From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Date: Fri, 30 Mar 2012 18:24:52 +0300 Message-ID: From: Yaroslav To: 9fans@9fans.net Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [9fans] nfactotum: mschap fix Topicbox-Message-UUID: 72828d5c-ead7-11e9-9d60-3106f5b1d025 Forwarding it to the list so people don't bother to debug themselves. It's tested with cifs and a local change which enables upas/fs to do IMAP with NTLM auth. ---------- Forwarded message ---------- From: Yaroslav Date: 2012/3/30 Subject: Re: [9fans] SSHv2 To: erik quanstrom 2012/3/30 erik quanstrom : > On Fri Mar 30 09:48:50 EDT 2012, yarikos@gmail.com wrote: >> 2012/3/30 erik quanstrom : >> > what's the basis for this claim? =C2=A0it might be broken, since we do= n't use it >> > much, but it's not missing. >> >> Yes, sorry, I've meant it's broken; details follow. > > try pulling a new copy. > > - erik There are phases mismatch between factotum's chapconv() and libauth's auth_respond(). I've checked plan9port - it has identical problem. Patch which fixes it follows: term% diff -c /n/sources/contrib/quanstro/root/sys/src/cmd/auth/factotum/ch= ap.c /sys/src/cmd/auth/factotum/chap.c /n/sources/contrib/quanstro/root/sys/src/cmd/auth/factotum/chap.c:120,125 - /sys/src/cmd/auth/factotum/chap.c:120,126 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D -1; =C2=A0 =C2=A0 =C2=A0 =C2=A0chal =3D nil; + =C2=A0 =C2=A0 =C2=A0 res =3D nil; =C2=A0 =C2=A0 =C2=A0 =C2=A0k =3D nil; =C2=A0 =C2=A0 =C2=A0 =C2=A0attr =3D c->attr; /n/sources/contrib/quanstro/root/sys/src/cmd/auth/factotum/chap.c:153,166 - /sys/src/cmd/auth/factotum/chap.c:154,163 =C2=A0 =C2=A0 =C2=A0 =C2=A0c->state =3D "read challenge"; =C2=A0 =C2=A0 =C2=A0 =C2=A0if((nchal =3D convreadm(c, (char**)(void*)&chal)= ) < 0) =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto out; - =C2=A0 =C2=A0 =C2=A0 if(astype =3D=3D AuthMSchap && nchal !=3D MSchallen) - =C2=A0 =C2=A0 =C2=A0 c->state =3D "write user"; =C2=A0 =C2=A0 =C2=A0 =C2=A0if((user =3D strfindattr(k->attr, "user")) =3D= =3D nil){ =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0werrstr("key has no = user (cannot happen?)"); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto out; =C2=A0 =C2=A0 =C2=A0 =C2=A0} - =C2=A0 =C2=A0 =C2=A0 if(convprint(c, "%s", user) < 0) - =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 goto out; =C2=A0 =C2=A0 =C2=A0 =C2=A0c->state =3D "write response"; =C2=A0 =C2=A0 =C2=A0 =C2=A0if((pw =3D strfindattr(k->privattr, "!password")= ) =3D=3D nil){ --=20 - Yaroslav