From: tedu <tedu@openbsd.org>
Date: Thu, 22 Oct 2015 12:55:23 +0000 (+0000)
Subject: use crypt_checkpass("password", NULL) to fake a login instead of bcrypt
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9d8a360c92b2a10e00ca42287a03499fb2ff6c57;p=openbsd

use crypt_checkpass("password", NULL) to fake a login instead of bcrypt
---

diff --git a/libexec/login_reject/login_reject.c b/libexec/login_reject/login_reject.c
index a609c51a594..cea7460b17b 100644
--- a/libexec/login_reject/login_reject.c
+++ b/libexec/login_reject/login_reject.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_reject.c,v 1.11 2015/10/14 17:06:58 deraadt Exp $	*/
+/*	$OpenBSD: login_reject.c,v 1.12 2015/10/22 12:55:23 tedu Exp $	*/
 
 /*-
  * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
@@ -56,7 +56,7 @@ main(int argc, char *argv[])
 {
 	struct rlimit rl;
 	FILE *back;
-	char passbuf[1], hash[_PASSWORD_LEN + 1];
+	char passbuf[1];
 	int mode = 0, c;
 
 	rl.rlim_cur = 0;
@@ -123,7 +123,7 @@ main(int argc, char *argv[])
 	} else
 		getpass("Password:");
 
-	bcrypt_newhash("password", 8, hash, sizeof(hash));
+	crypt_checkpass("password", NULL);
 
 	fprintf(back, BI_REJECT "\n");
 	exit(1);