NetBSD Problem Report #51464
From www@NetBSD.org Fri Sep 9 09:39:16 2016
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id A10EA7A16F
for <gnats-bugs@gnats.NetBSD.org>; Fri, 9 Sep 2016 09:39:16 +0000 (UTC)
Message-Id: <20160909093915.4C2F87A289@mollari.NetBSD.org>
Date: Fri, 9 Sep 2016 09:39:15 +0000 (UTC)
From: s-yamaguchi@iij.ad.jp
Reply-To: s-yamaguchi@iij.ad.jp
To: gnats-bugs@NetBSD.org
Subject: chap authenticator of pppoe does not work
X-Send-Pr-Version: www-1.0
>Number: 51464
>Category: kern
>Synopsis: chap authenticator of pppoe does not work
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Sep 09 09:40:01 +0000 2016
>Closed-Date: Fri Mar 31 08:36:31 +0000 2023
>Last-Modified: Fri Mar 31 08:36:31 +0000 2023
>Originator: Shoichi YAMAGUCHI
>Release: 7.99.33
>Organization:
>Environment:
NetBSD s-ymgch-NetBSD-current 7.99.33 NetBSD 7.99.33 (NETMPSAFE) #6: Fri Jul 22 15:38:03 JST 2016 s-yamaguchi@s-ymgch-NetBSD-current:/src/netbsd-src_host/work.host/obj/sys/arch/amd64/compile/NETMPSAFE amd64
>Description:
Chap authenticator uses hisauthproto, hisauthname and hisauthsecret to authenticate remote host. But PPPoE interface does not send challenge message to a remote host even if the parameters is configured.
Because Chap authenticator checks myauth.proto that is used for peer configuration.
>How-To-Repeat:
Two hosts are used to repeat the problem
(1) Setup PPPoE server as chap authenticator
server% ifconfig pppoe0 create
server% ifconfig pppoe0 inet 10.3.3.1 10.3.3.3 down
server% ifconfig pppoe0 link0
server% pppoectl -e wm0 pppoe0
server% pppoectl pppoe0 hisauthproto=chap 'hisauthname=foobar@baz.com' 'hisauthsecret=oink' myauthproto=none
server% ifconfig pppoe0 up
(2) Start tcpdump
server% tcpdump -i wm0 -n
(3) Setup PPPoE client
client% ifconfig pppoe0 create
client% ifconfig pppoe0 inet 0.0.0.0 0.0.0.1 down
client% pppoectl -e wm0 pppoe0
client% pppoectl pppoe0 myauthproto=chap 'myauthname=foobar@baz.com' 'myauthsecret=oink' hisauthproto=none
client% ifconfig pppoe0
(4) wait a minute, server does not send the packet
>Fix:
Please apply following patch
=======================================
index 88bec9f..e808124 100644
--- sys/net/if_spppsubr.c
+++ sys/net/if_spppsubr.c
@@ -4054,20 +4054,20 @@ sppp_chap_input(struct sppp *sp, struct mbuf *m)
sppp_print_bytes(value, value_len);
addlog(">\n");
}
- if (value_len != sizeof(sp->myauth.challenge)) {
+ if (value_len != sizeof(sp->hisauth.challenge)) {
if (debug)
log(LOG_DEBUG,
"%s: chap bad hash value length: "
"%d bytes, should be %ld\n",
ifp->if_xname, value_len,
- (long) sizeof(sp->myauth.challenge));
+ (long) sizeof(sp->hisauth.challenge));
goto chap_failure;
}
MD5Init(&ctx);
MD5Update(&ctx, &h->ident, 1);
MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len);
- MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge));
+ MD5Update(&ctx, sp->hisauth.challenge, sizeof(sp->hisauth.challenge));
MD5Final(digest, &ctx);
#define FAILMSG "Failed..."
@@ -4130,7 +4130,7 @@ sppp_chap_init(struct sppp *sp)
static void
sppp_chap_open(struct sppp *sp)
{
- if (sp->myauth.proto == PPP_CHAP &&
+ if (sp->hisauth.proto == PPP_CHAP &&
(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
/* we are authenticator for CHAP, start it */
chap.scr(sp);
@@ -4265,24 +4265,22 @@ sppp_chap_scr(struct sppp *sp)
uint32_t *ch;
u_char clen = 4 * sizeof(uint32_t);
- if (sp->myauth.name == NULL) {
+ if (sp->hisauth.name == NULL) {
/* can't do anything useful */
- printf("%s: chap starting without my name being set\n",
+ printf("%s: chap starting without his name being set\n",
sp->pp_if.if_xname);
return;
}
/* Compute random challenge. */
- ch = (uint32_t *)sp->myauth.challenge;
+ ch = (uint32_t *)sp->hisauth.challenge;
cprng_strong(kern_cprng, ch, clen, 0);
sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
sizeof clen, (const char *)&clen,
- sizeof(sp->myauth.challenge), sp->myauth.challenge,
- sp->myauth.name_len,
- sp->myauth.name,
+ sizeof(sp->hisauth.challenge), sp->hisauth.challenge,
0);
}
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51464 CVS commit: src/sys/net
Date: Fri, 9 Sep 2016 08:41:14 -0400
Module Name: src
Committed By: christos
Date: Fri Sep 9 12:41:14 UTC 2016
Modified Files:
src/sys/net: if_spppsubr.c
Log Message:
PR/51464: Shoichi YAMAGUCHI: chap authenticator of pppoe does not work
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 src/sys/net/if_spppsubr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->needs-pullups
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Fri, 09 Sep 2016 16:11:41 +0000
State-Changed-Why:
should get into -7
From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
gnats-admin@netbsd.org, dholland@NetBSD.org, s-yamaguchi@iij.ad.jp
Cc:
Subject: Re: kern/51464 (chap authenticator of pppoe does not work)
Date: Mon, 12 Sep 2016 08:01:27 +0900
It should also pullup to netbsd6-*.
On 2016/09/10 1:11, dholland@NetBSD.org wrote:
> Synopsis: chap authenticator of pppoe does not work
>
> State-Changed-From-To: open->needs-pullups
> State-Changed-By: dholland@NetBSD.org
> State-Changed-When: Fri, 09 Sep 2016 16:11:41 +0000
> State-Changed-Why:
> should get into -7
--
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.
Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit
Kengo NAKAHARA <k-nakahara@iij.ad.jp>
From: christos@zoulas.com (Christos Zoulas)
To: Kengo NAKAHARA <k-nakahara@iij.ad.jp>, gnats-bugs@NetBSD.org,
kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
gnats-admin@netbsd.org, dholland@NetBSD.org, s-yamaguchi@iij.ad.jp
Cc:
Subject: Re: kern/51464 (chap authenticator of pppoe does not work)
Date: Mon, 12 Sep 2016 07:47:52 -0400
On Sep 12, 8:01am, k-nakahara@iij.ad.jp (Kengo NAKAHARA) wrote:
-- Subject: Re: kern/51464 (chap authenticator of pppoe does not work)
| It should also pullup to netbsd6-*.
Let's make the unit-test work first.
christos
|
| On 2016/09/10 1:11, dholland@NetBSD.org wrote:
| > Synopsis: chap authenticator of pppoe does not work
| >
| > State-Changed-From-To: open->needs-pullups
| > State-Changed-By: dholland@NetBSD.org
| > State-Changed-When: Fri, 09 Sep 2016 16:11:41 +0000
| > State-Changed-Why:
| > should get into -7
|
| --
| //////////////////////////////////////////////////////////////////////
| Internet Initiative Japan Inc.
|
| Device Engineering Section,
| IoT Platform Development Department,
| Network Division,
| Technology Unit
|
| Kengo NAKAHARA <k-nakahara@iij.ad.jp>
-- End of excerpt from Kengo NAKAHARA
State-Changed-From-To: needs-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Fri, 31 Mar 2023 08:36:31 +0000
State-Changed-Why:
netbsd-6 and netbsd-7 are EOL, no pullups needed any more
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.