summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2006-03-09 19:14:11 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2006-03-09 19:14:11 +0000
commit3a6c6b26f4f6a8488243ac8edd6d2a7cd710ae86 (patch)
tree7a662e4e6494e0deed33b32d493731108d5059f3
parent36b32be082b3a821442bae3180bb6f9a98d4a6e3 (diff)
Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for non-existent users instead of DES crypt(). Adapted from a patch by Peter Philipp. OK deraadt@
-rw-r--r--libexec/login_chpass/login_chpass.c15
-rw-r--r--libexec/login_krb5-or-pwd/Makefile8
-rw-r--r--libexec/login_lchpass/login_lchpass.c16
-rw-r--r--libexec/login_passwd/Makefile5
-rw-r--r--libexec/login_passwd/common.h5
-rw-r--r--libexec/login_passwd/login_passwd.c15
-rw-r--r--libexec/login_reject/Makefile4
-rw-r--r--libexec/login_reject/login_reject.c13
8 files changed, 56 insertions, 25 deletions
diff --git a/libexec/login_chpass/login_chpass.c b/libexec/login_chpass/login_chpass.c
index 605070a2d4a..2d665d5fa14 100644
--- a/libexec/login_chpass/login_chpass.c
+++ b/libexec/login_chpass/login_chpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_chpass.c,v 1.14 2005/04/14 18:33:42 biorn Exp $ */
+/* $OpenBSD: login_chpass.c,v 1.15 2006/03/09 19:14:09 millert Exp $ */
/*-
* Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
@@ -73,6 +73,7 @@ int _yp_check(char **);
char *ypgetnewpasswd(struct passwd *, char **);
struct passwd *ypgetpwnam(char *);
void kbintr(int);
+int pwd_gensalt(char *, int, login_cap_t *, char);
#endif
void local_chpass(char **);
@@ -199,9 +200,15 @@ yp_chpass(char *username)
}
}
if (pw == NULL) {
- char *p = getpass("Old password:");
- if (p != NULL) {
- crypt(p, "xx");
+ char *p, salt[_PASSWORD_LEN + 1];
+ login_cap_t *lc;
+
+ /* no such user, get appropriate salt to thwart timing attack */
+ if ((p = getpass("Old password:")) != NULL) {
+ if ((lc = login_getclass(NULL)) == NULL ||
+ pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0)
+ strlcpy(salt, "xx", sizeof(salt));
+ crypt(p, salt);
memset(p, 0, strlen(p));
}
warnx("YP passwd database unchanged.");
diff --git a/libexec/login_krb5-or-pwd/Makefile b/libexec/login_krb5-or-pwd/Makefile
index 8e950b9963e..e8a0b414188 100644
--- a/libexec/login_krb5-or-pwd/Makefile
+++ b/libexec/login_krb5-or-pwd/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.12 2003/11/20 23:23:09 avsm Exp $
+# $OpenBSD: Makefile,v 1.13 2006/03/09 19:14:09 millert Exp $
.include <bsd.own.mk>
PROG= login_krb5-or-pwd
-SRCS= login.c login_passwd.c
+SRCS= login.c login_passwd.c pwd_gensalt.c
MAN= ${PROG}.8
CFLAGS+=-DPASSWD -Wall -I${.CURDIR}/../login_passwd
@@ -12,11 +12,11 @@ SRCS+= login_krb5.c
DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBUTIL} ${LIBDES}
LDADD+= -lkrb5 -lasn1 -lcrypto -lutil -ldes
CFLAGS+=-DKRB5
-.PATH: ${.CURDIR}/../login_passwd ${.CURDIR}/../login_krb5
+.PATH: ${.CURDIR}/../login_passwd ${.CURDIR}/../login_krb5 ${.CURDIR}/../../usr.bin/passwd
.else
DPADD+= ${LIBUTIL}
LDADD+= -lutil
-.PATH: ${.CURDIR}/../login_passwd
+.PATH: ${.CURDIR}/../login_passwd ${.CURDIR}/../../usr.bin/passwd
.endif
BINOWN= root
diff --git a/libexec/login_lchpass/login_lchpass.c b/libexec/login_lchpass/login_lchpass.c
index 9faa14a915c..7d0a429b20a 100644
--- a/libexec/login_lchpass/login_lchpass.c
+++ b/libexec/login_lchpass/login_lchpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_lchpass.c,v 1.12 2004/03/10 21:30:27 millert Exp $ */
+/* $OpenBSD: login_lchpass.c,v 1.13 2006/03/09 19:14:10 millert Exp $ */
/*-
* Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
@@ -56,13 +56,15 @@
#define BACK_CHANNEL 3
int local_passwd(char *, int);
+int pwd_gensalt(char *, int, login_cap_t *, char);
int
main(int argc, char *argv[])
{
+ login_cap_t *lc;
struct iovec iov[2];
struct passwd *pwd;
- char *username = NULL, *salt, *p;
+ char *username = NULL, *salt, *p, saltbuf[_PASSWORD_LEN + 1];
struct rlimit rl;
int c;
@@ -119,8 +121,14 @@ main(int argc, char *argv[])
if (pwd)
salt = pwd->pw_passwd;
- else
- salt = "xx";
+ else {
+ /* no such user, get appropriate salt */
+ if ((lc = login_getclass(NULL)) == NULL ||
+ pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0)
+ salt = "xx";
+ else
+ salt = saltbuf;
+ }
(void)setpriority(PRIO_PROCESS, 0, -4);
diff --git a/libexec/login_passwd/Makefile b/libexec/login_passwd/Makefile
index 4122b91a6cd..44e4b45ce4d 100644
--- a/libexec/login_passwd/Makefile
+++ b/libexec/login_passwd/Makefile
@@ -1,11 +1,12 @@
-# $OpenBSD: Makefile,v 1.4 2004/05/12 20:43:44 millert Exp $
+# $OpenBSD: Makefile,v 1.5 2006/03/09 19:14:10 millert Exp $
PROG= login_passwd
MAN= login_passwd.8
-SRCS= login.c login_passwd.c
+SRCS= login.c login_passwd.c pwd_gensalt.c
DPADD= ${LIBUTIL}
LDADD= -lutil
CFLAGS+=-Wall -DPASSWD
+.PATH: ${.CURDIR}/../../usr.bin/passwd
BINOWN= root
BINGRP= auth
diff --git a/libexec/login_passwd/common.h b/libexec/login_passwd/common.h
index 24aec6cc3de..a430c4d660c 100644
--- a/libexec/login_passwd/common.h
+++ b/libexec/login_passwd/common.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: common.h,v 1.2 2005/04/14 18:33:42 biorn Exp $ */
+/* $OpenBSD: common.h,v 1.3 2006/03/09 19:14:10 millert Exp $ */
/*-
* Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
* All rights reserved.
@@ -29,10 +29,10 @@
#define _COMMON_H_
#include <sys/types.h>
-#include <sys/signal.h>
#include <sys/resource.h>
#include <sys/param.h>
+#include <signal.h>
#include <syslog.h>
#include <stdlib.h>
#include <unistd.h>
@@ -56,6 +56,7 @@ extern FILE *back;
#ifdef PASSWD
int pwd_login(char *, char *, char *, int, char *);
+int pwd_gensalt(char *, int, login_cap_t *, char);
#endif
#ifdef KRB5
int krb5_login(char *, char *, char *, int, int);
diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c
index a2c2601714f..5a54013c50d 100644
--- a/libexec/login_passwd/login_passwd.c
+++ b/libexec/login_passwd/login_passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_passwd.c,v 1.8 2004/03/10 21:30:27 millert Exp $ */
+/* $OpenBSD: login_passwd.c,v 1.9 2006/03/09 19:14:10 millert Exp $ */
/*-
* Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
@@ -33,8 +33,9 @@ pwd_login(char *username, char *password, char *wheel, int lastchance,
char *class)
{
struct passwd *pwd;
+ login_cap_t *lc;
size_t plen;
- char *salt;
+ char *salt, saltbuf[_PASSWORD_LEN + 1];
if (wheel != NULL && strcmp(wheel, "yes") != 0) {
fprintf(back, BI_VALUE " errormsg %s\n",
@@ -48,8 +49,14 @@ pwd_login(char *username, char *password, char *wheel, int lastchance,
pwd = getpwnam(username);
if (pwd)
salt = pwd->pw_passwd;
- else
- salt = "xx";
+ else {
+ /* no such user, get appropriate salt */
+ if ((lc = login_getclass(NULL)) == NULL ||
+ pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0)
+ salt = "xx";
+ else
+ salt = saltbuf;
+ }
setpriority(PRIO_PROCESS, 0, -4);
diff --git a/libexec/login_reject/Makefile b/libexec/login_reject/Makefile
index f877d6044ff..211059d6a2b 100644
--- a/libexec/login_reject/Makefile
+++ b/libexec/login_reject/Makefile
@@ -1,8 +1,10 @@
-# $OpenBSD: Makefile,v 1.1 2000/12/12 02:34:43 millert Exp $
+# $OpenBSD: Makefile,v 1.2 2006/03/09 19:14:10 millert Exp $
PROG= login_reject
+SRCS= login_reject.c pwd_gensalt.c
MAN= login_reject.8
CFLAGS+=-Wall
+.PATH: ${.CURDIR}/../../usr.bin/passwd
BINOWN= root
BINGRP= auth
diff --git a/libexec/login_reject/login_reject.c b/libexec/login_reject/login_reject.c
index 91ee3532944..4411638856f 100644
--- a/libexec/login_reject/login_reject.c
+++ b/libexec/login_reject/login_reject.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login_reject.c,v 1.6 2002/09/06 18:45:07 deraadt Exp $ */
+/* $OpenBSD: login_reject.c,v 1.7 2006/03/09 19:14:10 millert Exp $ */
/*-
* Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
@@ -55,9 +55,10 @@
int
main(int argc, char *argv[])
{
- FILE *back;
- char passbuf[1];
struct rlimit rl;
+ login_cap_t *lc;
+ FILE *back;
+ char passbuf[1], salt[_PASSWORD_LEN + 1];
int mode = 0, c;
rl.rlim_cur = 0;
@@ -121,7 +122,11 @@ main(int argc, char *argv[])
} else
getpass("Password:");
- crypt("password", "xx");
+ if ((lc = login_getclass(NULL)) == NULL ||
+ pwd_gensalt(salt, sizeof(salt), lc, 'l') == 0)
+ strlcpy(salt, "xx", sizeof(salt));
+ crypt("password", salt);
+
fprintf(back, BI_REJECT "\n");
exit(1);
}