[pptp-server] Patch blank password/username
Godfrey Livingstone
godfrey at hattaway-associates.com
Tue Mar 6 17:29:20 CST 2001
Robert the patch works for me the fact that it does not work for you concerns me I have
just tried it using win9x and it works I do not get the error messages if there is a
match.
Did you download it using netscape by chance as netscape mangles patches?
Any way if you have time can you try using wget or lynx to get the patch from
http://www.hattaway.co.nz/raidpatches/blank_passwd_fix.diff
I have also created what I think is a better patch if you would like to try
http://www.hattaway.co.nz/raidpatches/blank_passwd_fix2.diff
this tidies up the while loop considerably and should be faster.
Godfrey
Robert Dege wrote:
> Not sure if anybody tried this or not, but Livingstone's extra patch
> doesn't work correctly. I couldn't logon using DUN whether I was
> suppliying a user/passwd or not. PPP was acting as if my USER field was
> always NULL. I kept getting an error message in the logs ("no secret in
> samba secret file /etc/smbpasswd"). Once I replaced auth.c with the
> original & recompiled, everything worked great.
>
> I tried using Justin's patch with my Win98 Laptop, and everything worked
> as expected.
>
> user/pass --> access
> blank/pass --> deny
> blank/blank --> deny
> user/blank --> deny
>
> Great job!
>
> -Rob
>
> Godfrey Livingstone wrote:
>
> > Justin your patch does work but the attached patch is tidier as soon as a match is
> > found in smbpasswd then the while loop exits this also saves time if smbpasswd is
> > large.
> >
> > I then check to see if smb == NULL if so then there is no match in smbpasswd file
> > so skip to the next line of chap-secrets. No need to make up a secret which my
> > potentially match ( I know the chance of that is very very small).
> >
> > Godfrey
> >
> > Justin Kreger wrote:
> >
> >> In short, Diffrent means of authentication. It may use the password file,
> >> but it does not interact with samba's daemon processes.
> >>
> >> As for fixing this problem, I have written a patch.
> >>
> >> It fixes the two problems, the blank login/password problem, and the
> >> unknown user/blankpassword problem.
> >>
> >> Please TEST this ASAP with win9x, Both my win9x boxen think that they should
> >> be only talking in CHAP, not MSCHAP, and I can't seem to find msdun128.exe
> >> to fix it.
> >>
> >> (This patch was tested on linux 2.2.16, with ppp-2.3.11, and tested with
> >> Windows NT Server 4, Service Pack 6)
> >>
> >> -Justin Kreger, MCP MCSE
> >>
> >> -----Original Message-----
> >> From: robert
> >> To: Cowles, Steve; pptp-server at lists.schulte.org
> >> Sent: 3/2/01 9:24 PM
> >> Subject: Re: [pptp-server] Yes, blank username/password works!
> >>
> >> I'm wondering if anyone has considered that if you have a good guest
> >> account
> >> for samba, then samba will use that if a bad username/password is sent.
> >>
> >> Blank would definately count as bad. I use blank password to list
> >> shares,
> >> i.e. smbclient -L somemachine and just hit enter when asked for a
> >> password.
> >> Logs show guest account is used and I do get the listing. Could someone
> >>
> >> having this problem try disabling the guest account and seeing if the
> >> problem
> >> goes away?
> >>
> >> On Friday 02 March 2001 11:19, Cowles, Steve wrote:
> >>
> >>>> -----Original Message-----
> >>>> From: Dread Boy [mailto:dreadboy at hotmail.com]
> >>>> Sent: Friday, March 02, 2001 1:37 AM
> >>>> To: pptp-server at lists.schulte.org; vgill at technologist.com
> >>>> Subject: RE: [pptp-server] Yes, blank username/password works!
> >>>>
> >>>>
> >>>> Yeah, and on top of all this it doesn't seem to matter what I
> >>>> log in as, my username and password don't get carried over to
> >>>> SAMBA for authenticating with server shares.
> >>>
> >>> Lets make sure we are comparing apples to apples here. The
> >>> username/password that you specify in your windows PPTP dialup profile
> >>
> >> has
> >>
> >>> NEVER been carried over for share access. Please keep the following in
> >>> mind...
> >>>
> >>> 1) The PPTP tunnel uses the user/pass specified in your PPTP dialup
> >>
> >> profile
> >>
> >>> to authenticate the tunnel connection ONLY.
> >>>
> >>> 2) Share access uses the user/pass that you specified when you turned
> >>
> >> on
> >>
> >>> your PC and logged in to get to your desktop. FWIW: This same
> >>
> >> user/pass can
> >>
> >>> be specified in your PPTP dialup profile to be used to authenticate
> >>
> >> the
> >>
> >>> PPTP tunnel.
> >>>
> >>>> i.e. Whether I use a valid username/password or the blank, I
> >>>> still can not access resources (or possibly ACLs) on the
> >>>> servers even with valid usernames. On my local LAN it's no
> >>>> problem, but remotely, it doesn't seem to know who I am while
> >>>> I'm logged on.
> >>>>
> >>>> For example, when I click a share locally on my SAMBA server,
> >>>> I can get into it and have certain rights based on my username/
> >>>> password. I don't even have to think about it. "security =
> >>>> user" in /etc/smb.conf. However, when I log in remotely with
> >>>> Windoze using my PPTPD Linux server, when I even try to access
> >>>> the server itself (let alone the share) it keeps asking me for
> >>>> the IPC$ administration password as if it was an NT server.
> >>>> It doesn't matter what I enter here, I can't get any farther.
> >>>
> >>> From the samba docs...
> >>>
> >>> Some people find browsing fails because they don't have the global
> >>> "guest account" set to a valid account. Remember that the IPC$
> >>> connection that lists the shares is done as guest, and thus you must
> >>> have a valid guest account.
> >>> ----------------------------
> >>>
> >>> Also, is the PPTP clients WORKGROUP participation set to match what
> >>
> >> the
> >>
> >>> clients on the LAN are configured to?
> >>>
> >>>> Does PPTPD know my SMB username but not my password, or vice
> >>>> versa? I thought maybe because it was encrypted using
> >>>> libsmbpw.so that maybe it couldn't figure it out, but then
> >>>> using chap-secrets plain-text passwords don't cut it either.
> >>>>
> >>>> Anyone know what this is all about?
> >>>>
> >>>> Geez, I thought this whole PPTPD Linux server was gonna be at
> >>>> least a weekend of work, but it's turning out to be months
> >>>> worth of work.
> >>>
> >>> With regards to the "subject" line of this thread... lets make sure we
> >>
> >> are
> >>
> >>> comparing apples to apples here. I'd hate to see PopTop/PPPD get the
> >>> reputation of being insecure without the following clarification being
> >>> noted.
> >>>
> >>> 1) If you have configured your PopTop/PPPD system to re-direct PPTP
> >>
> >> tunnel
> >>
> >>> authentication to use the libsmbpw.o lib's (smbpasswd), then your
> >>
> >> system
> >>
> >>> appears to be vulnerable to the blank user/pass exploit mentioned in
> >>
> >> this
> >>
> >>> thread.
> >>>
> >>> 2) Those of you who are still using the chap-secrets file (no
> >>
> >> re-direct)
> >>
> >>> for tunnel authentication are NOT vulnerable to the blank user/pass
> >>
> >> exploit
> >>
> >>> mentioned in this thread. I just verified this on my PopTop server! I
> >>
> >> do
> >>
> >>> not use the re-direct to libsmbpw.o
> >>>
> >>> Steve Cowles
> >>> _______________________________________________
> >>> pptp-server maillist - pptp-server at lists.schulte.org
> >>> http://lists.schulte.org/mailman/listinfo/pptp-server
> >>> List services provided by www.schulteconsulting.com!
> >>
> >> _______________________________________________
> >> pptp-server maillist - pptp-server at lists.schulte.org
> >> http://lists.schulte.org/mailman/listinfo/pptp-server
> >> List services provided by www.schulteconsulting.com!
> >>
> >> ------------------------------------------------------------------------
> >> Name: smbpasswdauthfix.patch
> >> smbpasswdauthfix.patch Type: unspecified type (application/octet-stream)
> >> Encoding: quoted-printable
> >>
> >>
> >> ------------------------------------------------------------------------
> >>
> >> --- ppp-2.3.11/pppd/auth.c.org Mon Mar 5 12:19:41 2001
> >> +++ ppp-2.3.11/pppd/auth.c Mon Mar 5 12:31:54 2001
> >> @@ -1871,10 +1871,15 @@
> >> ) {
> >> memcpy(word, smbname, NTPASS);
> >> word[NTPASS]='\000';
> >> + break;
> >> }
> >>
> >> }
> >> endsmbpwent();
> >> + if (smb == NULL) {
> >> + warn("no secret in samba secret file %s", atfile);
> >> + continue;
> >> + }
> >> }
> >> #endif
> >> if (secret != NULL)
> >> blank_passwd_fix.diff
> >>
> >> Content-Type:
> >>
> >> text/plain
> >> Content-Encoding:
> >>
> >> 7bit
> >>
> >>
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list