Thread: The crypt function in crypt.h

Originally Posted by guraknugen

I'm a beginner (and I will probably be forever…), so I visited the FAQ section. Right now I'm studying the FAQ > Environment and user data page and I try to make the examples there work by modifying them to make sense.

I failed with the last one however.
Here's the example code from that page:

Code:

#include <sys/types.h> 
#include <pwd.h> 
#include <unistd.h> 
#include <stdio.h> 

struct passwd *p;
p = getpwnam( "username" );
if (p) 
{
   if( strcmp( crypt( "Password", p->pw_passwd ), p->pw_passwd ) == 0 ) 
      {
        puts( "match" );
      } 
   else 
   {
        puts( "no match" );
   }
}

Of course this doesn't work out of the box, so I modified it a bit:

Code:

#include <sys/types.h> 
#include <pwd.h> 
#include <unistd.h> 
#include <stdio.h>
#include <string.h>
#include <crypt.h>

int
main(int argc, char *argv[])
{
   if (argc==2) {
      struct passwd *p;
      p=getpwnam(getlogin());
      if(p) {
         if(strcmp(crypt(argv[1], p->pw_passwd), p->pw_passwd)==0)
            puts("Right!");
         else
            puts("Wrong!");
      }
      return 0;
   }
   else {
      puts("Syntax:");
      puts("Password <password>");
      return 1;
   }
}

Maybe I did an obvious mistake, I don't know. Maybe I just misunderstood the whole concept.

The problem is that whatever I try with as input, as long as there are exactly one parameter, the output is ”Wrong!”, even when the correct password is used.

So what obvious little thing did I miss?

Here's what the output from running it would look like, if the correct password is ”ThisIsTheCorrectPa55word”:

Code:

$ ./PasswordTest
Syntax:
PasswordTest <password>
$ ./PasswordTest aligraljrhgor
Wrong!
 $ ./PasswordTest ThisIsTheCorrectPa55word
Wrong!
$

Compiled with:

Code:

gcc PasswordTest.c -lcrypt -o PasswordTest

There were no errors when compiling.

gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3

It seems to me you may have interpreted getlogin() wrong. I'm a Windows guy myself, but from reading the documentation here :

getlogin - Linux Command - Unix Command

It seems it retrieves your user password. Is that your user password that you gave us? Otherwise that may be your problem.

You could change this in your code :

Code:

p=getpwnam(getlogin());

to this :

Code:

p=getpwnam("ThisIsTheCorrectPa55word");

As I said, I do not know a lot about linux. That is my guess on what is wrong though.

Could it be that your system doesn't use crypt, but instead uses something like ecb_crypt(3): fast DES encryption - Linux man page?

What do you get by code below?

Code:

printf ("%s\n", p->pw_passwd);

man shadow.h

Maybe Ubuntu/Linaro doesn't use shadow?

Couldn't edit previous post, it's:
man shadow

Originally Posted by HelpfulPerson

Is that your user password that you gave us?

Well, a fake one, yes. I replaced my real password with that text string, just to illustrate what I was doing, I think I mentioned that, but maybe I forgot. When I tested the program, I entered my real user password.

Originally Posted by HelpfulPerson

It seems to me you may have interpreted getlogin() wrong. I'm a Windows guy myself, but from reading the documentation here :

getlogin - Linux Command - Unix Command

It seems it retrieves your user password.

No, it retrieves the login name, in my case ”guraknugen” (I also tested this). If it was possible to retrieve the password, it wouldn't be very safe, would it…? As far as I understand, the password can't be retrieved with less than brutal force.

I saw another crypt example where they used a much longer salt than that, but I didn't test it, I think… Maybe you are right. Well, it certainly looks like it…

I'll take a look at it tomorrow, as I am a little bit too busy this evening, unfortunately.
Thank you, and thank all the others who replied! I'll take a closer look at all your replies and come back later.

Originally Posted by fnprintf

Maybe Ubuntu/Linaro doesn't use shadow?

Couldn't edit previous post, it's:
man shadow

At least the man page is installed. 96 lines all together.

Originally Posted by oogabooga

Could it be that your system doesn't use crypt, but instead uses something like ecb_crypt(3): fast DES encryption - Linux man page?

Maybe, I don't know… I'll take a look at it later. Not much time for it this evening, unfortunately… Thanks for replying!