How to check somebody's password?

This is a discussion on How to check somebody's password? within the Linux Programming forums, part of the Platform Specific Boards category; I'm writing a program that will need the user's password. The program should not have to be run as root, ...

  1. #1
    Registered User
    Join Date
    Aug 2005
    Posts
    3

    How to check somebody's password?

    I'm writing a program that will need the user's password. The program should not have to be run as root, but it should work when run normally.

    The user should type his login password, and the program should check if the password is right. I can't figure out how to do this. Can anybody help me?


    int uid = getuid(); /* see who it is */
    char[50] entered_passwd;

    /* somehow check if entered_password is the user's password
    * how do I do this?? */

    if (password_is_correct) {
    /* do something */
    } else {
    printf("Wrong!\n");
    /* do something else */
    }

  2. #2
    Prying open my third eye.
    Join Date
    Jun 2005
    Posts
    45
    A simple one would be strcmp().

    Code:
    if (strcmp(str1, str2) == 0) {
    // password is correct
    }
    Read the man page for strcmp for full details, but it will return 0 if the strings are the same.
    "So you're one of those condescending UNIX computer users?"

    "Here's a nickel, kid. Get yourself a better computer."

  3. #3
    Registered User
    Join Date
    Aug 2005
    Posts
    3
    No, that's not what I need. I need some way to see if the password the user typed in is really his login password. I need to get the login password from somewhere, or I need a function which I can pass a string and it will check if it is the login password (the one stored encrypted in /etc/passwd, /etc/shadow or somewhere else depending on your Linux distribution).

  4. #4
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,555
    Rough guess
    http://man.he.net/man3/getpwent - to get the current user info
    http://man.he.net/man3/crypt - encrypt what the user types in (again)
    Then compare the two values to see if they match...
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  5. #5
    Registered User
    Join Date
    Aug 2005
    Posts
    3
    On my system, getpwuid(getuid())->pw_passwd only returns 'x'.

  6. #6
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,555
    So start reading around the subject then.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  7. #7
    Registered User
    Join Date
    Sep 2002
    Posts
    52
    Try looking at the manual for the things Salem suggested and look at shadow passwords
    - Daniel Wallace

  8. #8
    Registered User Jaqui's Avatar
    Join Date
    Feb 2005
    Posts
    416
    or, moore simply, use the system login.

    you can call it from your app, using it to perform the login and password checks.
    Quote Originally Posted by Jeff Henager
    If the average user can put a CD in and boot the system and follow the prompts, he can install and use Linux. If he can't do that simple task, he doesn't need to be around technology.

  9. #9
    Comment your source code! Lynux-Penguin's Avatar
    Join Date
    Apr 2002
    Posts
    533
    PAM also works really really good with programs like this:
    http://www.google.com/search?q=Plugg...ication+Module
    also for crypt to encrypt the users password to MD5 (which is what all current linux distros use, i think)
    for the salt have it start with $1$ followed by an 8 character salt, but since it is comparison of an already existing password make sure the salt is the same
    for example:
    if my password was $1$mysalt12$aXz13ajA/adnzei24kaAHifebn28 then when you do the string comparison
    do something like
    Code:
    sprintf(user_pass,"$1$mysalt12$%s",crypt(typed_password,"$1$mysalt12"));
    note: it is better to use snprintf because of the bounds checking.

    -LC
    Asking the right question is sometimes more important than knowing the answer.
    Please read the FAQ
    C Reference Card (A MUST!)
    Pointers and Memory
    The Essentials
    CString lib

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. BN_CLICKED, change button style
    By bennyandthejets in forum Windows Programming
    Replies: 13
    Last Post: 07-05-2010, 11:42 PM
  2. Check application visibility
    By 3saul in forum Linux Programming
    Replies: 2
    Last Post: 02-13-2006, 04:13 PM
  3. Password
    By KJ_Magic in forum C++ Programming
    Replies: 15
    Last Post: 04-19-2003, 07:29 PM
  4. Password, color
    By leinad079 in forum C Programming
    Replies: 8
    Last Post: 03-16-2003, 04:10 PM
  5. Password prompt in unix w/o \b
    By rafe in forum C++ Programming
    Replies: 1
    Last Post: 10-09-2002, 08:54 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21