From owner-freebsd-ports Tue Jun 26 18: 0:23 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9245237B406 for ; Tue, 26 Jun 2001 18:00:13 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f5R10D894756; Tue, 26 Jun 2001 18:00:13 -0700 (PDT) (envelope-from gnats) Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by hub.freebsd.org (Postfix) with ESMTP id B236237B406; Tue, 26 Jun 2001 17:56:13 -0700 (PDT) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id KAA02631; Wed, 27 Jun 2001 10:56:11 +1000 (EST) (envelope-from gnb@itga.com.au) Received: from hellcat.itga.com.au (hellcat.itga.com.au [192.168.71.163]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id KAA21468; Wed, 27 Jun 2001 10:54:55 +1000 (EST) Received: (from gnb@localhost) by hellcat.itga.com.au (8.11.4/8.11.4) id f5R0sso18175; Wed, 27 Jun 2001 10:54:54 +1000 (EST) (envelope-from gnb) Message-Id: <200106270054.f5R0sso18175@hellcat.itga.com.au> Date: Wed, 27 Jun 2001 10:54:54 +1000 (EST) From: Gregory Bond To: FreeBSD-gnats-submit@freebsd.org Cc: ksb@fedex.com, obrien@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/28432: [patch] comms/conserver fails with MD5 passwords Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 28432 >Category: ports >Synopsis: [patch] comms/conserver fails with MD5 passwords >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 26 18:00:13 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Gregory Bond >Release: FreeBSD 4.3-STABLE i386 >Organization: ITG Australia Limited >Environment: System: FreeBSD hellcat.itga.com.au 4.3-STABLE FreeBSD 4.3-STABLE #21: Mon Jun 18 13:41:36 EST 2001 toor@hellcat.itga.com.au:/usr/obj/usr/src/sys/Hellcat i386 >Description: "What we have here is a failure to authenticate!" The conserver port normally requres a password to allow users to attach to a console. There is support in the original program for MD5 checksums under FreeBSD (which the port naturally enables), but this seems to have been written for older (2.2.x?) versions of FreeBSD when MD5 passwords took special handling in the application for dealing with MD5 $1$xxxxxx$ - style salts. Since a bit after the 4.1 release (I think; perhaps it was after the Great Crypto Upheaval of '00), MD5 passwords have been supported using the native crypt() function with no special application handling either needed or tolerated. So the current conserver port cannot authenticate against MD5 passwords when run on modern FreeBSD systems. >How-To-Repeat: Install conserver on a system with MD5 passwords for root. Attempt to connect using the console program in non-trusted mode. Note failure to authenticate. >Fix: Add the following patch to the ports framework. This patch disables the special handling of MD5 passwords on 4.x or greater systems. This may break early 4.0-ish systems but I don't know how to specify the version with more granularity, nor exactly when this stuff changed! [Port maintainer and conserver original author CC'd] --- etc/conserver/group.c.dist Tue Jun 26 17:35:12 2001 +++ etc/conserver/group.c Wed Jun 27 10:16:42 2001 @@ -196,6 +196,14 @@ * * $Id: group.c,v 8.6 2000/05/09 00:42:32 ksb Exp $ */ +#if defined(FREEBSD) && __FreeBSD__ >= 4 +static int +MD5CheckPass(pcPass, pcWord) + char *pcPass, *pcWord; +{ + return 0 == strcmp(pcPass, crypt(pcWord, pcPass)); +} +#else static int MD5CheckPass(pcPass, pcWord) char *pcPass, *pcWord; @@ -222,6 +230,7 @@ /* Don't hesitate; authenticate! */ return 0 == strcmp(pcPass, crypt(pcWord, acSalt)); } +#endif int CheckPass(pwd, pcEPass, pcWord) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message