Date: Mon, 24 Dec 2001 11:46:51 +1100 (EST) From: "Tim J. Robbins" <tim@robbins.dropbear.id.au> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/33133: keyinit outputs wrong next login password Message-ID: <200112240046.fBO0kpM20550@raven.robbins.dropbear.id.au>
next in thread | raw e-mail | index | archive | help
>Number: 33133 >Category: bin >Synopsis: keyinit outputs wrong next login password >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Dec 23 17:00:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Tim J. Robbins >Release: FreeBSD 4.4-STABLE i386 >Organization: >Environment: System: FreeBSD raven.robbins.dropbear.id.au 4.4-STABLE FreeBSD 4.4-STABLE #1: Thu Dec 20 19:34:48 EST 2001 root@raven.robbins.dropbear.id.au:/usr/obj/usr/src/sys/RAVEN i386 >Description: Bug is same as OpenBSD PR number 2050 (reported 4 months ago, still not fixed). http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2050 >How-To-Repeat: Setting up skey on an account for the first item, keyinit from 4.4-STABLE: $ keyinit Adding tim: Reminder - Only use this method if you are directly connected. If you are using telnet or rlogin exit with no password and use keyinit -s. Enter secret password: Again secret password: ID tim s/key is 99 ra54494 RAP PAT WOLF HILL MIST SILO Telnet'ing in: FreeBSD/i386 (raven.robbins.dropbear.id.au) (ttyp3) login: tim s/key 98 ra54494 Password: RAP PAT WOLF HILL MIST SILO Login incorrect login: Setting up skey on an account for the first time, patched keyinit: $ keyinit.new Adding tim: Reminder - Only use this method if you are directly connected. If you are using telnet or rlogin exit with no password and use keyinit -s. Enter secret password: Again secret password: ID tim s/key is 99 ra54671 TILL MITT GUS RON LONE TUG FreeBSD/i386 (raven.robbins.dropbear.id.au) (ttyp3) login: tim s/key 99 ra54671 Password: TILL MITT GUS RON LONE TUG Last login: Mon Dec 24 11:42:22 from localhost Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.4-STABLE (RAVEN) #1: Thu Dec 20 19:34:48 EST 2001 You have new mail. $ Why has nobody noticed this flaw before? >Fix: --- skeyinit.c.old Mon Dec 24 11:31:47 2001 +++ skeyinit.c Mon Dec 24 11:37:56 2001 @@ -176,15 +176,19 @@ if (skey.val == NULL) skey.val = (char *) malloc(16+1); - - btoa8(skey.val,key); - fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n, - seed,skey.val, tbuf); - fclose(skey.keyfile); printf("\nID %s s/key is %d %s\n",pp->pw_name,n,seed); printf("%s\n",btoe(buf,key)); #ifdef HEXIN printf("%s\n",put8(buf,key)); #endif + + /* XXX Because skeylogin uses n-1 */ + f(key); + n++; + + btoa8(skey.val,key); + fprintf(skey.keyfile,"%s %04d %-16s %s %-21s\n",pp->pw_name,n, + seed,skey.val, tbuf); + fclose(skey.keyfile); return 0; } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112240046.fBO0kpM20550>