Re: Shadow passwords...
On Apr 9, Guy Maor wrote
> > How do I support shadow and non-shadow with the same binary again? :)
> >
> > Since I'll be compiling xscreensaver with locking support (thus
> > requiring passwords, and needing to be shadow-aware), I need this
> > information now, and I can't seem to find the man page for
> > getspnam/getspent.
>
> They work just like their pwent analogues. Something like this will
> return a filled in passwd struct whether shadow is in use or not.
>
> int main() {
> uid_t shadowuid = geteuid();
> seteuid(getuid());
>
> /* lots of code */
>
> struct passwd *pw;
> struct shadow *spw;
> pw = getpwnam(myname);
> seteuid(shadowuid);
> if (spw = getspna(pw->pw_name))
> pw->pw_passwd = spw->sp_pwdp;
> seteuid(getuid());
>
> /* lots more code */
> }
>
> The program will have to be 2755 root.shadow. Set the euid as I've
> shown above as security advisories are embarassing. I've neglected to
> check the system call return values in the interest of brevity. You
> would do a seteuid(getuid()) and exit if any of them failed naturally.
Setting the binary to 2755 root.shadow is only necessary if the
program will be run by normal users. Programs that are only started
by root (for example system daemons) can (and should) be 755 root.root.
Thanks,
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@debian.org
Constantiaplatz 4, 26723 Emden, Germany tobias@linux.de
Reply to: