openssh unix dev - Dec 2003 - fakepw auth.c question

this is at the bottom of auth.c.  What is it?

   struct passwd *
   fakepw(void)
   {
   static struct passwd fake;
   memset(&fake, 0, sizeof(fake));
   fake.pw_name = "NOUSER";
   fake.pw_passwd       
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
   fake.pw_gecos = "NOUSER";
   fake.pw_uid = -1;
   fake.pw_gid = -1;
   fake.pw_class = "";
   fake.pw_dir = "/nonexist";
   fake.pw_shell = "/nonexist";
   return (&fake);
   }


   Default branch: MAIN
     _________________________________________________________________

   Revision [1]1.51 / ([2]download) - [3]annotate - [4][select for diffs]
   , Fri Nov 21 11:57:02 2003 UTC (3 weeks, 1 day ago) by djm
   Branch: [5]MAIN 
   CVS Tags: [6]HEAD 
   Changes since 1.50: +2 -2 lines
   Diff to previous [7]1.50 ([8]colored)
     _________________________________________________________________

   [9]Dont worry if your Inbox will max out while you are enjoying the
   holidays. Get MSN Extra Storage! 

References

   1.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?rev=1.51&content-type=text/x-cvsweb-markup
   2.
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/auth.c?rev=1.51&content-type=text/plain
   3. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?annotate=1.51
   4. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?r1=1.51
   5.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?only_with_tag=MAIN
   6.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?only_with_tag=HEAD
   7.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c.diff?r1=1.50&r2=1.51
   8.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c.diff?r1=1.50&r2=1.51&f=h
   9. http://g.msn.com/8HMBENUS/2734??PS=

It provides a way of creating a fake passwd entry if the authentication
users does not exist.  The reason is wrapped around the fact that without
doing this you can guess  existing vs nonexisting user accounts based on
how much time it takes to reply "bad password".

- Ben

On Sat, 13 Dec 2003, Jamaal Speights wrote:
>
>    this is at the bottom of auth.c.  What is it?
>
>    struct passwd *
>    fakepw(void)
>    {
>    static struct passwd fake;
>    memset(&fake, 0, sizeof(fake));
>    fake.pw_name = "NOUSER";
>    fake.pw_passwd >       
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
>    fake.pw_gecos = "NOUSER";
>    fake.pw_uid = -1;
>    fake.pw_gid = -1;
>    fake.pw_class = "";
>    fake.pw_dir = "/nonexist";
>    fake.pw_shell = "/nonexist";
>    return (&fake);
>    }
>
>
>    Default branch: MAIN
>      _________________________________________________________________
>
>    Revision [1]1.51 / ([2]download) - [3]annotate - [4][select for diffs]
>    , Fri Nov 21 11:57:02 2003 UTC (3 weeks, 1 day ago) by djm
>    Branch: [5]MAIN
>    CVS Tags: [6]HEAD
>    Changes since 1.50: +2 -2 lines
>    Diff to previous [7]1.50 ([8]colored)
>      _________________________________________________________________
>
>    [9]Dont worry if your Inbox will max out while you are enjoying the
>    holidays. Get MSN Extra Storage!
>
> References
>
>    1.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?rev=1.51&content-type=text/x-cvsweb-markup
>    2.
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/auth.c?rev=1.51&content-type=text/plain
>    3.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?annotate=1.51
>    4. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?r1=1.51
>    5.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?only_with_tag=MAIN
>    6.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c?only_with_tag=HEAD
>    7.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c.diff?r1=1.50&r2=1.51
>    8.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth.c.diff?r1=1.50&r2=1.51&f=h
>    9. http://g.msn.com/8HMBENUS/2734??PS>
_______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>