Pure-FTPd - Read users from DB - Wrong password?

Status
Niet open voor verdere reacties.

smiba

Gebruiker
Lid geworden
27 feb 2011
Berichten
108
Pure-FTPd wil gewoon niet doen wat ik wil..

Hij moet het password van de user uit de database halen en die controleren. Maar hij zegt altijd dat hij fout is.

Pure-FTPd.conf:
Code:
# Config file for /etc/init.d/pure-ftpd
##Comment variables out to disable its features, or change the values in it... #                                                                                        #
# Maximum number of simultaneous users

MaxClientsNumber            30

# Fork in background

Daemonize                   yes

# Maximum number of sim clients with the same IP address

MaxClientsPerIP             3

# Don't allow authenticated users - have a public anonymous FTP only.

# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.

VerboseLog                  yes

# Allow dot-files
AllowDotFiles               yes

# List dot-files even when the client doesn't send "-a".

DisplayDotFiles             yes

AnonymousOnly               no

# Disallow anonymous connections. Only allow authenticated users.

NoAnonymous                 yes

# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.

DontResolve                 no

# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime                 15

# MySQL configuration file (see README.MySQL)

MySQLConfigFile               /etc/pure-ftpd/pure-ftpd-mysql.conf

# If you want to enable PAM authentication, uncomment the following line

PAMAuthentication             no

# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth

LimitRecursion              2000 8

# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs      no

# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.

MaxLoad                     4

...

# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.

MaxDiskUsage               90

pure-ftpd-mysql.conf:

Code:
##############################################
#                                            #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations.         #
#                                            #
##############################################


# Optional : MySQL server name or IP. Don't define this for unix sockets.

MYSQLServer     127.0.0.1


# Optional : MySQL port. Don't define this if a local unix socket is used.

MYSQLPort       3306


# Optional : define the location of mysql.sock if the server runs on this host.

#MYSQLSocket     /var/lib/mysql/mysql.sock


# Mandatory : user to bind the server as.

MYSQLUser       *MY DB USERNAME*


# Mandatory : user password. You must have a password.

MYSQLPassword   *MY DB PASSWORD*


# Mandatory : database to open.

MYSQLDatabase   *MY DB NAME*


# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"

MYSQLCrypt any


# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.


# Query to execute in order to fetch the password

MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="Y"

# Query to execute in order to fetch the system user name or uid

MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="Y"

# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 10000

# Query to execute in order to fetch the home directory

MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="Y"

# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.

# MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User="\L"


# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.

#MySQLGetQTASZ SELECT CONCAT( diskspace / 1024 ) AS diskspace FROM panel_customers WHERE loginname="\L" AND deactivated="0"

# Optional : ratios. The server has to be compiled with ratio support.

# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"


# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .

# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.

# MySQLForceTildeExpansion 1


# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

# MySQLTransactions On

Pure-FTPd log:
(Geen error's ofzo)
Code:
Dec 25 13:11:13 bartstuff pure-ftpd: (?@ip5451741d.direct-adsl.nl) [INFO] New connection from ip5451741d.direct-adsl.nl
Dec 25 13:11:21 bartstuff pure-ftpd: (?@ip5451741d.direct-adsl.nl) [WARNING] Authentication failed for user [bart]
Dec 25 13:11:57 bartstuff pure-ftpd: (?@ip5451741d.direct-adsl.nl) [WARNING] Authentication failed for user [bart]
Dec 25 13:13:50 bartstuff pure-ftpd: (?@ip5451741d.direct-adsl.nl) [WARNING] Authentication failed for user [bart]
Dec 25 13:18:30 bartstuff pure-ftpd: (?@ip5451741d.direct-adsl.nl) [WARNING] Authentication failed for user [bart]
Dec 25 13:25:46 bartstuff pure-ftpd: (?@ip5451741d.direct-adsl.nl) [WARNING] Authentication failed for user [bart]

Als ik de query zelf uitvoer werkt hij wel gewoon (En hij voert hem ook gewoon uit. Kan ik zien in mijn query log)

Ik heb CentOS 5.7
 
Kijk eens na hoe die wachtwoorden zijn opgeslagen in de database. Kun je die gewoon uitlezen, dan lijkt het me dat
MYSQLCrypt cleartext
ingesteld moet worden in pure-ftpd-mysql.conf

Overigens zou ik er zelf voor zorgen dat de bevragingen op de database ook gelogd worden, zodat je kunt zien óf en zo ja, hóe de database bevraagd wordt.

Tijs.
 
Het is niet in cleartext: pp6XOiLADAuF.

Dat is "hey"

Maar als ik hem op clear text zet en dan dat invoer als password werkt hij ook niet
 
Ok, dan eens proberen te kijken of je ergens logging kunt aanzetten m.b.t. je mysql database, zodat je in de logging kunt zien of er inderdaad door dat ftp programma queries op de database worden uitgevoerd.
Google op: logging mysql
als logging nu nog niet aanstaat bij je.

Tijs.
 
Heb ik aanstaan. Wordt gewoon netjes verstuurd
 
Zet toch eens een # voor die PAMauthentication regel en herstart de ftp-service. Is een schot in het donker en ik zie dat er "no" achter staat, maar zet het toch maar uit zoals in het .ini bestand is gezet (=commentaar maken van de PAMauthentication regel).
Voor PAM authentication zijn enkele eisen gesteld, bijv. een plugin in mysql om het te gebruiken:
As of MySQL 5.5.16, commercial distributions of MySQL include an authentication plugin that enables MySQL Server to use PAM (Pluggable Authentication Modules) to authenticate MySQL users. PAM enables a system to use a standard interface to access various kinds of authentication methods, such as Unix passwords or an LDAP directory.

The PAM plugin uses the information passed to it by MySQL Server (such as user name, host name, password, and authentication string), plus whatever method is available for PAM lookup. The plugin checks the user credentials against PAM and returns 'Authentication succeeded, Username is user_name' or 'Authentication failed'.
 
Dan weet ik het niet. Hopelijk reageert iemand anders nog.

Tijs.
 
Ik heb even een mysql sniffer geinstaleerd.

Output:

Code:
server > 127.0.0.1.34684: ID 0 len 56 Handshake <proto 10 ver 5.0.95-log thd 219>
127.0.0.1.34684 > server: ID 1 len 66 Handshake (new auth) <user root db froxlor max pkt 1073741824>
server > 127.0.0.1.34684: ID 2 len 1 ::Unhandled Event:: Waiting for server to finish response... ::DUMP:: fe ::DUMP::
127.0.0.1.34684 > server: ID 3 len 9 ::Unhandled Event:: ::Unhandled Event:: Client pkt has no valid handler ::DUMP:: 5d 4a 44 44 4f 52 48 5d 00 ::DUMP::
server > 127.0.0.1.34684: ID 4 len 7 Waiting for server to finish response... ::DUMP:: 00 00 00 02 00 00 00 ::DUMP::
127.0.0.1.34684 > server: ID 0 len 1 COM_PING
server > 127.0.0.1.34684: ID 1 len 7 OK <fields 0 affected rows 0 insert id 0 warnings 0>
127.0.0.1.34684 > server: ID 0 len 75 COM_QUERY: SELECT password FROM ftp_users WHERE username="bart" AND login_enabled="Y"
server > 127.0.0.1.34684: ID 1 len 1 1 Fields
 ID 2 len 63 Field: froxlor.ftp_users.password <type var string (509) size 20>
 ID 3 len 5 End <warnings 0>
 ID 4 len 7 || hey ||
 ID 5 len 5 End <warnings 0>
127.0.0.1.34684 > server: ID 0 len 70 COM_QUERY: SELECT uid FROM ftp_users WHERE username="bart" AND login_enabled="Y"
server > 127.0.0.1.34684: ID 1 len 1 1 Fields
 ID 2 len 53 Field: froxlor.ftp_users.uid <type long int (259) size 5>
 ID 3 len 5 End <warnings 0>
 ID 4 len 6 || 10000 ||
 ID 5 len 5 End <warnings 0>
127.0.0.1.34684 > server: ID 0 len 1 COM_QUIT
 
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan