somsky@brl.mil (William R. Somsky) (06/11/91)
I'd like to put 'xlock' onto our systems, but I'm having difficulty with the unlock user verification part. What xlock normally does is ask for the user's password and compares this (via the appropriate encryption routines) with the entry found in /etc/passwd. With the passwords stored in /etc/security/passwd, however, this fails. Has anyone worked this out? Should I make xlock be suid root? What would be needed to read the /etc/security/passwd file? For getting the info out of /etc/passwd, there is some library routin (I forget the name just now) which reads the /etc/passwd file and extracts the relevant information. Is there an appropriate function for the /etc/security/passwd file? Does anyone have any suggestions? (And yes, I've already dealt with Ctl-Alt-Backspace.) ---------------------------------------------------------------------- I speak for no-one other than myself --- sometimes, not even that... ---------------------------------------------------------------------- William R. Somsky somsky@brl.mil
fn@fractal.math.yale.edu (Francois Normant) (06/12/91)
In article <16390@smoke.brl.mil> somsky@brl.mil (William R. Somsky) writes: >I'd like to put 'xlock' onto our systems, but I'm having difficulty >with the unlock user verification part. What xlock normally does is ask >for the user's password and compares this (via the appropriate encryption >routines) with the entry found in /etc/passwd. With the passwords stored >in /etc/security/passwd, however, this fails. Has anyone worked this out? >Should I make xlock be suid root? Yes it's what I did (chmod 4555 xlock) and it works fine that whay. -- Francois Normant - fn@math.yale.edu Yale University - Mathematics Department Box 2155 - Yale Station New Haven CT 06520
jfh@rpp386.cactus.org (John F Haugh II) (06/12/91)
In article <16390@smoke.brl.mil> somsky@brl.mil (William R. Somsky) writes: > With the passwords stored >in /etc/security/passwd, however, this fails. Has anyone worked this out? >Should I make xlock be suid root? Either set-UID "root" or possibly set-GID "security". The I&A files in /etc/security should all have the same group and have read access for the group. I think ... > What would be needed to read the >/etc/security/passwd file? For getting the info out of /etc/passwd, >there is some library routin (I forget the name just now) which reads >the /etc/passwd file and extracts the relevant information. Is there >an appropriate function for the /etc/security/passwd file? getuserpw(). It will return all of the user password information from the password file. There are two other routines, ckuserid() and ckuseracct() that will authenticate the user for you in case you want support the configurable authentication features. -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "If liberals interpreted the 2nd Amendment the same way they interpret the rest of the Constitution, gun ownership would be mandatory."
tli@Morgan.COM ( IBM) (06/18/91)
In article <16390@smoke.brl.mil> somsky@brl.mil (William R. Somsky) writes: >I'd like to put 'xlock' onto our systems, but I'm having difficulty >with the unlock user verification part. What xlock normally does is ask >for the user's password and compares this (via the appropriate encryption >routines) with the entry found in /etc/passwd. With the passwords stored >in /etc/security/passwd, however, this fails. Has anyone worked this out? >Should I make xlock be suid root? What would be needed to read the >/etc/security/passwd file? For getting the info out of /etc/passwd, >there is some library routin (I forget the name just now) which reads >the /etc/passwd file and extracts the relevant information. Is there >an appropriate function for the /etc/security/passwd file? Does anyone >have any suggestions? (And yes, I've already dealt with Ctl-Alt-Backspace.) >William R. Somsky somsky@brl.mil The following are the modifications I made to the code. modified xlock.c getPassword() to read: XWindowAttributes xgwa; int y, /* moved the int declaration aft xgwa */ left, done; #ifdef _AIX uid_t uuid; char user[10]; uuid = getuid(); pw = getpwuid(uuid); strcpy(user,pw->pw_name); strcpy(userpass, pw->pw_passwd); #else char *user = getenv(USERNAME); #endif .. .. .. /* added if not def since user and userpass was set at start of getPassword */ #ifndef _AIX pw = getpwnam(user); strcpy(userpass, pw->pw_passwd); #endif =============================================================== Thomas Y. Li Email: tli@nycvmic4.iinus1.ibm.com IBM Corporation tli%nycvmic4@iinus1.ibm.com 33 Maiden Lane 10th Floor tli@morgan.com New York, NY 10038 (212) 493-2516 T/L 340 VNET: tli at nycvmic4
josevela@mtecv2.mty.itesm.mx (Jose Angel Vela Avila) (06/18/91)
>The following are the modifications I made to the code. >modified xlock.c getPassword() to read: > XWindowAttributes xgwa; > int y, /* moved the int declaration aft xgwa */ > left, > done; >#ifdef _AIX > uid_t uuid; > char user[10]; > uuid = getuid(); > pw = getpwuid(uuid); > strcpy(user,pw->pw_name); > strcpy(userpass, pw->pw_passwd); >#else > char *user = getenv(USERNAME); >#endif >Thomas Y. Li Email: tli@nycvmic4.iinus1.ibm.com >IBM Corporation tli%nycvmic4@iinus1.ibm.com Yes ! yes ! yes and more yes ! One more time AIX is the problem....... IBM : Why not to do it standard ???? Why so many troubles ??? Why I have to be aware of hear something relation with AIX problems and bugs?? Why that montly 'updates' (patches) ??? Support Team : Please, please, when you fix some bug in previous releases please don't do any ones in the 'last' release ( I mind 3.1.5 ) Greetings ... after all for not to hear us .... Jose A. Vela Avila josevela@mtecv2.mty.itesm.mx PS: I this stuff is just mine .....
tli@Morgan.COM ( IBM) (06/19/91)
>Yes ! yes ! yes and more yes ! >One more time AIX is the problem....... > >IBM : Why not to do it standard ???? > >Why so many troubles ??? Let me explain my modifications. tli>modified xlock.c getPassword() to read: tli> tli>XWindowAttributes xgwa; tli>int y, /* moved the int declaration aft xgwa */ tli> left, tli> done; I want to keep the declarations together, so I moved them. My customer do not want to depend on the env var USERNAME; therefore, I used getuid() to see who is executing this prog. tli>#ifdef _AIX tli> uid_t uuid; tli> char user[10]; tli> uuid = getuid(); tli> pw = getpwuid(uuid); tli> strcpy(user,pw->pw_name); tli> strcpy(userpass, pw->pw_passwd); tli>#else tli> char *user = getenv(USERNAME); tli>#endif tli>.. tli>.. tli>.. tli>/* added if not def since user and userpass was set at start of getPassword */ As the comment states, I did not have to call getpwnam(), since I got all the information I need from the first #ifdef _AIX. tli>#ifndef _AIX tli> pw = getpwnam(user); tli> strcpy(userpass, pw->pw_passwd); tli>#endif tli> =============================================================== Thomas Y. Li Email: tli@nycvmic4.iinus1.ibm.com IBM Corporation tli%nycvmic4@iinus1.ibm.com 33 Maiden Lane 10th Floor tli@morgan.com New York, NY 10038 (212) 493-2516 T/L 340 VNET: tli at nycvmic4
shah@cdsun.fnal.gov (Hemant Shah) (06/29/91)
In article <16390@smoke.brl.mil>, somsky@brl.mil (William R. Somsky) writes: |> I'd like to put 'xlock' onto our systems, but I'm having difficulty |> with the unlock user verification part. What xlock normally does is ask |> for the user's password and compares this (via the appropriate encryption |> routines) with the entry found in /etc/passwd. With the passwords stored |> in /etc/security/passwd, however, this fails. Has anyone worked this out? |> Should I make xlock be suid root? What would be needed to read the |> /etc/security/passwd file? For getting the info out of /etc/passwd, |> there is some library routin (I forget the name just now) which reads |> the /etc/passwd file and extracts the relevant information. Is there |> an appropriate function for the /etc/security/passwd file? Does anyone |> have any suggestions? (And yes, I've already dealt with Ctl-Alt-Backspace.) |> |> ---------------------------------------------------------------------- |> I speak for no-one other than myself --- sometimes, not even that... |> ---------------------------------------------------------------------- |> William R. Somsky somsky@brl.mil When we proted xlock to our RS600 we had same problem. Our solution was to change the permission on the files, the /etc/security directory should look like : drwxr-xr-x 4 root security 512 May 01 18:03 security and the file permission in /etc/security should look like : -rw-r--r-- 1 root security 2853 Jun 26 09:32 passwd ------------------------------------------------------------------------------- Hemant Shah Fermilab ACCESS/System Integration E-mail :shah@fnal.fnal.gov Voice : (708) 840-8071 Fax : (708) 840-2783 -------------------------------------------------------------------------------
fn@fractal.math.yale.edu (Francois Normant) (06/29/91)
In article <503@fnnews.fnal.gov> shah@cdsun.fnal.gov (Hemant Shah) writes: > >In article <16390@smoke.brl.mil>, somsky@brl.mil (William R. Somsky) writes: >|> I'd like to put 'xlock' onto our systems, but I'm having difficulty >|> with the unlock user verification part. What xlock normally does is ask >|> for the user's password and compares this (via the appropriate encryption >|> routines) with the entry found in /etc/passwd. With the passwords stored >|> in /etc/security/passwd, however, this fails. Has anyone worked this out? >|> Should I make xlock be suid root? What would be needed to read the >|> /etc/security/passwd file? For getting the info out of /etc/passwd, >|> there is some library routin (I forget the name just now) which reads >|> the /etc/passwd file and extracts the relevant information. Is there >|> an appropriate function for the /etc/security/passwd file? Does anyone >|> have any suggestions? (And yes, I've already dealt with Ctl-Alt-Backspace.) >|> >|> ---------------------------------------------------------------------- >|> I speak for no-one other than myself --- sometimes, not even that... >|> ---------------------------------------------------------------------- >|> William R. Somsky somsky@brl.mil > > >When we proted xlock to our RS600 we had same problem. Our solution was to >change the permission on the files, the /etc/security directory should look >like : > > drwxr-xr-x 4 root security 512 May 01 18:03 security > >and the file permission in /etc/security should look like : > > -rw-r--r-- 1 root security 2853 Jun 26 09:32 passwd > > >------------------------------------------------------------------------------- >Hemant Shah >Fermilab >ACCESS/System Integration > > >E-mail :shah@fnal.fnal.gov > Voice : (708) 840-8071 > Fax : (708) 840-2783 >------------------------------------------------------------------------------- It would be much better to use the patch that was posted a few weeks ago or even set xlock user-id to root (chmod 4555 xlock). But please leave the permissions as they originally are on /etc/security (drwxr-x---) and /etc/security/passwd (-rw-------). If anybody can take a peak at /etc/security, explain me the utility of that directory ? -- Francois Normant - fn@math.yale.edu Yale University - Mathematics Department Box 2155 - Yale Station New Haven CT 06520