From nobody@FreeBSD.org  Wed Jan 21 18:42:27 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 28EA616A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Jan 2004 18:42:27 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E6A143D48
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Jan 2004 18:42:26 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i0M2gPdL045936
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 21 Jan 2004 18:42:25 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i0M2gPCK045935;
	Wed, 21 Jan 2004 18:42:25 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200401220242.i0M2gPCK045935@www.freebsd.org>
Date: Wed, 21 Jan 2004 18:42:25 -0800 (PST)
From: Dany Nativel <dany@natzo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Segmentation fault on OPIE when sequence number=-1
X-Send-Pr-Version: www-2.0

>Number:         61701
>Category:       bin
>Synopsis:       Segmentation fault on OPIE when sequence number=-1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 21 18:50:20 PST 2004
>Closed-Date:    Tue Jun 12 04:54:23 GMT 2007
>Last-Modified:  Tue Jun 12 04:54:23 GMT 2007
>Originator:     Dany Nativel
>Release:        5.2 Release
>Organization:
>Environment:
FreeBSD hermes.agora 5.2-RELEASE FreeBSD 5.2-RELEASE #9: Tue Jan 13 21:59:17 EST 2004     alpha@hermes.agora:/usr/obj/usr/src/sys/HERMES  i386
>Description:
When opie sequence number reaches -1 for a given user (no more s/key login), it's impossible to :

1) Use the regular Unix password (even if authorized and was working before) ... core dumped
2) Disable the OPIE login for this user using opiepasswd  ... seg fault

PS 1:How did OPIE worked in the first place with no mention to it in /etc/pam.d/login ?

PS 2: /etc/pam.d/login (stock from 5.2R install) :
code:auth required pam_nologin.so  no_warn
auth sufficient pam_self.so no_warn
auth include system

account requisite pam_securetty.so
account include system

session include system

password include system
>How-To-Repeat:
A] LOGIN USING UNIX PASSWORD WHEN OPIE support has expired
1) from the user account :
#opiepasswd -c -n 2    (any number in fact)

2)  Quit the current session for login prompt :
login : alpha
otp-md5 2 he201
Password:

3) Enter valid s/key, loggout and repeat that process until reaching sequence number=-1

4) Then try to use you regular Unix password (I could use it when sequence key was <>-1):
login: alpha
otp-md5 -1 (null) ext
Password:   <-  Unix password

code:FreeBSD/i386 (local) (ttyv0)
login: Jan 19 22:08:25 local kernel: pid 613 (login), uid 0:exited on signal 11 (core dumped)

B] DISABLE OPIE LOGIN using opiepasswd when opie expired
Using root account :
#opiepasswd -d alpha    (nb opiepasswd -c doesn't work either)

Updating alpha:
Segmentation fault (core dumped)
local# Jan 19 22:10:06 local kernel: pid 627 (opiepasswd), uid 0: exited on signal 11 (core dumped)
>Fix:
--> Quick Fix :
In order to allow my unlucky user to login back using his regular Unix password I had to remove the file /etc/opiekeys

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: vs 
State-Changed-When: Tue Oct 11 09:14:25 GMT 2005 
State-Changed-Why:  
Can you confirm if this is still a problem? I cannot reproduce this 
on 4.11: 

> otp-md5 0 me9038 ext 
Using the MD5 algorithm to compute response. 
Sequence number 0 is not positive. 

So there is now way to get a negative seq-# 
This is with pam_opie. You also mention S/Key, are you maybe mixing both? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61701 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Tue Jun 12 04:53:58 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 1 year). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61701 
>Unformatted:
