[pptp-server] Smbpasswd repost readable form

godfrey at globe.net.nz godfrey at globe.net.nz
Mon Sep 17 16:02:53 CDT 2001 

I wrote one of the patches to the smbpasswd patch that solved the problem of blank
username/password.

For some people my patch has not worked unless there was another entry in chap-secrets.

Anyway I think I have found out why you require an additional entry in chap-secrets. When
I created the patch my chap-secrets had other entries and so it worked for me. At the time
it did not work for some other people but I could never figure out why (thanks Chen for
pointing out the need for the extra entry).

Explanation follows:

auth.c calls a procedure have_chap_secret to see whether or not we have a chap secret
suitable for authenticating.

At the time that it calls this procedure it may not know the user name of the client if it
does not know it sets client and/or server to NULL

if (client != NULL && client[0] == 0)
     client = NULL;
else if (server != NULL && server[0] == 0)
      server = NULL;

then it calls scan_authfile as follows

ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename);

This is a problem for the fixed samba password patch because there will be no user in
smbpasswd with username of NULL so scan_authfile returns that no suitable secret exists.
This was not a problem with the original smb patch because it mistakenly accepted an empty
(NULL) user.

Proposed solution: thoughts please

I will rewrite the smbpatch but have not done so as yet as I want to use smblib so that
hopefully in addition to checking smbpasswd you can check the password the client send
with a smb server (either Samba or NT/2000/XP).  This will also solve the problem with the
change of format of password file in Samba 2.2 as the library will know the format.

I am thinking of using @samba in chap-secrets to indicate that smb should be checked does
anyone have a preference for how the server to check against should be passed and or
whether smbpasswd should still be checked in case samba server is down and if so how the
location of this file should be passed.

Alternatively we could introduce smb smbsrv smbpasswd options to ppp. 

Until this is done to use my smb patch including the patch for 2.4 (available from
http://home.swbell.net/berzerke/pppsmb2.4.patch ) you need an additional valid entry in
chap-secrets.



Godfrey Livingstone

More information about the pptp-server mailing list