Date: Wed, 26 Nov 2003 16:05:30 +0200 From: Peter Pentchev <roam@ringlet.net> To: Kai Mosebach <kai@freshx.de> Cc: freebsd-hackers@freebsd.org Subject: Re: getpwnam with md5 encrypted passwds Message-ID: <20031126140530.GB307@straylight.m.ringlet.net> In-Reply-To: <20031126132058.A663915E12E@dust.freshx.de> References: <3FC49DA6.54459AD6@mindspring.com> <20031126132058.A663915E12E@dust.freshx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--cvVnyQ+4j833TQvp
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote:
> > -----Urspr?ngliche Nachricht-----
> > Von: Terry Lambert [mailto:tlambert2@mindspring.com]
> > Gesendet: Mittwoch, 26. November 2003 13:34
> > An: sapdb@komadev.de
> > Cc: freebsd-hackers@freebsd.org
> > Betreff: Re: getpwnam with md5 encrypted passwds
> >=20
> > "sapdb@komadev.de" wrote:
> > > i am trying to validate a given user password against my local passwd-
> > file with
> > > this piece of code :
> > >
> > > if (!( pwd =3D getpwnam ( user ))) {
> > > log(ERROR,"User %s not known",user);
> > > stat=3DNOUSER;
> > > }
> > > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) {
> > > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user);
> > > stat =3D AUTHED;
> > > }
> >=20
> > I know you have the fix for the crypt of the wrong field, but the
> > proper thing to do is probably to use pan_authenticate() so that
> > you are insensitive to the athentication method being used, rather
> > than crypting and comparing it yourself.
> >=20
>=20
> Looks interesting ... is this method also usable, when i dropped my privs=
?
I think Terry meant pam_authenticate() (not pan), but to answer your
question: no, when you drop your privileges, you do not have access to
at least the system's password database (/etc/spwd.db, generated from
/etc/passwd and /etc/master.passwd by pwd_mkdb(8)). If this will be any
consolation, getpwnam() won't return a password field when you have
dropped root privileges either.
G'luck,
Peter
--=20
Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence contains exactly threee erors.
--cvVnyQ+4j833TQvp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/xLMq7Ri2jRYZRVMRAmG9AKCpOHdERo0BUJMvmusDW2S92rjpNgCeP20V
68omqPI9792en7UbyxxGhIY=
=6Lnj
-----END PGP SIGNATURE-----
--cvVnyQ+4j833TQvp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031126140530.GB307>