[pptp-server] Smbpasswd

Godfrey Livingstone godfrey.livingstone at ajpark.co.nz
Mon Sep 17 15:54:24 CDT 2001 

___________________________________________________________
This e-mail is intended for the addressee only
and may contain privileged and/or confidential information
___________________________________________________________
I wrote one of the patches to the smbpasswd patch that solved the
problem of blank username/password.

For some people my patch has not worked unless there was another entry
in chap-secrets.

Anyway I think I have found out why you require an additional entry in
chap-secrets.
When I created the patch my chap-secrets had  other entries and so it
worked for me. At the time it did not work for some other people but I
could never figure out why (thanks Chen for pointing out the need for
the extra entry).

Explanation follows:

auth.c calls a procedure have_chap_secret to see whether or not we have
a chap secret suitable for authenticating.

At the time that it calls this procedure it may not know the user name
of the client if it does not know it sets 
client and/or server to NULL 

 if (client != NULL && client[0] == 0)
	client = NULL;
 else if (server != NULL && server[0] == 0)
	server = NULL;

then it calls scan_authfile as follows

 ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename);

this is a problem for the fixed samba password patch because there will
be no user in smbpasswd with username of NULL
so scan_authfile returns that no suitable secret exists. This was not a
problem with the original smb patch because it mistakenly accepted an
empty (NULL) user.

Proposed solution: thoughts please

I will rewrite the smbpatch but have not done so as yet as I want to use
smblib so that hopefully in addition to checking smbpasswd you can check
the password the client send with a smb server (either Samba or
NT/2000/XP).  This will also solve the problem with the change of format
of password file in Samba 2.2 as the library will know the format.

I am thinking of using @samba in chap-secrets to indicate that smb
should be checked does anyone have a preference for how the server to
check against should be passed and or whether smbpasswd should still be
checked in case samba server is down and if so how the location of this
file should be passed.
Alternatively we could introduce smb smbsrv smbpasswd options to ppp. 

Until this is done to use my smb patch including the patch for 2.4
(available from http://home.swbell.net/berzerke/pppsmb2.4.patch ) you
need an additional valid entry in chap-secrets.



Godfrey Livingstone


_____________________________________________
A J Park
Intellectual Property Lawyers and Consultants
Patent and Trade Mark Attorneys
New Zealand
www.ajpark.com
_____________________________________________

More information about the pptp-server mailing list