diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2006-03-09 19:14:11 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2006-03-09 19:14:11 +0000 |
| commit | 3a6c6b26f4f6a8488243ac8edd6d2a7cd710ae86 (patch) | |
| tree | 7a662e4e6494e0deed33b32d493731108d5059f3 /libexec/login_passwd | |
| parent | 36b32be082b3a821442bae3180bb6f9a98d4a6e3 (diff) | |
Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt@
Diffstat (limited to 'libexec/login_passwd')
| -rw-r--r-- | libexec/login_passwd/Makefile | 5 | ||||
| -rw-r--r-- | libexec/login_passwd/common.h | 5 | ||||
| -rw-r--r-- | libexec/login_passwd/login_passwd.c | 15 |
3 files changed, 17 insertions, 8 deletions
diff --git a/libexec/login_passwd/Makefile b/libexec/login_passwd/Makefile index 4122b91a6cd..44e4b45ce4d 100644 --- a/libexec/login_passwd/Makefile +++ b/libexec/login_passwd/Makefile @@ -1,11 +1,12 @@ -# $OpenBSD: Makefile,v 1.4 2004/05/12 20:43:44 millert Exp $ +# $OpenBSD: Makefile,v 1.5 2006/03/09 19:14:10 millert Exp $ PROG= login_passwd MAN= login_passwd.8 -SRCS= login.c login_passwd.c +SRCS= login.c login_passwd.c pwd_gensalt.c DPADD= ${LIBUTIL} LDADD= -lutil CFLAGS+=-Wall -DPASSWD +.PATH: ${.CURDIR}/../../usr.bin/passwd BINOWN= root BINGRP= auth diff --git a/libexec/login_passwd/common.h b/libexec/login_passwd/common.h index 24aec6cc3de..a430c4d660c 100644 --- a/libexec/login_passwd/common.h +++ b/libexec/login_passwd/common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: common.h,v 1.2 2005/04/14 18:33:42 biorn Exp $ */ +/* $OpenBSD: common.h,v 1.3 2006/03/09 19:14:10 millert Exp $ */ /*- * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>. * All rights reserved. @@ -29,10 +29,10 @@ #define _COMMON_H_ #include <sys/types.h> -#include <sys/signal.h> #include <sys/resource.h> #include <sys/param.h> +#include <signal.h> #include <syslog.h> #include <stdlib.h> #include <unistd.h> @@ -56,6 +56,7 @@ extern FILE *back; #ifdef PASSWD int pwd_login(char *, char *, char *, int, char *); +int pwd_gensalt(char *, int, login_cap_t *, char); #endif #ifdef KRB5 int krb5_login(char *, char *, char *, int, int); diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c index a2c2601714f..5a54013c50d 100644 --- a/libexec/login_passwd/login_passwd.c +++ b/libexec/login_passwd/login_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_passwd.c,v 1.8 2004/03/10 21:30:27 millert Exp $ */ +/* $OpenBSD: login_passwd.c,v 1.9 2006/03/09 19:14:10 millert Exp $ */ /*- * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>. @@ -33,8 +33,9 @@ pwd_login(char *username, char *password, char *wheel, int lastchance, char *class) { struct passwd *pwd; + login_cap_t *lc; size_t plen; - char *salt; + char *salt, saltbuf[_PASSWORD_LEN + 1]; if (wheel != NULL && strcmp(wheel, "yes") != 0) { fprintf(back, BI_VALUE " errormsg %s\n", @@ -48,8 +49,14 @@ pwd_login(char *username, char *password, char *wheel, int lastchance, pwd = getpwnam(username); if (pwd) salt = pwd->pw_passwd; - else - salt = "xx"; + else { + /* no such user, get appropriate salt */ + if ((lc = login_getclass(NULL)) == NULL || + pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0) + salt = "xx"; + else + salt = saltbuf; + } setpriority(PRIO_PROCESS, 0, -4); |