getpwnam with md5 encrypted passwds

Peter Pentchev roam at ringlet.net
Wed Nov 26 06:05:36 PST 2003


On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote:
> > -----Urspr?ngliche Nachricht-----
> > Von: Terry Lambert [mailto:tlambert2 at mindspring.com]
> > Gesendet: Mittwoch, 26. November 2003 13:34
> > An: sapdb at komadev.de
> > Cc: freebsd-hackers at freebsd.org
> > Betreff: Re: getpwnam with md5 encrypted passwds
> > 
> > "sapdb at komadev.de" wrote:
> > > i am trying to validate a given user password against my local passwd-
> > file with
> > > this piece of code :
> > >
> > >         if (!( pwd = getpwnam ( user ))) {
> > >                 log(ERROR,"User %s not known",user);
> > >                 stat=NOUSER;
> > >         }
> > >         if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) {
> > >                 log(DEBUG|MISC,"HURRAY : %s authenticated\n", user);
> > >                 stat = AUTHED;
> > >                 }
> > 
> > I know you have the fix for the crypt of the wrong field, but the
> > proper thing to do is probably to use pan_authenticate() so that
> > you are insensitive to the athentication method being used, rather
> > than crypting and comparing it yourself.
> > 
> 
> Looks interesting ... is this method also usable, when i dropped my privs ?

I think Terry meant pam_authenticate() (not pan), but to answer your
question: no, when you drop your privileges, you do not have access to
at least the system's password database (/etc/spwd.db, generated from
/etc/passwd and /etc/master.passwd by pwd_mkdb(8)).  If this will be any
consolation, getpwnam() won't return a password field when you have
dropped root privileges either.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at sbnd.net    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence contains exactly threee erors.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20031126/a429a3bd/attachment.bin


More information about the freebsd-hackers mailing list