root privileges

sumsin · November 14, 2005, 5:53am

Hi

I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing the task the user returns in its originol state.

So how should I manage it in C or C++.

Plz Help.

thanks & regards.

matrixmadhan · November 14, 2005, 8:52am

this can be done in two ways

a)one using the uid of root and the current user

struct passwd *passent;
passent=getpwnam("root");
if( getuid() == passent->pw_uid )
{
  //root can run this program
}
else
{
  //not root cannot run this pgm
  exit(0);
}

b) second one is to use the login name

struct passwd *passent;
passent=getpwnam("root");
if( strcmp(getlogin(),passent->pw_name) == 0)
{
  //root can run this program
}
else
{
  //not root cannot run this pgm
  exit(0);
}

sumsin · November 15, 2005, 12:28am

but I also want to prompt the user to enter 'root password' and if this is not valid root password the program will exit.

In ur solution we are only checking that if the current user is root continue with the program otherwise exit.

thanks.

blowtorch · November 15, 2005, 1:41am

matrixmadhan's solution can be extended to also do what you want to. Check the man pages of getpwnam and related syscalls to see how you can go about this.

sumsin · November 15, 2005, 9:13am

Ya thats fine, but where I am in the trouble is...

let the current user is not root.
so I prompt an input dialog box( in Qt password mode ).
if user enters a wrong password it must exit.
else the program would proceed.

but what the problem is :

How will I validate root's password.
If password found valid how will I change user only for current program and after exiting this program user should automatically come in its previous state.

( Something like when you click 'Add/Remove Applications' in 'Systems Settings' in RedHat 9 as a normal user it prompts for root password and after finishing the task you came in your previous state )

thanks

sumsin

blowtorch · November 15, 2005, 9:52am

See the man page of getpwent/getpwnam. The structure that these system calls return also has the encrypted password. Your program can use this to validate the password that the user enters and then go ahead with a 'setuid' call. Once this is one, you are running with root privs.

sumsin · November 15, 2005, 10:02am

but how an encrypted password compare with a non-encrypted password.

blowtorch · November 15, 2005, 10:06am

You have to encrypt the password that you take from the user and compare it with the encrypted password. I think that the password encryption header files/libraries will be system dependent, but I am not so sure.
--EDIT--
Could you post your uname -a output anyways? This will help anyone who wants to help you.
--/EDIT--

sumsin · November 16, 2005, 12:47am

$ uname -a
Linux sumit 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux

but stil I am not sure which encryption algorithm should use to encrypt the password.

thanks

sumsin

blowtorch · November 17, 2005, 11:20pm

See the man page of 'crypt'. I think that may get you started.

Perderabo · November 18, 2005, 12:09am

Just use:
su root -c /some/script/or/program
and the above line can be placed in a (very short) script. When the user runs the script, su will prompt for the root password.

sumsin · November 18, 2005, 7:13am

thanks Perderabo

but I want to run it in GUI mode, so how I use it?

Perderabo · November 18, 2005, 1:51pm

I guess you have me there. Ok, on HP-UX, I changed a old user's password to the terrible password of "password". This changed his encrypted password to "O26nQUAUM2vLA". I copied that string into a program to sidestep the problem of obtaining it. This varies from system to system. Most systems have an /etc/shadow file, but HP-UX does not. And anyway, your question centered around testing a supplied password against the encrypted string. This program works on HP-UX and Solaris...

#ifdef __STDC__
#define PROTOTYPICAL
#endif
#ifdef __cplusplus
#define PROTOTYPICAL
#endif

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <crypt.h>

#define ENCRYPT "O26nQUAUM2vLA"

#ifdef PROTOTYPICAL
int main(int argc, char *argv[], char *envp[])
#else
main(argc,argv,envp)
int argc;
char *argv[];
char *envp[];
#endif

{
        static char e[] = ENCRYPT;
        static char pass[9];
        strcpy(pass, getpass("Enter password - "));
        printf(" You entered %s which is %d chars in length \n", pass, strlen(pass));
        if (!strcmp(crypt(pass, e), e)) {
                printf("That is the correct password\n");
        } else {
                printf("That is the wrong password\n");
        }
         exit(0);
}

sumsin · November 19, 2005, 2:55am

thanks Perderabo

but this way I have to know the encrypted password of root in advance ( I think that also need root priveleges ) and if root change its password then!

( Actually I want to develop an interface, something like : when you click 'Add/Remove Applications' in 'Systems Settings' in RedHat 9 as a normal user it prompts for root password and after finishing the task you came in your previous state )

thanks

Perderabo · November 19, 2005, 4:46am

That's right. You need access to the encrypted password in order to verify that the user typed in a password that matches it. What did you expect? Do you think that su can verify that you typed in the root password without looked at the encrypted password? Well, here's a clue..su obtains the encrypted string and verifies the entered password using exactly this method.

krhamidou · November 20, 2005, 8:11am

i think that the simplest solution to solve this problem is to use the kdesu program , supplied with kde.

you'll have to run your program with this command :

kde will display a dialog box which let the user type the root password or exit.

sumsin · November 21, 2005, 4:54am

thanks

kdesu is GUI flavour of su.
but i want to implement it after execution of the program.
mean...

I execute my application say ( ./test )
then I check the user inside the application and if it not root I prompt the user.

linuxpenguin · December 29, 2005, 7:22pm

Hi Perderbo,
I am going to look foolish asking this question, but it is bothering me.

"Well, here's a clue..su obtains the encrypted string"

where does su obtain this encrypted string from ?
lets say root password is "unix.com". Lets also assume that su has somehow got the encrypted string for "unix.com". But what is the key it has used for encryption?
Since this is not known, if I have to simulate su, how do I get this encrypted string ?

so for eg su internal encrypted "unix.com" using key say "linuxpenguin", and encrypted key is "perderabo"
Now, I am simulating su, I have the encrypted string "perderabo" (dunno where i got it from, somehow I got it), my program prompts for password, which the user enters as say "unix.com" (hacker huh!! ), so now how do I encrypt this. Essentially I need to know the encrypted password and encryption key, both ? well then I would have even encrypted the root password
Can you please explain me understand this.

Regards

linuxpenguin · December 29, 2005, 7:27pm

ok, is this the /etc/shadow file, that contains the encrypted passwords? Even if it does, then what is the encryption key that su uses?

Corona688 · December 29, 2005, 7:31pm

Try 'man 3 crypt'. If I'm not mistaken, the encryption 'salt' is stored with the encrypted password.