Openssh use enumeration

[Darren Tucker]

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote:
> I wonder if could be useful to set the fall back account to something user
> defined to avoid suggesting people add passwords to root, though I do like
> root since the account is always there,

Since committing that diff I've heard of people running in production
with no root password (ie *LK*, !! or similar).

It's about the same amount of code to search for the first account with
a valid salt, which would avoid this problem in the case where the root
account doesn't have a real password.

djm: what do you think?

diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8913bb8..5385243 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -78,14 +78,18 @@ pick_salt(void)
 	if (salt[0] != '\0')
 		return salt;
 	strlcpy(salt, "xx", sizeof(salt));
-	if ((pw = getpwuid(0)) == NULL)
-		return salt;
-	passwd = shadow_pw(pw);
-	if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
-		return salt;  /* no $, DES */
-	typelen = p - passwd + 1;
-	strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
-	explicit_bzero(passwd, strlen(passwd));
+	setpwent();
+	while ((pw = getpwent()) != NULL) {
+		passwd = shadow_pw(pw);
+		if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
+			typelen = p - passwd + 1;
+			strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
+			explicit_bzero(passwd, strlen(passwd));
+			goto out;
+		}
+	}
+ out:
+	endpwent();
 	return salt;
 }
 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.