get_secret() in auth.c has this code:
...
} else if (!am_server && chap_passwd_hook) {
if ( (*chap_passwd_hook)(client, secbuf) < 0) {
error("Unable to obtain CHAP password for %s on %s from plugin",
client, server);
return 0;
}
} else {
...
I'm curious as to the reason for not enabling the hook to be used when
pppd is running in server mode. When authenticating PPTP connections using
MSCHAPv2, it would be useful to read NT hashes from smbpasswd or from
ldap. The current hook structure doesn't facilitate that, however, and as
a result, a number of plugin authors have duplicated large parts of
chap_ms.c in their plugin's chap_verify function.
The only plugin I've found which implements a chap_passwd_hook function is
passwordfd, and I doubt that that would ever be used in server mode.
Would anyone object to this patch?
--- ppp-2.4.4.orig/pppd/auth.c 2006-06-18 07:26:00.000000000 -0400
+++ ppp-2.4.4/pppd/auth.c 2006-11-21 19:12:25.000000000 -0500
@@ -1938,7 +1938,7 @@
if (!am_server && passwd[0] != 0) {
strlcpy(secbuf, passwd, sizeof(secbuf));
- } else if (!am_server && chap_passwd_hook) {
+ } else if (chap_passwd_hook) {
if ( (*chap_passwd_hook)(client, secbuf) < 0) {
error("Unable to obtain CHAP password for %s on %s from plugin",
client, server);
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
