[pptp-server] Patch blank password/username
Robert Dege
rcd at amherst.com
Tue Mar 6 08:53:27 CST 2001
Not sure if anybody tried this or not, but Livingstone's extra patch
doesn't work correctly. I couldn't logon using DUN whether I was
suppliying a user/passwd or not. PPP was acting as if my USER field was
always NULL. I kept getting an error message in the logs ("no secret in
samba secret file /etc/smbpasswd"). Once I replaced auth.c with the
original & recompiled, everything worked great.
I tried using Justin's patch with my Win98 Laptop, and everything worked
as expected.
user/pass --> access
blank/pass --> deny
blank/blank --> deny
user/blank --> deny
Great job!
-Rob
Godfrey Livingstone wrote:
> Justin your patch does work but the attached patch is tidier as soon as a match is
> found in smbpasswd then the while loop exits this also saves time if smbpasswd is
> large.
>
> I then check to see if smb == NULL if so then there is no match in smbpasswd file
> so skip to the next line of chap-secrets. No need to make up a secret which my
> potentially match ( I know the chance of that is very very small).
>
> Godfrey
>
> Justin Kreger wrote:
>
>> In short, Diffrent means of authentication. It may use the password file,
>> but it does not interact with samba's daemon processes.
>>
>> As for fixing this problem, I have written a patch.
>>
>> It fixes the two problems, the blank login/password problem, and the
>> unknown user/blankpassword problem.
>>
>> Please TEST this ASAP with win9x, Both my win9x boxen think that they should
>> be only talking in CHAP, not MSCHAP, and I can't seem to find msdun128.exe
>> to fix it.
>>
>> (This patch was tested on linux 2.2.16, with ppp-2.3.11, and tested with
>> Windows NT Server 4, Service Pack 6)
>>
>> -Justin Kreger, MCP MCSE
>>
>> -----Original Message-----
>> From: robert
>> To: Cowles, Steve; pptp-server at lists.schulte.org
>> Sent: 3/2/01 9:24 PM
>> Subject: Re: [pptp-server] Yes, blank username/password works!
>>
>> I'm wondering if anyone has considered that if you have a good guest
>> account
>> for samba, then samba will use that if a bad username/password is sent.
>>
>> Blank would definately count as bad. I use blank password to list
>> shares,
>> i.e. smbclient -L somemachine and just hit enter when asked for a
>> password.
>> Logs show guest account is used and I do get the listing. Could someone
>>
>> having this problem try disabling the guest account and seeing if the
>> problem
>> goes away?
>>
>> On Friday 02 March 2001 11:19, Cowles, Steve wrote:
>>
>>>> -----Original Message-----
>>>> From: Dread Boy [mailto:dreadboy at hotmail.com]
>>>> Sent: Friday, March 02, 2001 1:37 AM
>>>> To: pptp-server at lists.schulte.org; vgill at technologist.com
>>>> Subject: RE: [pptp-server] Yes, blank username/password works!
>>>>
>>>>
>>>> Yeah, and on top of all this it doesn't seem to matter what I
>>>> log in as, my username and password don't get carried over to
>>>> SAMBA for authenticating with server shares.
>>>
>>> Lets make sure we are comparing apples to apples here. The
>>> username/password that you specify in your windows PPTP dialup profile
>>
>> has
>>
>>> NEVER been carried over for share access. Please keep the following in
>>> mind...
>>>
>>> 1) The PPTP tunnel uses the user/pass specified in your PPTP dialup
>>
>> profile
>>
>>> to authenticate the tunnel connection ONLY.
>>>
>>> 2) Share access uses the user/pass that you specified when you turned
>>
>> on
>>
>>> your PC and logged in to get to your desktop. FWIW: This same
>>
>> user/pass can
>>
>>> be specified in your PPTP dialup profile to be used to authenticate
>>
>> the
>>
>>> PPTP tunnel.
>>>
>>>> i.e. Whether I use a valid username/password or the blank, I
>>>> still can not access resources (or possibly ACLs) on the
>>>> servers even with valid usernames. On my local LAN it's no
>>>> problem, but remotely, it doesn't seem to know who I am while
>>>> I'm logged on.
>>>>
>>>> For example, when I click a share locally on my SAMBA server,
>>>> I can get into it and have certain rights based on my username/
>>>> password. I don't even have to think about it. "security =
>>>> user" in /etc/smb.conf. However, when I log in remotely with
>>>> Windoze using my PPTPD Linux server, when I even try to access
>>>> the server itself (let alone the share) it keeps asking me for
>>>> the IPC$ administration password as if it was an NT server.
>>>> It doesn't matter what I enter here, I can't get any farther.
>>>
>>> From the samba docs...
>>>
>>> Some people find browsing fails because they don't have the global
>>> "guest account" set to a valid account. Remember that the IPC$
>>> connection that lists the shares is done as guest, and thus you must
>>> have a valid guest account.
>>> ----------------------------
>>>
>>> Also, is the PPTP clients WORKGROUP participation set to match what
>>
>> the
>>
>>> clients on the LAN are configured to?
>>>
>>>> Does PPTPD know my SMB username but not my password, or vice
>>>> versa? I thought maybe because it was encrypted using
>>>> libsmbpw.so that maybe it couldn't figure it out, but then
>>>> using chap-secrets plain-text passwords don't cut it either.
>>>>
>>>> Anyone know what this is all about?
>>>>
>>>> Geez, I thought this whole PPTPD Linux server was gonna be at
>>>> least a weekend of work, but it's turning out to be months
>>>> worth of work.
>>>
>>> With regards to the "subject" line of this thread... lets make sure we
>>
>> are
>>
>>> comparing apples to apples here. I'd hate to see PopTop/PPPD get the
>>> reputation of being insecure without the following clarification being
>>> noted.
>>>
>>> 1) If you have configured your PopTop/PPPD system to re-direct PPTP
>>
>> tunnel
>>
>>> authentication to use the libsmbpw.o lib's (smbpasswd), then your
>>
>> system
>>
>>> appears to be vulnerable to the blank user/pass exploit mentioned in
>>
>> this
>>
>>> thread.
>>>
>>> 2) Those of you who are still using the chap-secrets file (no
>>
>> re-direct)
>>
>>> for tunnel authentication are NOT vulnerable to the blank user/pass
>>
>> exploit
>>
>>> mentioned in this thread. I just verified this on my PopTop server! I
>>
>> do
>>
>>> not use the re-direct to libsmbpw.o
>>>
>>> Steve Cowles
>>> _______________________________________________
>>> pptp-server maillist - pptp-server at lists.schulte.org
>>> http://lists.schulte.org/mailman/listinfo/pptp-server
>>> List services provided by www.schulteconsulting.com!
>>
>> _______________________________________________
>> pptp-server maillist - pptp-server at lists.schulte.org
>> http://lists.schulte.org/mailman/listinfo/pptp-server
>> List services provided by www.schulteconsulting.com!
>>
>> ------------------------------------------------------------------------
>> Name: smbpasswdauthfix.patch
>> smbpasswdauthfix.patch Type: unspecified type (application/octet-stream)
>> Encoding: quoted-printable
>>
>>
>> ------------------------------------------------------------------------
>>
>> --- ppp-2.3.11/pppd/auth.c.org Mon Mar 5 12:19:41 2001
>> +++ ppp-2.3.11/pppd/auth.c Mon Mar 5 12:31:54 2001
>> @@ -1871,10 +1871,15 @@
>> ) {
>> memcpy(word, smbname, NTPASS);
>> word[NTPASS]='\000';
>> + break;
>> }
>>
>> }
>> endsmbpwent();
>> + if (smb == NULL) {
>> + warn("no secret in samba secret file %s", atfile);
>> + continue;
>> + }
>> }
>> #endif
>> if (secret != NULL)
>> blank_passwd_fix.diff
>>
>> Content-Type:
>>
>> text/plain
>> Content-Encoding:
>>
>> 7bit
>>
>>
More information about the pptp-server
mailing list