Public bug reported:
With the introduction to ppp-2.4.9; a new feature to enable EAP-MSCHAPv2
was added. To reproduce:
1) Install network-manager-sstp (pptp should work too)
2) Create a new connection to a SSTP server using Network-Manager-Applet
3) Connect
Connection failed, when you look closer the following output occur in
the logs.
nm-sstp[1490800] <info> pppd started with pid 1490814
Plugin /usr/lib/pppd/2.4.9/nm-sstp-pppd-plugin.so loaded.
using channel 67
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <callback CBCP> <mrru 1614> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfAck id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x85e48268]
rcvd [EAP Request id=0x0 Identity <No message>]
sent [EAP Response id=0x0 Identity <Name "test">]
rcvd [LCP EchoRep id=0x0 magic=0x17a85875]
rcvd [EAP Request id=0x1 MSCHAPv2 Challenge <*********>, <Name
"WIN-SUA9KBMR6PA">]
added response cache entry 0
sent [EAP Response id=0x1 MSCHAPv2 Response <*************>, <Name "SSTP">]
rcvd [EAP Request id=0x2 MSCHAPv2 Failure <Message "E=691 R=1
C=055D8FD22591786CA5AE9EC8798FFD4E V=3">...]
MS-CHAP authentication failed: E=691 Authentication failure
sent [EAP Response id=0x2 MSCHAPv2 Failure]
rcvd [LCP TermReq id=0x5 17 a8 58 75 00 3c cd 74 00 00 03 2c]
LCP terminated by peer (^WM-(Xu^@<M-Mt^@^@^C,)
sent [LCP TermAck id=0x5]
Script /sbin/sstpc 172.16.0.253 --cert-warn --tls-ext --nolaunchpppd
--log-level 5 --ipparam nm-sstp-service-1490800 --uuid
3d925cb0-6329-4582-9f56-83cd86a6eaf5 finished (pid 1490817), status = 0xff
Modem hangup
Notice the username which is supposed to be "SSTP-TEST\\test" only shows
up in the MSCHAPv2 response as "SSTP". The length of the name got
truncated (I believe to the same length as the EAP-IDENTITY response,
which in this case was 4 characters).
Patch is attached.
** Affects: ppp (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "eap-mschap-namelen-fix.patch"
https://bugs.launchpad.net/bugs/1958196/+attachment/5555054/+files/eap-mschap-namelen-fix.patch
** Description changed:
With the introduction to ppp-2.4.9; a new feature to enable EAP-MSCHAPv2
was added. To reproduce:
1) Install network-manager-sstp (pptp should work too)
2) Create a new connection to a SSTP server using Network-Manager-Applet
3) Connect
Connection failed, when you look closer the following output occur in
the logs.
-
nm-sstp[1490800] <info> pppd started with pid 1490814
Plugin /usr/lib/pppd/2.4.9/nm-sstp-pppd-plugin.so loaded.
using channel 67
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <callback CBCP> <mrru 1614> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfAck id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x85e48268]
rcvd [EAP Request id=0x0 Identity <No message>]
sent [EAP Response id=0x0 Identity <Name "test">]
rcvd [LCP EchoRep id=0x0 magic=0x17a85875]
- rcvd [EAP Request id=0x1 MSCHAPv2 Challenge
<33a45382fe483ab9d4aa52d1316c3517>, <Name "WIN-SUA9KBMR6PA">]
+ rcvd [EAP Request id=0x1 MSCHAPv2 Challenge <*********>, <Name
"WIN-SUA9KBMR6PA">]
added response cache entry 0
- sent [EAP Response id=0x1 MSCHAPv2 Response
<fe3b418ccfe18d2c32b84ed05ad66a8a0000000000000000bbba30f1778327a72222078b11c7792f2cc6903b235c3f1600>,
<Name "SSTP">]
+ sent [EAP Response id=0x1 MSCHAPv2 Response <*************>, <Name "SSTP">]
rcvd [EAP Request id=0x2 MSCHAPv2 Failure <Message "E=691 R=1
C=055D8FD22591786CA5AE9EC8798FFD4E V=3">...]
MS-CHAP authentication failed: E=691 Authentication failure
sent [EAP Response id=0x2 MSCHAPv2 Failure]
rcvd [LCP TermReq id=0x5 17 a8 58 75 00 3c cd 74 00 00 03 2c]
LCP terminated by peer (^WM-(Xu^@<M-Mt^@^@^C,)
sent [LCP TermAck id=0x5]
Script /sbin/sstpc 172.16.0.253 --cert-warn --tls-ext --nolaunchpppd
--log-level 5 --ipparam nm-sstp-service-1490800 --uuid
3d925cb0-6329-4582-9f56-83cd86a6eaf5 finished (pid 1490817), status = 0xff
Modem hangup
Notice the username which is supposed to be "SSTP-TEST\\test" only shows
up in the MSCHAPv2 response as "SSTP". The length of the name got
truncated (I believe to the same length as the EAP-IDENTITY response,
which in this case was 4 characters).
Patch is attached.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ppp in Ubuntu.
https://bugs.launchpad.net/bugs/1958196
Title:
EAP-MSCHAPv2 is busted
Status in ppp package in Ubuntu:
New
Bug description:
With the introduction to ppp-2.4.9; a new feature to enable EAP-
MSCHAPv2 was added. To reproduce:
1) Install network-manager-sstp (pptp should work too)
2) Create a new connection to a SSTP server using Network-Manager-Applet
3) Connect
Connection failed, when you look closer the following output occur in
the logs.
nm-sstp[1490800] <info> pppd started with pid 1490814
Plugin /usr/lib/pppd/2.4.9/nm-sstp-pppd-plugin.so loaded.
using channel 67
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <callback CBCP> <mrru 1614> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x85e48268> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP ConfAck id=0x1 <mru 4091> <auth eap> <magic 0x17a85875> <pcomp>
<accomp> <endpoint
[local:16.dc.45.82.30.e9.47.0c.80.5a.0a.57.b3.35.62.a4.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0x85e48268]
rcvd [EAP Request id=0x0 Identity <No message>]
sent [EAP Response id=0x0 Identity <Name "test">]
rcvd [LCP EchoRep id=0x0 magic=0x17a85875]
rcvd [EAP Request id=0x1 MSCHAPv2 Challenge <*********>, <Name
"WIN-SUA9KBMR6PA">]
added response cache entry 0
sent [EAP Response id=0x1 MSCHAPv2 Response <*************>, <Name "SSTP">]
rcvd [EAP Request id=0x2 MSCHAPv2 Failure <Message "E=691 R=1
C=055D8FD22591786CA5AE9EC8798FFD4E V=3">...]
MS-CHAP authentication failed: E=691 Authentication failure
sent [EAP Response id=0x2 MSCHAPv2 Failure]
rcvd [LCP TermReq id=0x5 17 a8 58 75 00 3c cd 74 00 00 03 2c]
LCP terminated by peer (^WM-(Xu^@<M-Mt^@^@^C,)
sent [LCP TermAck id=0x5]
Script /sbin/sstpc 172.16.0.253 --cert-warn --tls-ext --nolaunchpppd
--log-level 5 --ipparam nm-sstp-service-1490800 --uuid
3d925cb0-6329-4582-9f56-83cd86a6eaf5 finished (pid 1490817), status = 0xff
Modem hangup
Notice the username which is supposed to be "SSTP-TEST\\test" only
shows up in the MSCHAPv2 response as "SSTP". The length of the name
got truncated (I believe to the same length as the EAP-IDENTITY
response, which in this case was 4 characters).
Patch is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1958196/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
