ftpd-1.0.46-2 in the updates-testing repository works?
dnf upgrade --enablerepo updates-testing pure-ftpd

If it works, please give feedback here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-7a9447c0af

Comment 2 Ondřej Lysoněk 2017-09-18 08:44:51 UTC

Forgot to mention: you will need to remove the 'UseFtpUsers' from the configuration file, if you have it there. The option hasn't been implemented for at least 12 years, but up until now, invalid options in the configuration file were silently ignored, so nobody noticed.

Comment 3 Ondřej Lysoněk 2017-09-29 11:33:11 UTC

(In reply to Ondřej Lysoněk from comment #1)
> Can you test if pure-ftpd-1.0.46-2 in the updates-testing repository works?
> dnf upgrade --enablerepo updates-testing pure-ftpd

The update already made it to the F26 stable repository. Please test.

Comment 4 Saso Tavcar 2017-10-09 11:21:00 UTC

Sorry, I tested it today and authentication with new pure-ftpd-1.0.46-2 stil not working.

Comment 5 Ondřej Lysoněk 2018-03-05 15:05:30 UTC

So I tried to reproduce it today, but unfortunately failed. Both PureDB and MySQL (mariadb-10.1.26-2.fc26) authentication works just fine for me on both pure-ftpd-1.0.42-4.fc24 and pure-ftpd-1.0.46-2.fc26.

The only potentially breaking change I see in the upstream changelog is that on 1.0.46, passwords with length 512 bytes or more will be rejected. Can you confirm that's not the case? If it's not, I'll report this upstream.

BTW, if you have time to test, there's a new version of pure-ftpd in Fedora 28, pure-ftpd-1.0.47-1.fc28.

Also, could you try regenerating the PureDB database with 'pure-pw mkdb' (make a backup first).

And could you post your config files?

Thanks.

Comment 6 Ondřej Lysoněk 2018-03-14 17:08:58 UTC

Upstream recommended applying this patch:
https://github.com/jedisct1/pure-ftpd/commit/27a5c200f9643ce

I'll build a new version tomorrow.

Comment 7 Fedora Update System 2018-03-15 16:54:11 UTC

pure-ftpd-1.0.47-3.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-745f0ee924

Comment 8 Fedora Update System 2018-03-15 17:08:11 UTC

pure-ftpd-1.0.47-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4036067be1

Comment 9 Fedora Update System 2018-03-15 17:08:28 UTC

pure-ftpd-1.0.47-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d9aaa17658

Comment 10 Fedora Update System 2018-03-16 14:45:54 UTC

pure-ftpd-1.0.47-3.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-745f0ee924

Comment 11 Fedora Update System 2018-03-16 17:24:45 UTC

pure-ftpd-1.0.47-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d9aaa17658

Comment 12 Fedora Update System 2018-03-16 17:55:28 UTC

pure-ftpd-1.0.47-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4036067be1

Comment 13 Fedora Update System 2018-03-27 19:27:21 UTC

pure-ftpd-1.0.47-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2018-03-27 20:02:58 UTC

pure-ftpd-1.0.47-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2018-03-30 12:59:07 UTC

pure-ftpd-1.0.47-3.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.