diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2006-03-09 19:14:11 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2006-03-09 19:14:11 +0000 |
commit | 3a6c6b26f4f6a8488243ac8edd6d2a7cd710ae86 (patch) | |
tree | 7a662e4e6494e0deed33b32d493731108d5059f3 | |
parent | 36b32be082b3a821442bae3180bb6f9a98d4a6e3 (diff) |
Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@
-rw-r--r-- | libexec/login_chpass/login_chpass.c | 15 | ||||
-rw-r--r-- | libexec/login_krb5-or-pwd/Makefile | 8 | ||||
-rw-r--r-- | libexec/login_lchpass/login_lchpass.c | 16 | ||||
-rw-r--r-- | libexec/login_passwd/Makefile | 5 | ||||
-rw-r--r-- | libexec/login_passwd/common.h | 5 | ||||
-rw-r--r-- | libexec/login_passwd/login_passwd.c | 15 | ||||
-rw-r--r-- | libexec/login_reject/Makefile | 4 | ||||
-rw-r--r-- | libexec/login_reject/login_reject.c | 13 |
8 files changed, 56 insertions, 25 deletions
diff --git a/libexec/login_chpass/login_chpass.c b/libexec/login_chpass/login_chpass.c index 605070a2d4a..2d665d5fa14 100644 --- a/libexec/login_chpass/login_chpass.c +++ b/libexec/login_chpass/login_chpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_chpass.c,v 1.14 2005/04/14 18:33:42 biorn Exp $ */ +/* $OpenBSD: login_chpass.c,v 1.15 2006/03/09 19:14:09 millert Exp $ */ /*- * Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved. @@ -73,6 +73,7 @@ int _yp_check(char **); char *ypgetnewpasswd(struct passwd *, char **); struct passwd *ypgetpwnam(char *); void kbintr(int); +int pwd_gensalt(char *, int, login_cap_t *, char); #endif void local_chpass(char **); @@ -199,9 +200,15 @@ yp_chpass(char *username) } } if (pw == NULL) { - char *p = getpass("Old password:"); - if (p != NULL) { - crypt(p, "xx"); + char *p, salt[_PASSWORD_LEN + 1]; + login_cap_t *lc; + + /* no such user, get appropriate salt to thwart timing attack */ + if ((p = getpass("Old password:")) != NULL) { + if ((lc = login_getclass(NULL)) == NULL || + pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0) + strlcpy(salt, "xx", sizeof(salt)); + crypt(p, salt); memset(p, 0, strlen(p)); } warnx("YP passwd database unchanged."); diff --git a/libexec/login_krb5-or-pwd/Makefile b/libexec/login_krb5-or-pwd/Makefile index 8e950b9963e..e8a0b414188 100644 --- a/libexec/login_krb5-or-pwd/Makefile +++ b/libexec/login_krb5-or-pwd/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.12 2003/11/20 23:23:09 avsm Exp $ +# $OpenBSD: Makefile,v 1.13 2006/03/09 19:14:09 millert Exp $ .include <bsd.own.mk> PROG= login_krb5-or-pwd -SRCS= login.c login_passwd.c +SRCS= login.c login_passwd.c pwd_gensalt.c MAN= ${PROG}.8 CFLAGS+=-DPASSWD -Wall -I${.CURDIR}/../login_passwd @@ -12,11 +12,11 @@ SRCS+= login_krb5.c DPADD+= ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBUTIL} ${LIBDES} LDADD+= -lkrb5 -lasn1 -lcrypto -lutil -ldes CFLAGS+=-DKRB5 -.PATH: ${.CURDIR}/../login_passwd ${.CURDIR}/../login_krb5 +.PATH: ${.CURDIR}/../login_passwd ${.CURDIR}/../login_krb5 ${.CURDIR}/../../usr.bin/passwd .else DPADD+= ${LIBUTIL} LDADD+= -lutil -.PATH: ${.CURDIR}/../login_passwd +.PATH: ${.CURDIR}/../login_passwd ${.CURDIR}/../../usr.bin/passwd .endif BINOWN= root diff --git a/libexec/login_lchpass/login_lchpass.c b/libexec/login_lchpass/login_lchpass.c index 9faa14a915c..7d0a429b20a 100644 --- a/libexec/login_lchpass/login_lchpass.c +++ b/libexec/login_lchpass/login_lchpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_lchpass.c,v 1.12 2004/03/10 21:30:27 millert Exp $ */ +/* $OpenBSD: login_lchpass.c,v 1.13 2006/03/09 19:14:10 millert Exp $ */ /*- * Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved. @@ -56,13 +56,15 @@ #define BACK_CHANNEL 3 int local_passwd(char *, int); +int pwd_gensalt(char *, int, login_cap_t *, char); int main(int argc, char *argv[]) { + login_cap_t *lc; struct iovec iov[2]; struct passwd *pwd; - char *username = NULL, *salt, *p; + char *username = NULL, *salt, *p, saltbuf[_PASSWORD_LEN + 1]; struct rlimit rl; int c; @@ -119,8 +121,14 @@ main(int argc, char *argv[]) if (pwd) salt = pwd->pw_passwd; - else - salt = "xx"; + else { + /* no such user, get appropriate salt */ + if ((lc = login_getclass(NULL)) == NULL || + pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0) + salt = "xx"; + else + salt = saltbuf; + } (void)setpriority(PRIO_PROCESS, 0, -4); diff --git a/libexec/login_passwd/Makefile b/libexec/login_passwd/Makefile index 4122b91a6cd..44e4b45ce4d 100644 --- a/libexec/login_passwd/Makefile +++ b/libexec/login_passwd/Makefile @@ -1,11 +1,12 @@ -# $OpenBSD: Makefile,v 1.4 2004/05/12 20:43:44 millert Exp $ +# $OpenBSD: Makefile,v 1.5 2006/03/09 19:14:10 millert Exp $ PROG= login_passwd MAN= login_passwd.8 -SRCS= login.c login_passwd.c +SRCS= login.c login_passwd.c pwd_gensalt.c DPADD= ${LIBUTIL} LDADD= -lutil CFLAGS+=-Wall -DPASSWD +.PATH: ${.CURDIR}/../../usr.bin/passwd BINOWN= root BINGRP= auth diff --git a/libexec/login_passwd/common.h b/libexec/login_passwd/common.h index 24aec6cc3de..a430c4d660c 100644 --- a/libexec/login_passwd/common.h +++ b/libexec/login_passwd/common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: common.h,v 1.2 2005/04/14 18:33:42 biorn Exp $ */ +/* $OpenBSD: common.h,v 1.3 2006/03/09 19:14:10 millert Exp $ */ /*- * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>. * All rights reserved. @@ -29,10 +29,10 @@ #define _COMMON_H_ #include <sys/types.h> -#include <sys/signal.h> #include <sys/resource.h> #include <sys/param.h> +#include <signal.h> #include <syslog.h> #include <stdlib.h> #include <unistd.h> @@ -56,6 +56,7 @@ extern FILE *back; #ifdef PASSWD int pwd_login(char *, char *, char *, int, char *); +int pwd_gensalt(char *, int, login_cap_t *, char); #endif #ifdef KRB5 int krb5_login(char *, char *, char *, int, int); diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c index a2c2601714f..5a54013c50d 100644 --- a/libexec/login_passwd/login_passwd.c +++ b/libexec/login_passwd/login_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_passwd.c,v 1.8 2004/03/10 21:30:27 millert Exp $ */ +/* $OpenBSD: login_passwd.c,v 1.9 2006/03/09 19:14:10 millert Exp $ */ /*- * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>. @@ -33,8 +33,9 @@ pwd_login(char *username, char *password, char *wheel, int lastchance, char *class) { struct passwd *pwd; + login_cap_t *lc; size_t plen; - char *salt; + char *salt, saltbuf[_PASSWORD_LEN + 1]; if (wheel != NULL && strcmp(wheel, "yes") != 0) { fprintf(back, BI_VALUE " errormsg %s\n", @@ -48,8 +49,14 @@ pwd_login(char *username, char *password, char *wheel, int lastchance, pwd = getpwnam(username); if (pwd) salt = pwd->pw_passwd; - else - salt = "xx"; + else { + /* no such user, get appropriate salt */ + if ((lc = login_getclass(NULL)) == NULL || + pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0) + salt = "xx"; + else + salt = saltbuf; + } setpriority(PRIO_PROCESS, 0, -4); diff --git a/libexec/login_reject/Makefile b/libexec/login_reject/Makefile index f877d6044ff..211059d6a2b 100644 --- a/libexec/login_reject/Makefile +++ b/libexec/login_reject/Makefile @@ -1,8 +1,10 @@ -# $OpenBSD: Makefile,v 1.1 2000/12/12 02:34:43 millert Exp $ +# $OpenBSD: Makefile,v 1.2 2006/03/09 19:14:10 millert Exp $ PROG= login_reject +SRCS= login_reject.c pwd_gensalt.c MAN= login_reject.8 CFLAGS+=-Wall +.PATH: ${.CURDIR}/../../usr.bin/passwd BINOWN= root BINGRP= auth diff --git a/libexec/login_reject/login_reject.c b/libexec/login_reject/login_reject.c index 91ee3532944..4411638856f 100644 --- a/libexec/login_reject/login_reject.c +++ b/libexec/login_reject/login_reject.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_reject.c,v 1.6 2002/09/06 18:45:07 deraadt Exp $ */ +/* $OpenBSD: login_reject.c,v 1.7 2006/03/09 19:14:10 millert Exp $ */ /*- * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved. @@ -55,9 +55,10 @@ int main(int argc, char *argv[]) { - FILE *back; - char passbuf[1]; struct rlimit rl; + login_cap_t *lc; + FILE *back; + char passbuf[1], salt[_PASSWORD_LEN + 1]; int mode = 0, c; rl.rlim_cur = 0; @@ -121,7 +122,11 @@ main(int argc, char *argv[]) } else getpass("Password:"); - crypt("password", "xx"); + if ((lc = login_getclass(NULL)) == NULL || + pwd_gensalt(salt, sizeof(salt), lc, 'l') == 0) + strlcpy(salt, "xx", sizeof(salt)); + crypt("password", salt); + fprintf(back, BI_REJECT "\n"); exit(1); } |