I'm using/programming in Linux. Is there a way to add a user and password in C?
I'm using/programming in Linux. Is there a way to add a user and password in C?
You mean add to the system as a user that can login via the regular login-prompt, or have your application recognise different users with password for each user?
Both are possible. The former is probably much easier to do via one of the existing shell-scripts such as "adduser". You will need to be a "root" user to do that (doesn't matter if you are using C, assembler or shell-script, the files you need to modify are root-access only[or at least SHOULD be]).
To have users in your application requires that you have some way to store usernames and passwords (note: DO not store the password as "cleartext" [or even encrypted], use a hash or some such to verify the password). Then just ask the for a user-name and password, verify that the name is in your stored list, and that the password matches.
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
The only catch would be how the system deals with passwords. On a really simple system without SELinux, etc, it is really just a matter of modifying the right text files in /etc. I'm sure if you read the appropiate parts of a short intro to sysadmin somewhere you will be able to figure which ones (passwd, groups, some shadow files).
The only other thing that usually gets done is the creation of a skeleton home directory. But I am certain there is nothing more to it than this EXCEPT as mentioned, most contemporary distro installs have some complex stuff going on with the password and password shadow files.
Maybe a better way, since the shell commands already exist to do this (b.t.w. they are written in C, you can look at all the source code w/linux, obviously) in the context of a C program would be to use popen(), which you should be able to handle the input to and output from the command that way.
C programming resources:
GNU C Function and Macro Index -- glibc reference manual
The C Book -- nice online learner guide
Current ISO draft standard
CCAN -- new CPAN like open source library repository
3 (different) GNU debugger tutorials: #1 -- #2 -- #3
cpwiki -- our wiki on sourceforge
I'm just trying to add a user to the system. I'm learning about buffer overflows in class and I'm playing around with it on my virtual machine. I found code to add a user but it doesn't add a password so I can't login. Maybe I can execute the passwd command. Is that what popen does?
For popen help:
man popen(3)
And yes, you probably need to assign a password before you can log in.
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
Ok so I just tried this to start:
But I segfault.Code:FILE *f = popen("passwd",0); pclose(f);
Also, where is the passwd source code located?
Thanks
You will have to download it if you are using pre-installed binaries. It's part of some GNU tarball, maybe it's own. Make sure the source you download has the same version number as the passwd you are using. If you are familiar (or not) with "Linux From Scratch" (LFS), you could download the LFS book and glance through it for the manifest of required things to figure out which GNU package contains passwd (I think it might be just "passwd").
ps. 0 is not a valid second argument to popen().
Last edited by MK27; 04-10-2009 at 07:59 AM.
C programming resources:
GNU C Function and Macro Index -- glibc reference manual
The C Book -- nice online learner guide
Current ISO draft standard
CCAN -- new CPAN like open source library repository
3 (different) GNU debugger tutorials: #1 -- #2 -- #3
cpwiki -- our wiki on sourceforge
I'm getting closer:
I want it to make the password for user "c". If I just do the first popen, it prompts me to type in the password twice which is why I figured I should do the second two popens. It gives me a strange output though.Code:FILE *f ; f = popen("passwd user","r"); f = popen("c","w"); f = popen("c","w"); pclose(f);
Code:user@ubuntu:~/Projects/Project3_2/src$ sudo ./addPW sh: c: not found sh: c: not found user@ubuntu:~/Projects/Project3_2/src$ Enter new UNIX password: passwd: password updated successfully user@ubuntu:~/Projects/Project3_2/src$
I've also tried using this to send the password "c":
but that doesn't work eitherCode:fprintf(f,"c\r"); fprintf(f,"c\r");
You don't want to be calling popen more than once, since each one would mean a new passwd process sepereate from the others. You want to use "w" in the original call, because the popen output will be to stdout on your console anyway.
For example, I don't really don't need to add any users right now so I wrote another short program that receives stdin input and echoes it back with the word "got" prepended (ie, if run by itself, you would type in "XXX" and then the program would print "got XXX"). Here's the other program, which uses popen to feed lines to the first program:
So what happens is you don't see anything produced by this program on the console, you see the output from the first program:Code:#include <stdio.h> int main() { FILE *pin=popen("./test.pl","w"); int i; for (i=0; i<5; i++) fprintf(pin, "#%d\n",i); pclose(pin); return 0; }
got #0
got #1
got #2
got #3
got #4
All you have to is figure out what order to feed stuff to passwd in and that will be the same. Make sure you put a \n to indicate pushing enter!
C programming resources:
GNU C Function and Macro Index -- glibc reference manual
The C Book -- nice online learner guide
Current ISO draft standard
CCAN -- new CPAN like open source library repository
3 (different) GNU debugger tutorials: #1 -- #2 -- #3
cpwiki -- our wiki on sourceforge
Thanks! Got it! Here's what did it:
Now I have to get the assembly for this and generate the hex so I can use it. Just for my curiousity, I don't have a lot of space byte wise, do you know if perhaps theres a more low level way of accomplishing this that might use lets instructions?Code:FILE *f ; f = popen("passwd user","w"); fprintf(f,"c\n"); fprintf(f,"c\n"); pclose(f);
Thanks again
Why does it have to be assembler?
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
As I said, I'm messing around with buffer overflows and shellcode for class. I can add a user with shellcode but I can't login remotely with that user because I didn't make a password. So I'm trying to write some C code that I can disassemble and eventually get the hex for so I can create a password as well. I only have about 100 bytes to fit it into. The creation of a user takes between 60-80 bytes so I would think creating a password could be done in 60-80 bytes as well. After disassembling popen it seems a lot more complex so my thought is that there's another way.
Why does it have to be assembler/hex code. As far as I know, overflows are NOT restricted to assembler or to 100 bytes. That is an artificial limit YOU are setting to the problem!
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
This sounds kind of like "I'm taking organic chem because I'm interested in LSD, and I was wondering..."
C programming resources:
GNU C Function and Macro Index -- glibc reference manual
The C Book -- nice online learner guide
Current ISO draft standard
CCAN -- new CPAN like open source library repository
3 (different) GNU debugger tutorials: #1 -- #2 -- #3
cpwiki -- our wiki on sourceforge