Bug 29185 - ddclient.conf contains error causing router to block login access
Summary: ddclient.conf contains error causing router to block login access
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-28 18:02 CEST by Pierre Fortin
Modified: 2021-06-30 16:05 CEST (History)
2 users (show)

See Also:
Source RPM: ddclient-3.9.1-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Fortin 2021-06-28 18:02:59 CEST 
Description of problem:
For a few years, I've been randomly trying to figure out why my router locks me out for minutes at a time. Having to replace MANY devices recently destroyed by lightning, I've finally been forced to track this issue down -- to a COMMA (,) from quite a while ago (2017):
$ ll /etc/ddclient/ddclient.conf
-rw------- 1 ddclient ddclient 6774 Dec 19  2017 /etc/ddclient/ddclient.conf


Version-Release number of selected component (if applicable):


How reproducible: every time I login to my router


Steps to Reproduce:
1. login to router
2. perform any activity
3. session is killed with IP RST and won't resume for several minutes


/etc/ddclient/ddclient.conf contains:
use=fw,
fw=192.168.1.1/Status_Internet.asp,
fw-login=admin,                <=== This & previous commas ignored by ddclient
fw-password=mylongpassword,    <=== This COMMA is INCLUDED in the router login 
                                    attempts which fail authentication
                                    repeatedly, causing router lockout
fw-skip='IP Address'

In addition to the above flaw (extraneous comma), there's more old data:

server=freedns.afraid.org \
login=myuserid \
password=mypassword \
pfortin.mooo.com    <== an ANCIENT domain which I haven't used in years


So... the question is: WHAT created this file? And from what input(s)?
Comment 1 Pierre Fortin 2021-06-28 18:44:07 CEST 
Posted info on DD-WRT forum at https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1239970#1239970
Comment 2 Aurelien Oudelet 2021-06-28 22:32:53 CEST 
Hi, thanks reporting this.

As I don't know at all about this ddclient.conf file,
it belongs to ddclient-3.9.1-1.mga8 package.

Assigning to CC'd packager if he can help on this.

Source RPM: (none) => ddclient-3.9.1-1.mga8.src.rpm
CC: (none) => eatdirt, ouaurelien

Comment 3 Jani Välimaa 2021-06-30 09:46:54 CEST 
Default or sample ddclient.conf file is shipped with ddclient package, but setting up the configuration is up to sysadmin. The input is coming from between the chair and the display.

I'm not aware about having any tools in distro to alter the configuration. Using Webmin with external ddclient module it might be possible.
Comment 4 Jani Välimaa 2021-06-30 09:59:16 CEST 
After grepping the default configuration in mga7, mga8 and cauldron I don't see any extra commas after fw-password:

# grep fw-password /etc/ddclient/ddclient.conf 
#fw-login=admin,             fw-password=XXXXXX		# FW login and password
## To obtain an IP address from FW status page (using fw-login, fw-password)

We don't have any entries for freedns.afraid.org either.
Comment 5 Aurelien Oudelet 2021-06-30 10:26:01 CEST 
Thanks Jani.

Closing this.

Resolution: (none) => INVALID
Status: NEW => RESOLVED

Comment 6 Pierre Fortin 2021-06-30 16:05:45 CEST 
While I have no recollection of ever using/knowing of ddclient -- the important message here is that getting locked out of a remote system (router in this case) may be due to some other process causing a DoA (denial of access). Thanks for the quick response.

Resolution: INVALID => FIXED
Note You need to log in before you can comment on or make changes to this bug.