LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-24-2009, 07:29 AM   #1
iamjayanth
Member
 
Registered: Oct 2008
Posts: 51

Rep: Reputation: 15
How can i check a string with actual user passwd (ie password in /etc/shadow)


Hi all,


I am trying to write a remote access module. Is there any function in linux where I can give string (password entered by user) and compare it with the actual user password stored in /etc/shadow.

Since the password is stored encrypted in /etc/shadow I cannot parse and compare. So I want some method to compare if my user entered the correct password..Is there any function for that..
 
Old 09-24-2009, 07:29 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,407

Rep: Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396
Tell us which lang you are using.
There should be some equiv of the crypt cmd http://linux.die.net/man/3/crypt and you need to know the salt by reading the entry in the shadow file. you can then invoke the 'crypt' cmd+salt (optionally using eg MD5) and generate an encrypted passwd that you then compare to the shadow entry.

http://linux.die.net/man/5/shadow
 
Old 09-24-2009, 11:28 PM   #3
iamjayanth
Member
 
Registered: Oct 2008
Posts: 51

Original Poster
Rep: Reputation: 15
Thanks chrism01 for the quick reply...I tried man page for both passwd and crypt...So you are saying that the password entered by my user should be encrypted using crypt() and then the resultant output string should be compared with the encrypted password in /etc/shadow file...


How can I determing which key the OS used to encrypt the password..So I must use the same key so that I can compare my password with the actual password...


I still does not fully understood that crypt function except I must use the same key that the OS used to obtain same level of encryption...
Please help me...
 
Old 09-25-2009, 12:05 AM   #4
iamjayanth
Member
 
Registered: Oct 2008
Posts: 51

Original Poster
Rep: Reputation: 15
I just read this site


Using that reference I just tried this program but failed
Code:
#include <shadow.h>
//#include <shadow/pwauth.h>
#include <rpcsvc/yppasswd.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>


int main()
{
	struct passwd *pw;
	char  entpw[30],*encpw;
	char user[30];
	printf("Enter which user : ");
	scanf("%s",user);
	printf("Enter the password : ");
	scanf("%s",entpw);
	if((pw=getpwnam(user))==NULL)
	{
		printf("No such user\n");
		return -1;
	}
	if(strlen(pw->pw_passwd)==0)
	{
		printf("Welcome you can enter without passwd\n");
		return 0;
	}
	encpw=(char *)crypt(entpw,pw->pw_passwd);
	printf("Encrypted passwd is : %s\n",encpw);
	if(!strcmp(encpw,pw->pw_passwd))
	{
		printf("You are always welcome\n");
		return 0;
	}
	else
	{
		printf("Wrong passwd...hacking?\n");
		return -1;
	}
	return 0;
}

I think I failed because crypt() function only works with DES encryption algorithm...I think in my OS (Centos 5) MD5 algorithm is used. I recognised this from shadow(5) man page.
Quote:
Optionally a password entry can start with a "$" character. This means the encrypted password was generated using another (not DES) algorithm. For example if it starts with "$1$" it means the MD5-based algorithm
was used
Unfortunately my OS uses MD5 algorithm..Is there is any function like crypt which encrypt string using MD5 algorithm..Caught up in a new roadblock...Please help me...
 
Old 09-29-2009, 01:15 AM   #5
iamjayanth
Member
 
Registered: Oct 2008
Posts: 51

Original Poster
Rep: Reputation: 15
Please anybody help me...I badly need a way...
 
Old 09-29-2009, 01:33 AM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,407

Rep: Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396Reputation: 2396
1. grep out an example passwd from your /etc/shadow file eg

$1$b1yv9grF$mpwoS2r11VtENFrAmF2WW/

from http://www.perlmonks.org/?node_id=198592 (last post).

As it says, http://linux.die.net/man/3/crypt
Quote:
$1$<string>$", where "<string>" stands for the up to 8 characters following "$1$" in the salt,
so in this example, 'b1yv9grF' is the salt.

2. http://www.perlmonks.org/?node_id=198592 (same last post) gives 2 ways to create a salted md5 passwd to compare. As he says, your system will probably automatically do the md5 thing, so use the 2nd example.
You can try the first example as well if the 2nd one doesn't work.

3. Note that he links to another node that pretty much writes the code for you http://www.perlmonks.org/?node_id=62392

I advise you to play around with this stuff until you understand it; don't just settle for 'monkey see, monkey do'.



PS That's all (simple) Perl.
Full Perl docs http://perldoc.perl.org/

Last edited by chrism01; 09-29-2009 at 01:34 AM.
 
Old 09-29-2009, 01:34 AM   #7
iamjayanth
Member
 
Registered: Oct 2008
Posts: 51

Original Poster
Rep: Reputation: 15
Finally I got it...this thread in linuxquestions helped me




The string which is the encrypted password in /etc/shadow can also be used as the key argument in crypt() function which will encrypt the string ...This program shows that (also from the same thread)


Code:
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <crypt.h>
int main(int argc, char *agrv[])
{
	const char *const pass = "$1$Og9RbNrT$/gNprNaDgv.hNS01Ue2gi1";
    	char *result;
        int ok;
        result = crypt(getpass("Password:"), pass);
        ok = strcmp (result, pass);
        if ( ok == 0 )
	{
        	puts("Access granted"\n);
		return 0;
	}
        else 
	{
	        puts ("Access denied\n");
		return 1;
	}
}

Thanks all for helping me...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
check Linux password from /etc/shadow htabesh Programming 8 05-24-2013 12:44 PM
user password failed after migrating /etc/shadow, /etc/passwd ect from SUSE9 to CenOS monkeyxu Linux - Newbie 1 05-21-2009 09:42 AM
user autentication error because of manual modification in passwd / shadow nirmalsethy Linux - Newbie 1 11-20-2008 10:45 AM
Moving user accounts between computers (Something wrong with passwd, shadow, etc.) Lionhard Linux - Software 5 01-18-2008 08:53 PM
how passwd(1) for normal user changes /etc/shadow? sknowonweb Linux - Newbie 1 12-22-2005 12:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration