From nobody@FreeBSD.org  Mon Feb  4 03:23:39 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8527637B41B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Feb 2002 03:23:37 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g14BNbI60065;
	Mon, 4 Feb 2002 03:23:37 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200202041123.g14BNbI60065@freefall.freebsd.org>
Date: Mon, 4 Feb 2002 03:23:37 -0800 (PST)
From: Dmitriy Reka <dima@sinsoft.com.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: incorrect PAP authorization in pppd
X-Send-Pr-Version: www-1.0

>Number:         34607
>Category:       i386
>Synopsis:       incorrect PAP authorization in pppd
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 04 03:30:00 PST 2002
>Closed-Date:    Tue Mar 12 00:56:46 PST 2002
>Last-Modified:  Tue Mar 12 00:57:41 PST 2002
>Originator:     Dmitriy Reka
>Release:        4.4-STABLE
>Organization:
>Environment:
FreeBSD gw.sif.sumy.ua 4.4-STABLE FreeBSD 4.4-STABLE #0: Tue Nov  6 18:09:22 EET 2001 dima@gw.sif.sumy.ua:/usr/src/sys/compile/SIF  i386
>Description:
I`m trying to connect using Windows ppp client. I`m entering correct username and password, but receive "Login incorrect".
pppd output contains:
"PAP authentication failure for dima"

>How-To-Repeat:
I`m run pppd with switches:
pppd 57600 ttyd1 10.119.1.1:10.119.1.2 auth login debug kdebug 1 refuse-chap require-pap
/etc/ppp/ppp-secrets contains:
dima * test 10.119.1.2

>Fix:
in the file /usr/src/usr.sbin/pppd/auth.c:
lines 679-682 contains:
if (scan_authfile(f, user, our_name, remote,                      
                  secret, &addrs, filename) < 0
    || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
        && strcmp(crypt(passwd, secret), secret) != 0)) {
it must be changed to:
if ((scan_authfile(f, user, our_name, remote,                      
                  secret, &addrs, filename) < 0)
    || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
        && strcmp(crypt(passwd, secret), secret) != 0)) {

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->peter 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Mon Feb 4 07:14:49 PST 2002 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34607 

From: Maxim Konovalov <maxim@macomnet.ru>
To: Dmitriy Reka <dima@sinsoft.com.ua>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: i386/34607: incorrect PAP authorization in pppd
Date: Thu, 28 Feb 2002 13:56:01 +0300 (MSK)

 Could you please try the patch below:
 
 Index: auth.c
 ===================================================================
 RCS file: /home/ncvs/src/usr.sbin/pppd/auth.c,v
 retrieving revision 1.25
 diff -u -r1.25 auth.c
 --- auth.c	2000/12/09 09:35:51	1.25
 +++ auth.c	2002/02/28 10:51:55
 @@ -676,11 +676,17 @@
  	check_access(f, filename);
  	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
  	if (scan_authfile(f, user, our_name, remote,
 -			  secret, &addrs, filename) < 0
 -	    || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
 -		&& strcmp(crypt(passwd, secret), secret) != 0)) {
 -	    syslog(LOG_WARNING, "PAP authentication failure for %s", user);
 -	    ret = UPAP_AUTHNAK;
 +	    secret, &addrs, filename) < 0) {
 +		warn("no PAP secret found for %s", user);
 +	} else {
 +	    if (secret[0] != 0) {
 +		/* password given in pap-secrets - must match */
 +		if ((cryptpap || strcmp(passwd, secret) != 0)
 +		    && strcmp(crypt(passwd, secret), secret) != 0) {
 +			ret = UPAP_AUTHNAK;
 +			warn("PAP authentication failure for %s", user);
 +		}
 +	    }
  	}
  	fclose(f);
      }
 
 -- 
 Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer
 phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru
 
State-Changed-From-To: open->analyzed 
State-Changed-By: maxim 
State-Changed-When: Tue Mar 5 02:51:07 PST 2002 
State-Changed-Why:  
The fix committed to -current. 


Responsible-Changed-From-To: peter->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Tue Mar 5 02:51:07 PST 2002 
Responsible-Changed-Why:  
Remind me to MFC the fix. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34607 
State-Changed-From-To: analyzed->closed 
State-Changed-By: maxim 
State-Changed-When: Tue Mar 12 00:56:46 PST 2002 
State-Changed-Why:  
The fix committed to -current and -stable. Thank you! 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34607 
>Unformatted:
