From owner-freebsd-hackers@FreeBSD.ORG Wed Nov 26 06:05:36 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DB0016A4CE for ; Wed, 26 Nov 2003 06:05:36 -0800 (PST) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 17A5E43F3F for ; Wed, 26 Nov 2003 06:05:34 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 18352 invoked from network); 26 Nov 2003 14:03:52 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 26 Nov 2003 14:03:52 -0000 Received: (qmail 1149 invoked by uid 1000); 26 Nov 2003 14:05:30 -0000 Date: Wed, 26 Nov 2003 16:05:30 +0200 From: Peter Pentchev To: Kai Mosebach Message-ID: <20031126140530.GB307@straylight.m.ringlet.net> Mail-Followup-To: Kai Mosebach , 'Terry Lambert' , freebsd-hackers@freebsd.org References: <3FC49DA6.54459AD6@mindspring.com> <20031126132058.A663915E12E@dust.freshx.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cvVnyQ+4j833TQvp" Content-Disposition: inline In-Reply-To: <20031126132058.A663915E12E@dust.freshx.de> User-Agent: Mutt/1.5.5.1i cc: freebsd-hackers@freebsd.org Subject: Re: getpwnam with md5 encrypted passwds X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2003 14:05:36 -0000 --cvVnyQ+4j833TQvp Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote: > > -----Urspr?ngliche Nachricht----- > > Von: Terry Lambert [mailto:tlambert2@mindspring.com] > > Gesendet: Mittwoch, 26. November 2003 13:34 > > An: sapdb@komadev.de > > Cc: freebsd-hackers@freebsd.org > > Betreff: Re: getpwnam with md5 encrypted passwds > >=20 > > "sapdb@komadev.de" wrote: > > > i am trying to validate a given user password against my local passwd- > > file with > > > this piece of code : > > > > > > if (!( pwd =3D getpwnam ( user ))) { > > > log(ERROR,"User %s not known",user); > > > stat=3DNOUSER; > > > } > > > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { > > > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user); > > > stat =3D AUTHED; > > > } > >=20 > > I know you have the fix for the crypt of the wrong field, but the > > proper thing to do is probably to use pan_authenticate() so that > > you are insensitive to the athentication method being used, rather > > than crypting and comparing it yourself. > >=20 >=20 > Looks interesting ... is this method also usable, when i dropped my privs= ? I think Terry meant pam_authenticate() (not pan), but to answer your question: no, when you drop your privileges, you do not have access to at least the system's password database (/etc/spwd.db, generated from /etc/passwd and /etc/master.passwd by pwd_mkdb(8)). If this will be any consolation, getpwnam() won't return a password field when you have dropped root privileges either. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contains exactly threee erors. --cvVnyQ+4j833TQvp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/xLMq7Ri2jRYZRVMRAmG9AKCpOHdERo0BUJMvmusDW2S92rjpNgCeP20V 68omqPI9792en7UbyxxGhIY= =6Lnj -----END PGP SIGNATURE----- --cvVnyQ+4j833TQvp--