From owner-freebsd-bugs Sat Jun 27 08:04:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA20118 for freebsd-bugs-outgoing; Sat, 27 Jun 1998 08:04:26 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA20112 for ; Sat, 27 Jun 1998 08:04:02 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.org (8.8.8/8.8.8) with ESMTP id QAA04457; Sat, 27 Jun 1998 16:02:28 +0100 (BST) (envelope-from brian@gate.lan.awfulhak.org) Message-Id: <199806271502.QAA04457@awfulhak.org> X-Mailer: exmh version 2.0.1 12/23/97 To: ishida@ddt.co.jp cc: freebsd-bugs@FreeBSD.ORG Subject: Re: /usr/sbin/ppp problem on 2.2.6-RELEASE In-reply-to: Your message of "Tue, 14 Apr 1998 18:19:15 +0900." <199804140919.SAA00561@rei.int.ddt.co.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 27 Jun 1998 16:02:27 +0100 From: Brian Somers Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've looked at your report, and have no problems with the patches, but I don't think ppp should authenticate a user ID unless it is being run as root.... if it does, it's a security risk as it's partially defeating the permissions on /etc/spwd.db. The only time this functionality is required is if you're authenticating twice - which reflects a bad configuration IMHO. If you wish to use PAP, you should use the ``pp='' mechanism of /etc/gettydefs so that the user is authenticating only once. If you want users to log in, then have them use their own accounts and don't use PAP. > I found a problem on ppp, happened when you execute /usr/sbin/ppp as > non-root, authenticate with PAP. OS version is 2.2.6-RELEASE. > > The PAP authenticate code can NOT get user's password, because its > effective user ID(E-UID) isn't 0(root). PPP sets EUID to UID > (real-UID) on some point after it started. The code gets '*' as > password instead of crypted string. > > Here, you can re-create the problem. > > 1. Create a special account(ppp) for invoke /usr/sbin/ppp. > This account doesn't have password. > > Ex. ppp::69:69::0:0:PPP:/tmp:/etc/ppp/ppp-pap-dialup > > The login-shell "ppp-pap-dialup" is come from FreeBSD-Handbook, > which executes /usr/sbin/ppp with PAP authentication. > > 2. Setup PPP client to transmit "ppp^M" after got "login:" and do PAP > authentication. Give your account and password to PPP client, then try > to connect. PPP server doesn't allow you to connect. > Your account must be on the local passwd database to re-create this > problem. If your account is on NIS, PPP can get a password, no problem > occurred. > > I made a patch to fix this problem. > Hoping this helps you.... > > Regards, > > Akiya ISHIDA / ishida@ddt.co.jp > Digital Derivative Technologies Japan Inc. > > ============================ > *** pap.c- Thu Feb 19 11:10:50 1998 > --- pap.c Tue Apr 14 17:50:55 1998 > *************** > *** 25,31 **** > #include > #include > > - #include > #include > #include > #include > --- 25,30 ---- > *************** > *** 130,142 **** > > #ifndef NOPASSWDAUTH > if (Enabled(ConfPasswdAuth)) { > ! struct passwd *pwd; > int result; > > LogPrintf(LogLCP, "Using PasswdAuth\n"); > ! result = (pwd = getpwnam(name)) && > ! !strcmp(crypt(key, pwd->pw_passwd), pwd->pw_passwd); > ! endpwent(); > return result; > } > #endif > --- 129,140 ---- > > #ifndef NOPASSWDAUTH > if (Enabled(ConfPasswdAuth)) { > ! char *passwd; > int result; > > LogPrintf(LogLCP, "Using PasswdAuth\n"); > ! result = (passwd = ID0getpasswd(name)) && > ! !strcmp(crypt(key, passwd), passwd); > return result; > } > #endif > *** id.h- Thu Feb 19 11:10:45 1998 > --- id.h Tue Apr 14 15:16:49 1998 > *************** > *** 40,42 **** > --- 40,43 ---- > extern int ID0uu_unlock(const char *); > extern void ID0login(struct utmp *); > extern void ID0logout(const char *); > + extern char *ID0getpasswd(const char *); > *** id.c- Thu Feb 19 11:10:43 1998 > --- id.c Tue Apr 14 15:22:27 1998 > *************** > *** 210,212 **** > --- 210,227 ---- > LogPrintf(LogERROR, "ID0logout: No longer logged in on %s\n", ut.ut_line); > ID0setuser(); > } > + > + #include > + > + char *ID0getpasswd(const char *name) > + { > + static char passwd[50]; > + struct passwd *pwd; > + > + ID0set0(); > + if ((pwd = getpwnam(name))==NULL) return NULL; > + strcpy(passwd, pwd->pw_passwd); > + endpwent(); > + ID0setuser(); > + return passwd; > + } -- Brian , , Don't _EVER_ lose your sense of humour.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message