Date: Sat, 27 Jun 1998 16:02:27 +0100 From: Brian Somers <brian@Awfulhak.org> To: ishida@ddt.co.jp Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: /usr/sbin/ppp problem on 2.2.6-RELEASE Message-ID: <199806271502.QAA04457@awfulhak.org> In-Reply-To: Your message of "Tue, 14 Apr 1998 18:19:15 %2B0900." <199804140919.SAA00561@rei.int.ddt.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
I've looked at your report, and have no problems with the patches,
but I don't think ppp should authenticate a user ID unless it is
being run as root.... if it does, it's a security risk as it's
partially defeating the permissions on /etc/spwd.db.
The only time this functionality is required is if you're
authenticating twice - which reflects a bad configuration IMHO. If
you wish to use PAP, you should use the ``pp='' mechanism of
/etc/gettydefs so that the user is authenticating only once. If you
want users to log in, then have them use their own accounts and don't
use PAP.
> I found a problem on ppp, happened when you execute /usr/sbin/ppp as
> non-root, authenticate with PAP. OS version is 2.2.6-RELEASE.
>
> The PAP authenticate code can NOT get user's password, because its
> effective user ID(E-UID) isn't 0(root). PPP sets EUID to UID
> (real-UID) on some point after it started. The code gets '*' as
> password instead of crypted string.
>
> Here, you can re-create the problem.
>
> 1. Create a special account(ppp) for invoke /usr/sbin/ppp.
> This account doesn't have password.
>
> Ex. ppp::69:69::0:0:PPP:/tmp:/etc/ppp/ppp-pap-dialup
>
> The login-shell "ppp-pap-dialup" is come from FreeBSD-Handbook,
> which executes /usr/sbin/ppp with PAP authentication.
>
> 2. Setup PPP client to transmit "ppp^M" after got "login:" and do PAP
> authentication. Give your account and password to PPP client, then try
> to connect. PPP server doesn't allow you to connect.
> Your account must be on the local passwd database to re-create this
> problem. If your account is on NIS, PPP can get a password, no problem
> occurred.
>
> I made a patch to fix this problem.
> Hoping this helps you....
>
> Regards,
>
> Akiya ISHIDA / ishida@ddt.co.jp
> Digital Derivative Technologies Japan Inc.
>
> ============================
> *** pap.c- Thu Feb 19 11:10:50 1998
> --- pap.c Tue Apr 14 17:50:55 1998
> ***************
> *** 25,31 ****
> #include <sys/param.h>
> #include <netinet/in.h>
>
> - #include <pwd.h>
> #include <stdio.h>
> #include <string.h>
> #include <time.h>
> --- 25,30 ----
> ***************
> *** 130,142 ****
>
> #ifndef NOPASSWDAUTH
> if (Enabled(ConfPasswdAuth)) {
> ! struct passwd *pwd;
> int result;
>
> LogPrintf(LogLCP, "Using PasswdAuth\n");
> ! result = (pwd = getpwnam(name)) &&
> ! !strcmp(crypt(key, pwd->pw_passwd), pwd->pw_passwd);
> ! endpwent();
> return result;
> }
> #endif
> --- 129,140 ----
>
> #ifndef NOPASSWDAUTH
> if (Enabled(ConfPasswdAuth)) {
> ! char *passwd;
> int result;
>
> LogPrintf(LogLCP, "Using PasswdAuth\n");
> ! result = (passwd = ID0getpasswd(name)) &&
> ! !strcmp(crypt(key, passwd), passwd);
> return result;
> }
> #endif
> *** id.h- Thu Feb 19 11:10:45 1998
> --- id.h Tue Apr 14 15:16:49 1998
> ***************
> *** 40,42 ****
> --- 40,43 ----
> extern int ID0uu_unlock(const char *);
> extern void ID0login(struct utmp *);
> extern void ID0logout(const char *);
> + extern char *ID0getpasswd(const char *);
> *** id.c- Thu Feb 19 11:10:43 1998
> --- id.c Tue Apr 14 15:22:27 1998
> ***************
> *** 210,212 ****
> --- 210,227 ----
> LogPrintf(LogERROR, "ID0logout: No longer logged in on %s\n", ut.ut_line);
> ID0setuser();
> }
> +
> + #include <pwd.h>
> +
> + char *ID0getpasswd(const char *name)
> + {
> + static char passwd[50];
> + struct passwd *pwd;
> +
> + ID0set0();
> + if ((pwd = getpwnam(name))==NULL) return NULL;
> + strcpy(passwd, pwd->pw_passwd);
> + endpwent();
> + ID0setuser();
> + return passwd;
> + }
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806271502.QAA04457>