[pptp-server] Patch blank password/username
Robert Dege
rcd at amherst.com
Wed Mar 7 10:14:36 CST 2001
Godfrey, I used pine to extract the patch from your email to the pptp
list. I then executed `patch -p0 < pptp.diff`. The patch was
successful. It didn't complain at all about the integration of the
code. Neither did the recompiling & installation.
But for the sake of curiousity, I'll try the other 2 sites you listed &
see what the results are. If the problem happens again, I'll even
include the logs for your viewing pleasure :)
Don't worry, I'll use lynx. I'm already aware of Netscape & it's
"attempt" to help me by gunzipping my files & corrupting them. Oh, how
convenient.
-Rob
Godfrey Livingstone wrote:
> Robert the patch works for me the fact that it does not work for you concerns me I have
> just tried it using win9x and it works I do not get the error messages if there is a
> match.
>
> Did you download it using netscape by chance as netscape mangles patches?
>
> Any way if you have time can you try using wget or lynx to get the patch from
>
> http://www.hattaway.co.nz/raidpatches/blank_passwd_fix.diff
>
> I have also created what I think is a better patch if you would like to try
>
> http://www.hattaway.co.nz/raidpatches/blank_passwd_fix2.diff
>
> this tidies up the while loop considerably and should be faster.
>
> Godfrey
>
> Robert Dege wrote:
>
>> Not sure if anybody tried this or not, but Livingstone's extra patch
>> doesn't work correctly. I couldn't logon using DUN whether I was
>> suppliying a user/passwd or not. PPP was acting as if my USER field was
>> always NULL. I kept getting an error message in the logs ("no secret in
>> samba secret file /etc/smbpasswd"). Once I replaced auth.c with the
>> original & recompiled, everything worked great.
>>
>> I tried using Justin's patch with my Win98 Laptop, and everything worked
>> as expected.
>>
>> user/pass --> access
>> blank/pass --> deny
>> blank/blank --> deny
>> user/blank --> deny
>>
>> Great job!
>>
>> -Rob
>>
>> Godfrey Livingstone wrote:
>>
>>> Justin your patch does work but the attached patch is tidier as soon as a match is
>>> found in smbpasswd then the while loop exits this also saves time if smbpasswd is
>>> large.
>>>
>>> I then check to see if smb == NULL if so then there is no match in smbpasswd file
>>> so skip to the next line of chap-secrets. No need to make up a secret which my
>>> potentially match ( I know the chance of that is very very small).
>>>
>>> Godfrey
>>>
>>> Justin Kreger wrote:
>>>
>>>> In short, Diffrent means of authentication. It may use the password file,
>>>> but it does not interact with samba's daemon processes.
>>>>
>>>> As for fixing this problem, I have written a patch.
>>>>
>>>> It fixes the two problems, the blank login/password problem, and the
>>>> unknown user/blankpassword problem.
>>>>
>>>> Please TEST this ASAP with win9x, Both my win9x boxen think that they should
>>>> be only talking in CHAP, not MSCHAP, and I can't seem to find msdun128.exe
>>>> to fix it.
>>>>
>>>> (This patch was tested on linux 2.2.16, with ppp-2.3.11, and tested with
>>>> Windows NT Server 4, Service Pack 6)
>>>>
>>>> -Justin Kreger, MCP MCSE
>>>>
>>>> -----Original Message-----
>>>> From: robert
>>>> To: Cowles, Steve; pptp-server at lists.schulte.org
>>>> Sent: 3/2/01 9:24 PM
>>>> Subject: Re: [pptp-server] Yes, blank username/password works!
>>>>
>>>> I'm wondering if anyone has considered that if you have a good guest
>>>> account
>>>> for samba, then samba will use that if a bad username/password is sent.
>>>>
>>>> Blank would definately count as bad. I use blank password to list
>>>> shares,
>>>> i.e. smbclient -L somemachine and just hit enter when asked for a
>>>> password.
>>>> Logs show guest account is used and I do get the listing. Could someone
>>>>
>>>> having this problem try disabling the guest account and seeing if the
>>>> problem
>>>> goes away?
>>>>
>>>> On Friday 02 March 2001 11:19, Cowles, Steve wrote:
>>>>
>>>>>> -----Original Message-----
>>>>>> From: Dread Boy [mailto:dreadboy at hotmail.com]
>>>>>> Sent: Friday, March 02, 2001 1:37 AM
>>>>>> To: pptp-server at lists.schulte.org; vgill at technologist.com
>>>>>> Subject: RE: [pptp-server] Yes, blank username/password works!
>>>>>>
>>>>>>
>>>>>> Yeah, and on top of all this it doesn't seem to matter what I
>>>>>> log in as, my username and password don't get carried over to
>>>>>> SAMBA for authenticating with server shares.
>>>>>
>>>>> Lets make sure we are comparing apples to apples here. The
>>>>> username/password that you specify in your windows PPTP dialup profile
>>>>
>>>> has
>>>>
>>>>> NEVER been carried over for share access. Please keep the following in
>>>>> mind...
>>>>>
>>>>> 1) The PPTP tunnel uses the user/pass specified in your PPTP dialup
>>>>
>>>> profile
>>>>
>>>>> to authenticate the tunnel connection ONLY.
>>>>>
>>>>> 2) Share access uses the user/pass that you specified when you turned
>>>>
>>>> on
>>>>
>>>>> your PC and logged in to get to your desktop. FWIW: This same
>>>>
>>>> user/pass can
>>>>
>>>>> be specified in your PPTP dialup profile to be used to authenticate
>>>>
>>>> the
>>>>
>>>>> PPTP tunnel.
>>>>>
>>>>>> i.e. Whether I use a valid username/password or the blank, I
>>>>>> still can not access resources (or possibly ACLs) on the
>>>>>> servers even with valid usernames. On my local LAN it's no
>>>>>> problem, but remotely, it doesn't seem to know who I am while
>>>>>> I'm logged on.
>>>>>>
>>>>>> For example, when I click a share locally on my SAMBA server,
>>>>>> I can get into it and have certain rights based on my username/
>>>>>> password. I don't even have to think about it. "security =
>>>>>> user" in /etc/smb.conf. However, when I log in remotely with
>>>>>> Windoze using my PPTPD Linux server, when I even try to access
>>>>>> the server itself (let alone the share) it keeps asking me for
>>>>>> the IPC$ administration password as if it was an NT server.
>>>>>> It doesn't matter what I enter here, I can't get any farther.
>>>>>
>>>>> From the samba docs...
>>>>>
>>>>> Some people find browsing fails because they don't have the global
>>>>> "guest account" set to a valid account. Remember that the IPC$
>>>>> connection that lists the shares is done as guest, and thus you must
>>>>> have a valid guest account.
>>>>> ----------------------------
>>>>>
>>>>> Also, is the PPTP clients WORKGROUP participation set to match what
>>>>
>>>> the
>>>>
>>>>> clients on the LAN are configured to?
>>>>>
>>>>>> Does PPTPD know my SMB username but not my password, or vice
>>>>>> versa? I thought maybe because it was encrypted using
>>>>>> libsmbpw.so that maybe it couldn't figure it out, but then
>>>>>> using chap-secrets plain-text passwords don't cut it either.
>>>>>>
>>>>>> Anyone know what this is all about?
>>>>>>
>>>>>> Geez, I thought this whole PPTPD Linux server was gonna be at
>>>>>> least a weekend of work, but it's turning out to be months
>>>>>> worth of work.
>>>>>
>>>>> With regards to the "subject" line of this thread... lets make sure we
>>>>
>>>> are
>>>>
>>>>> comparing apples to apples here. I'd hate to see PopTop/PPPD get the
>>>>> reputation of being insecure without the following clarification being
>>>>> noted.
>>>>>
>>>>> 1) If you have configured your PopTop/PPPD system to re-direct PPTP
>>>>
>>>> tunnel
>>>>
>>>>> authentication to use the libsmbpw.o lib's (smbpasswd), then your
>>>>
>>>> system
>>>>
>>>>> appears to be vulnerable to the blank user/pass exploit mentioned in
>>>>
>>>> this
>>>>
>>>>> thread.
>>>>>
>>>>> 2) Those of you who are still using the chap-secrets file (no
>>>>
>>>> re-direct)
>>>>
>>>>> for tunnel authentication are NOT vulnerable to the blank user/pass
>>>>
>>>> exploit
>>>>
>>>>> mentioned in this thread. I just verified this on my PopTop server! I
>>>>
>>>> do
>>>>
>>>>> not use the re-direct to libsmbpw.o
>>>>>
>>>>> Steve Cowles
>>>>> _______________________________________________
>>>>> pptp-server maillist - pptp-server at lists.schulte.org
>>>>> http://lists.schulte.org/mailman/listinfo/pptp-server
>>>>> List services provided by www.schulteconsulting.com!
>>>>
>>>> _______________________________________________
>>>> pptp-server maillist - pptp-server at lists.schulte.org
>>>> http://lists.schulte.org/mailman/listinfo/pptp-server
>>>> List services provided by www.schulteconsulting.com!
>>>>
>>>> ------------------------------------------------------------------------
>>>> Name: smbpasswdauthfix.patch
>>>> smbpasswdauthfix.patch Type: unspecified type (application/octet-stream)
>>>> Encoding: quoted-printable
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --- ppp-2.3.11/pppd/auth.c.org Mon Mar 5 12:19:41 2001
>>>> +++ ppp-2.3.11/pppd/auth.c Mon Mar 5 12:31:54 2001
>>>> @@ -1871,10 +1871,15 @@
>>>> ) {
>>>> memcpy(word, smbname, NTPASS);
>>>> word[NTPASS]='\000';
>>>> + break;
>>>> }
>>>>
>>>> }
>>>> endsmbpwent();
>>>> + if (smb == NULL) {
>>>> + warn("no secret in samba secret file %s", atfile);
>>>> + continue;
>>>> + }
>>>> }
>>>> #endif
>>>> if (secret != NULL)
>>>> blank_passwd_fix.diff
>>>>
>>>> Content-Type:
>>>>
>>>> text/plain
>>>> Content-Encoding:
>>>>
>>>> 7bit
>>>>
>>>>
>> _______________________________________________
>> pptp-server maillist - pptp-server at lists.schulte.org
>> http://lists.schulte.org/mailman/listinfo/pptp-server
>> List services provided by www.schulteconsulting.com!
>
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>
>
>
More information about the pptp-server
mailing list