Foil potential timing attacks by using the correct password hash

instead of "xx".  In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp.  OK deraadt@

2 files changed, 12 insertions, 5 deletions

diff --git a/libexec/login_reject/Makefile b/libexec/login_reject/Makefile
index f877d6044ff..211059d6a2b 100644
--- a/libexec/login_reject/Makefile
+++ b/libexec/login_reject/Makefile
@@ -1,8 +1,10 @@
-#	$OpenBSD: Makefile,v 1.1 2000/12/12 02:34:43 millert Exp $
+#	$OpenBSD: Makefile,v 1.2 2006/03/09 19:14:10 millert Exp $
 
 PROG=	login_reject
+SRCS=	login_reject.c pwd_gensalt.c
 MAN=	login_reject.8
 CFLAGS+=-Wall
+.PATH:  ${.CURDIR}/../../usr.bin/passwd
 
 BINOWN=	root
 BINGRP=	auth
diff --git a/libexec/login_reject/login_reject.c b/libexec/login_reject/login_reject.c
index 91ee3532944..4411638856f 100644
--- a/libexec/login_reject/login_reject.c
+++ b/libexec/login_reject/login_reject.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_reject.c,v 1.6 2002/09/06 18:45:07 deraadt Exp $	*/
+/*	$OpenBSD: login_reject.c,v 1.7 2006/03/09 19:14:10 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
@@ -55,9 +55,10 @@
 int
 main(int argc, char *argv[])
 {
-	FILE *back;
-	char passbuf[1];
 	struct rlimit rl;
+	login_cap_t *lc;
+	FILE *back;
+	char passbuf[1], salt[_PASSWORD_LEN + 1];
 	int mode = 0, c;
 
 	rl.rlim_cur = 0;
@@ -121,7 +122,11 @@ main(int argc, char *argv[])
 	} else
 		getpass("Password:");
 
-	crypt("password", "xx");
+	if ((lc = login_getclass(NULL)) == NULL ||
+	    pwd_gensalt(salt, sizeof(salt), lc, 'l') == 0)
+		strlcpy(salt, "xx", sizeof(salt));
+	crypt("password", salt);
+
 	fprintf(back, BI_REJECT "\n");
 	exit(1);
 }