fakepw auth.c question

Ben Lindstrom mouring at etoh.eviladmin.org
Sun Dec 14 14:47:56 EST 2003


It provides a way of creating a fake passwd entry if the authentication
users does not exist.  The reason is wrapped around the fact that without
doing this you can guess  existing vs nonexisting user accounts based on
how much time it takes to reply "bad password".

- Ben

On Sat, 13 Dec 2003, Jamaal Speights wrote:

>
>    this is at the bottom of auth.c.  What is it?
>
>    struct passwd *
>    fakepw(void)
>    {
>    static struct passwd fake;
>    memset(&fake, 0, sizeof(fake));
>    fake.pw_name = "NOUSER";
>    fake.pw_passwd =
>        "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
>    fake.pw_gecos = "NOUSER";
>    fake.pw_uid = -1;
>    fake.pw_gid = -1;
>    fake.pw_class = "";
>    fake.pw_dir = "/nonexist";
>    fake.pw_shell = "/nonexist";
>    return (&fake);
>    }
>
>
>    Default branch: MAIN
>      _________________________________________________________________
>
>    Revision [1]1.51 / ([2]download) - [3]annotate - [4][select for diffs]
>    , Fri Nov 21 11:57:02 2003 UTC (3 weeks, 1 day ago) by djm
>    Branch: [5]MAIN
>    CVS Tags: [6]HEAD
>    Changes since 1.50: +2 -2 lines
>    Diff to previous [7]1.50 ([8]colored)
>      _________________________________________________________________
>
>    [9]Dont worry if your Inbox will max out while you are enjoying the
>    holidays. Get MSN Extra Storage!
>
> References
>
>    1. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?rev=1.51&content-type=text/x-cvsweb-markup
>    2. http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/auth.c?rev=1.51&content-type=text/plain
>    3. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?annotate=1.51
>    4. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?r1=1.51
>    5. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?only_with_tag=MAIN
>    6. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?only_with_tag=HEAD
>    7. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c.diff?r1=1.50&r2=1.51
>    8. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c.diff?r1=1.50&r2=1.51&f=h
>    9. http://g.msn.com/8HMBENUS/2734??PS=
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list