LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   How can i check a string with actual user passwd (ie password in /etc/shadow) (https://www.linuxquestions.org/questions/linux-software-2/how-can-i-check-a-string-with-actual-user-passwd-ie-password-in-etc-shadow-757468/)

iamjayanth 09-24-2009 07:29 AM
How can i check a string with actual user passwd (ie password in /etc/shadow)
 
Hi all,


I am trying to write a remote access module. Is there any function in linux where I can give string (password entered by user) and compare it with the actual user password stored in /etc/shadow.

Since the password is stored encrypted in /etc/shadow I cannot parse and compare. So I want some method to compare if my user entered the correct password..Is there any function for that..

chrism01 09-24-2009 07:29 PM
Tell us which lang you are using.
There should be some equiv of the crypt cmd http://linux.die.net/man/3/crypt and you need to know the salt by reading the entry in the shadow file. you can then invoke the 'crypt' cmd+salt (optionally using eg MD5) and generate an encrypted passwd that you then compare to the shadow entry.

http://linux.die.net/man/5/shadow

iamjayanth 09-24-2009 11:28 PM
Thanks chrism01 for the quick reply...I tried man page for both passwd and crypt...So you are saying that the password entered by my user should be encrypted using crypt() and then the resultant output string should be compared with the encrypted password in /etc/shadow file...


How can I determing which key the OS used to encrypt the password..So I must use the same key so that I can compare my password with the actual password...


I still does not fully understood that crypt function except I must use the same key that the OS used to obtain same level of encryption...
Please help me...

iamjayanth 09-25-2009 12:05 AM
I just read this site


Using that reference I just tried this program but failed
Code:
#include <shadow.h>
//#include <shadow/pwauth.h>
#include <rpcsvc/yppasswd.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>


int main()
{
        struct passwd *pw;
        char  entpw[30],*encpw;
        char user[30];
        printf("Enter which user : ");
        scanf("%s",user);
        printf("Enter the password : ");
        scanf("%s",entpw);
        if((pw=getpwnam(user))==NULL)
        {
                printf("No such user\n");
                return -1;
        }
        if(strlen(pw->pw_passwd)==0)
        {
                printf("Welcome you can enter without passwd\n");
                return 0;
        }
        encpw=(char *)crypt(entpw,pw->pw_passwd);
        printf("Encrypted passwd is : %s\n",encpw);
        if(!strcmp(encpw,pw->pw_passwd))
        {
                printf("You are always welcome\n");
                return 0;
        }
        else
        {
                printf("Wrong passwd...hacking?\n");
                return -1;
        }
        return 0;
}

I think I failed because crypt() function only works with DES encryption algorithm...I think in my OS (Centos 5) MD5 algorithm is used. I recognised this from shadow(5) man page.
Quote:
Optionally a password entry can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm
was used
Unfortunately my OS uses MD5 algorithm..Is there is any function like crypt which encrypt string using MD5 algorithm..Caught up in a new roadblock...Please help me...

iamjayanth 09-29-2009 01:15 AM
Please anybody help me...I badly need a way...

chrism01 09-29-2009 01:33 AM
1. grep out an example passwd from your /etc/shadow file eg

$1$b1yv9grF$mpwoS2r11VtENFrAmF2WW/

from http://www.perlmonks.org/?node_id=198592 (last post).

As it says, http://linux.die.net/man/3/crypt
Quote:
$1$<string>$", where "<string>" stands for the up to 8 characters following "$1$" in the salt,
so in this example, 'b1yv9grF' is the salt.

2. http://www.perlmonks.org/?node_id=198592 (same last post) gives 2 ways to create a salted md5 passwd to compare. As he says, your system will probably automatically do the md5 thing, so use the 2nd example.
You can try the first example as well if the 2nd one doesn't work.

3. Note that he links to another node that pretty much writes the code for you http://www.perlmonks.org/?node_id=62392

I advise you to play around with this stuff until you understand it; don't just settle for 'monkey see, monkey do'.

;)

PS That's all (simple) Perl.
Full Perl docs http://perldoc.perl.org/

iamjayanth 09-29-2009 01:34 AM
Finally I got it...this thread in linuxquestions helped me




The string which is the encrypted password in /etc/shadow can also be used as the key argument in crypt() function which will encrypt the string ...This program shows that (also from the same thread)


Code:
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <crypt.h>
int main(int argc, char *agrv[])
{
        const char *const pass = "$1$Og9RbNrT$/gNprNaDgv.hNS01Ue2gi1";
            char *result;
        int ok;
        result = crypt(getpass("Password:"), pass);
        ok = strcmp (result, pass);
        if ( ok == 0 )
        {
                puts("Access granted"\n);
                return 0;
        }
        else
        {
                puts ("Access denied\n");
                return 1;
        }
}

Thanks all for helping me...


All times are GMT -5. The time now is 07:38 PM.