hi ng,

i want to read a username and a password, verify it and change the uid
of the current process to the corresponding user. changing the uid by
using setuid(..) isn't the problem (though by the way: would it be
better to change the uid or the effective uid? - or doesn't that matter
at all, because i will let the process terminate itself just after
performing it's task, anyways?), but how can i get the uid of that
specific user and verify the password? (i want to use just the same
users that can be used at system login or for ssh and so on.)

thanks in advance
janina

p.s.: language is C, of course

[ Post a follow-up to this message ]

Janina Kramer <j.kramer@school-sucks.com> wrote:
> i want to read a username and a password, verify it and change the uid
> of the current process to the corresponding user. changing the uid by
> using setuid(..) isn't the problem (though by the way: would it be
> better to change the uid or the effective uid? - or doesn't that matter
> at all, because i will let the process terminate itself just after
> performing it's task, anyways?), but how can i get the uid of that
> specific user and verify the password? (i want to use just the same
> users that can be used at system login or for ssh and so on.)

Getting the UID of a user when you know the user name is the easy
part, you use the getpwnam() function which returns a structure
containing the UID. It might also contain the (encrypted) password
but only if no /etc/shadow file is used (but which is the default
on all Linux installations I have seen). In case an /etc/shadow
file is used (in that case the password is going to be a single 'x'
character instead of a string of 13 chars) you need the getspnam()
function to get the password.

Next thing is to verify the password. Getting the password from
the user (without it being shown on the screen) is often done
using the getpass() function. Unfortunately, the function is
marked as obsolete, so if you don't want to use it you have to
switch off echoing of input to the terminal (see 'man termios')
before having the user type in the password. Once you have it
you must encrypt the password, using the crypt() function. There
you have to use the first two characters of the encrypted password
you got from getpwnam() or getspnam() as the 'salt' argument. Then
you compare the result to the encrypted password.

If all of that looks like too much work you should have a look at
PAM (Pluggable Authentication Modules). A good starting point
might be 'man 8 pam' and the Linux-PAM Application Developers'
Guide from

http://www.kernel.org/pub/linux/lib...l/pam_appl.html

Regards, Jens
--
\   Jens Thoms Toerring  ___  Jens.Toerring@physik.fu-berlin.de
\__________________________  http://www.toerring.de

[ Post a follow-up to this message ]

<Jens.Toerring@physik.fu-berlin.de> wrote:

> Janina Kramer <j.kramer@school-sucks.com> wrote: 
>
> If all of that looks like too much work you should have a look at
> PAM (Pluggable Authentication Modules). A good starting point
> might be 'man 8 pam' and the Linux-PAM Application Developers'
> Guide from
>
> http://www.kernel.org/pub/linux/lib...l/pam_appl.html
>
See my login app (look for CheckPam, CheckShadow functions here
"http://cvs.sourceforge.net/viewcvs.py/wyodesktop/wyoDesktop/loginapp/sr
c/app.cpp?view=markup").

One problem remains, I don't know how to submit the password to PAM, any
idea?

O. Wyss

--
How to enhance your code, see "http://freshmeat.net/projects/wxguide/"

[ Post a follow-up to this message ]

<Jens.Toerring@physik.fu-berlin.de> wrote in message
news:2mitd8Fnp7lvU1@uni-berlin.de...
> Janina Kramer <j.kramer@school-sucks.com> wrote: 
uid[vbcol=seagreen] 
by[vbcol=seagreen] 
matter[vbcol=seagreen] 
>
> Getting the UID of a user when you know the user name is the easy
> part, you use the getpwnam() function which returns a structure
> containing the UID. It might also contain the (encrypted) password
> but only if no /etc/shadow file is used (but which is the default
> on all Linux installations I have seen). In case an /etc/shadow
> file is used (in that case the password is going to be a single 'x'
> character instead of a string of 13 chars) you need the getspnam()
> function to get the password.
>
> Next thing is to verify the password. Getting the password from
> the user (without it being shown on the screen) is often done
> using the getpass() function. Unfortunately, the function is
> marked as obsolete, so if you don't want to use it you have to
> switch off echoing of input to the terminal (see 'man termios')
> before having the user type in the password. Once you have it
> you must encrypt the password, using the crypt() function. There
> you have to use the first two characters of the encrypted password
> you got from getpwnam() or getspnam() as the 'salt' argument. Then
> you compare the result to the encrypted password.
>
> If all of that looks like too much work you should have a look at
> PAM (Pluggable Authentication Modules). A good starting point
> might be 'man 8 pam' and the Linux-PAM Application Developers'
> Guide from
>
> http://www.kernel.org/pub/linux/lib...l/pam_appl.html

nice, those are exactly the api functions that i was searching for.
thanks!

[ Post a follow-up to this message ]