[pptp-server] Patch blank password/username

Godfrey Livingstone godfrey at hattaway-associates.com
Sun Mar 4 17:45:45 CST 2001 

Justin your patch does work but the attached patch is tidier as soon as a match is
found in smbpasswd then the while loop exits this also saves time if smbpasswd is
large.

I then check to see if smb == NULL if so then there is no match in smbpasswd file
so skip to the next line of chap-secrets. No need to make up a secret which my
potentially match ( I know the chance of that is very very small).

Godfrey

Justin Kreger wrote:

>  In short, Diffrent means of authentication.  It may use the password file,
> but it does not interact with samba's daemon processes.
>
> As for fixing this problem, I have written a patch.
>
> It fixes the two problems, the blank login/password  problem, and the
> unknown user/blankpassword problem.
>
> Please TEST this ASAP with win9x, Both my win9x boxen think that they should
> be only talking in CHAP, not MSCHAP, and I can't seem to find msdun128.exe
> to fix it.
>
> (This patch was tested on linux 2.2.16, with ppp-2.3.11, and tested with
> Windows NT Server 4, Service Pack 6)
>
> -Justin Kreger, MCP MCSE
>
> -----Original Message-----
> From: robert
> To: Cowles, Steve; pptp-server at lists.schulte.org
> Sent: 3/2/01 9:24 PM
> Subject: Re: [pptp-server] Yes, blank username/password works!
>
> I'm wondering if anyone has considered that if  you have a good guest
> account
> for samba, then samba will use that if a bad username/password is sent.
>
> Blank would definately count as bad.  I use blank password to list
> shares,
> i.e. smbclient -L somemachine and just hit enter when asked for a
> password.
> Logs show guest account is used and I do get the listing.  Could someone
>
> having this problem try disabling the guest account and seeing if the
> problem
> goes away?
>
> On Friday 02 March 2001 11:19, Cowles, Steve wrote:
> > > -----Original Message-----
> > > From: Dread Boy [mailto:dreadboy at hotmail.com]
> > > Sent: Friday, March 02, 2001 1:37 AM
> > > To: pptp-server at lists.schulte.org; vgill at technologist.com
> > > Subject: RE: [pptp-server] Yes, blank username/password works!
> > >
> > >
> > > Yeah, and on top of all this it doesn't seem to matter what I
> > > log in as, my username and password don't get carried over to
> > > SAMBA for authenticating with server shares.
> >
> > Lets make sure we are comparing apples to apples here. The
> > username/password that you specify in your windows PPTP dialup profile
> has
> > NEVER been carried over for share access. Please keep the following in
> > mind...
> >
> > 1) The PPTP tunnel uses the user/pass specified in your PPTP dialup
> profile
> > to authenticate the tunnel connection ONLY.
> >
> > 2) Share access uses the user/pass that you specified when you turned
> on
> > your PC and logged in to get to your desktop. FWIW: This same
> user/pass can
> > be specified in your PPTP dialup profile to be used to authenticate
> the
> > PPTP tunnel.
> >
> > > i.e.  Whether I use a valid username/password or the blank, I
> > > still can not access resources (or possibly ACLs) on the
> > > servers even with valid usernames.  On my local LAN it's no
> > > problem, but remotely, it doesn't seem to know who I am while
> > > I'm logged on.
> > >
> > > For example, when I click a share locally on my SAMBA server,
> > > I can get into it and have certain rights based on my username/
> > > password.  I don't even have to think about it. "security =
> > > user" in /etc/smb.conf. However, when I log in remotely with
> > > Windoze using my PPTPD Linux server, when I even try to access
> > > the server itself (let alone the share) it keeps asking me for
> > > the IPC$ administration password as if it was an NT server.
> > > It doesn't matter what I enter here, I can't get any farther.
> >
> > From the samba docs...
> >
> > Some people find browsing fails because they don't have the global
> > "guest account" set to a valid account.  Remember that the IPC$
> > connection that lists the shares is done as guest, and thus you must
> > have a valid guest account.
> > ----------------------------
> >
> > Also, is the PPTP clients WORKGROUP participation set to match what
> the
> > clients on the LAN are configured to?
> >
> > > Does PPTPD know my SMB username but not my password, or vice
> > > versa?  I thought maybe because it was encrypted using
> > > libsmbpw.so that maybe it couldn't figure it out, but then
> > > using chap-secrets plain-text passwords don't cut it either.
> > >
> > > Anyone know what this is all about?
> > >
> > > Geez, I thought this whole PPTPD Linux server was gonna be at
> > > least a weekend of work, but it's turning out to be months
> > > worth of work.
> >
> > With regards to the "subject" line of this thread... lets make sure we
> are
> > comparing apples to apples here. I'd hate to see PopTop/PPPD get the
> > reputation of being insecure without the following clarification being
> > noted.
> >
> > 1) If you have configured your PopTop/PPPD system to re-direct PPTP
> tunnel
> > authentication to use the libsmbpw.o lib's (smbpasswd), then your
> system
> > appears to be vulnerable to the blank user/pass exploit mentioned in
> this
> > thread.
> >
> > 2) Those of you who are still using the chap-secrets file (no
> re-direct)
> > for tunnel authentication are NOT vulnerable to the blank user/pass
> exploit
> > mentioned in this thread. I just verified this on my PopTop server! I
> do
> > not use the re-direct to libsmbpw.o
> >
> > Steve Cowles
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
>   ------------------------------------------------------------------------
>                              Name: smbpasswdauthfix.patch
>    smbpasswdauthfix.patch    Type: unspecified type (application/octet-stream)
>                          Encoding: quoted-printable
-------------- next part --------------
--- ppp-2.3.11/pppd/auth.c.org	Mon Mar  5 12:19:41 2001
+++ ppp-2.3.11/pppd/auth.c	Mon Mar  5 12:31:54 2001
@@ -1871,10 +1871,15 @@
 		) {
 		memcpy(word, smbname, NTPASS);
 		word[NTPASS]='\000';
+		break;
 	    }
 
       }
       endsmbpwent();
+      if (smb == NULL) {
+	  warn("no secret in samba secret file %s", atfile);	
+	  continue;
+	  }	  
     }
 #endif
 	if (secret != NULL)

More information about the pptp-server mailing list