From tim@robbins.dropbear.id.au  Sun Dec 23 16:50:34 2001
Return-Path: <tim@robbins.dropbear.id.au>
Received: from raven.robbins.dropbear.id.au (030.c.010.mel.iprimus.net.au [210.50.202.30])
	by hub.freebsd.org (Postfix) with ESMTP id 3081037B416
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 23 Dec 2001 16:50:30 -0800 (PST)
Received: (from tim@localhost)
	by raven.robbins.dropbear.id.au (8.11.6/8.11.6) id fBO0kpM20550;
	Mon, 24 Dec 2001 11:46:51 +1100 (EST)
	(envelope-from tim)
Message-Id: <200112240046.fBO0kpM20550@raven.robbins.dropbear.id.au>
Date: Mon, 24 Dec 2001 11:46:51 +1100 (EST)
From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Reply-To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: keyinit outputs wrong next login password
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         33133
>Category:       bin
>Synopsis:       keyinit outputs wrong next login password
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    vwe
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 23 17:00:00 PST 2001
>Closed-Date:    Sat May 24 15:27:56 UTC 2008
>Last-Modified:  Sat May 24 15:27:56 UTC 2008
>Originator:     Tim J. Robbins
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD raven.robbins.dropbear.id.au 4.4-STABLE FreeBSD 4.4-STABLE #1: Thu Dec 20 19:34:48 EST 2001 root@raven.robbins.dropbear.id.au:/usr/obj/usr/src/sys/RAVEN i386


	
>Description:
Bug is same as OpenBSD PR number 2050 (reported 4 months ago, still not fixed).
http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2050
>How-To-Repeat:

Setting up skey on an account for the first item, keyinit from 4.4-STABLE:

$ keyinit
Adding tim:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: 
Again secret password: 

ID tim s/key is 99 ra54494
RAP PAT WOLF HILL MIST SILO

Telnet'ing in:

FreeBSD/i386 (raven.robbins.dropbear.id.au) (ttyp3)

login: tim
s/key 98 ra54494
Password: RAP PAT WOLF HILL MIST SILO
Login incorrect
login:

Setting up skey on an account for the first time, patched keyinit:

$ keyinit.new
Adding tim:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: 
Again secret password: 

ID tim s/key is 99 ra54671
TILL MITT GUS RON LONE TUG

FreeBSD/i386 (raven.robbins.dropbear.id.au) (ttyp3)

login: tim
s/key 99 ra54671
Password: TILL MITT GUS RON LONE TUG
Last login: Mon Dec 24 11:42:22 from localhost
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

FreeBSD 4.4-STABLE (RAVEN) #1: Thu Dec 20 19:34:48 EST 2001


You have new mail.
$


Why has nobody noticed this flaw before?

>Fix:

--- skeyinit.c.old	Mon Dec 24 11:31:47 2001
+++ skeyinit.c	Mon Dec 24 11:37:56 2001
@@ -176,15 +176,19 @@
         if (skey.val == NULL)
                   skey.val = (char *) malloc(16+1);
 
-
-	btoa8(skey.val,key);
-	fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n,
-		seed,skey.val, tbuf);
-	fclose(skey.keyfile);
 	printf("\nID %s s/key is %d %s\n",pp->pw_name,n,seed);
 	printf("%s\n",btoe(buf,key));
 #ifdef HEXIN
 	printf("%s\n",put8(buf,key));
 #endif
+
+	/* XXX Because skeylogin uses n-1 */
+	f(key);
+	n++;
+
+	btoa8(skey.val,key);
+	fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n,
+		seed,skey.val, tbuf);
+	fclose(skey.keyfile);
 	return 0;
 }
>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@starjuice.net>
To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/33133 
Date: Tue, 08 Jan 2002 18:11:36 +0200

 On Mon, 07 Jan 2002 15:39:01 +1100, "Tim J. Robbins" wrote:
 
 > Can someone please check this PR out?
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/33133
 
 Patch seems reasonable.
 
 > Am I the first one who has tried to log in with the password (s)keyinit
 > gives me? It looks pretty obviously broken to me. And yes, I am aware
 > that skey is no longer in -current.
 
 Perhaps.  Most folks I know who use skey seriously tend to run off a
 whole bunch of passwords at once to hard copy using key(1), so they
 just plug in the password they're prompted for, not the one printed by
 keyinit(1).
 
 Ciao,
 Sheldon.

From: Sheldon Hearn <sheldonh@starjuice.net>
To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/33133 
Date: Tue, 08 Jan 2002 18:25:22 +0200

 On Tue, 08 Jan 2002 18:11:36 +0200, Sheldon Hearn wrote:
 
 > > Can someone please check this PR out?
 > > 
 > > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/33133
 > 
 > Patch seems reasonable.
 
 Just tested it and it doesn't work on my RELENG_4 box.  Although I'm now
 prompted for sequence ID 0099 instead of 0098, the password isn't
 accepted.  This is with both OpenSSH ChallengeResponseAuthentication and
 login(1).
 
 Ciao,
 Sheldon.

From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/33133
Date: Wed, 9 Jan 2002 17:12:49 +1100

 > Just tested it and it doesn't work on my RELENG_4 box.  Although I'm now
 > prompted for sequence ID 0099 instead of 0098, the password isn't
 > accepted.  This is with both OpenSSH ChallengeResponseAuthentication and
 > login(1).
 
 I'm not sure what's going on then. I'm using RELENG_4 from less than a
 week ago, and I can still reproduce the problem, and the patch still
 fixes the problem. Perhaps it's not a general solution to the problem.
 I'm not really worried that keyinit has this small problem, I just noticed
 it and thought it might be easy to fix. Obviously not :)
 
 
 Tim
State-Changed-From-To: open->suspended 
State-Changed-By: tjr 
State-Changed-When: Sun Jun 30 01:19:52 PDT 2002 
State-Changed-Why:  
It would appear that nobody is willing to fix this bug. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33133 
State-Changed-From-To: suspended->closed 
State-Changed-By: vwe 
State-Changed-When: Sat May 24 15:26:19 UTC 2008 
State-Changed-Why:  

we don't have keyinit since 5.x days anymore - closing this 
Please note: the issue also hasn't been fixed according to GNATS in OpenBSD. 


Responsible-Changed-From-To: freebsd-bugs->vwe 
Responsible-Changed-By: vwe 
Responsible-Changed-When: Sat May 24 15:26:19 UTC 2008 
Responsible-Changed-Why:  

track 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33133 
>Unformatted:
