I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing the task the user returns in its originol state.
struct passwd *passent;
passent=getpwnam("root");
if( getuid() == passent->pw_uid )
{
//root can run this program
}
else
{
//not root cannot run this pgm
exit(0);
}
b) second one is to use the login name
struct passwd *passent;
passent=getpwnam("root");
if( strcmp(getlogin(),passent->pw_name) == 0)
{
//root can run this program
}
else
{
//not root cannot run this pgm
exit(0);
}
matrixmadhan's solution can be extended to also do what you want to. Check the man pages of getpwnam and related syscalls to see how you can go about this.
Ya thats fine, but where I am in the trouble is...
let the current user is not root.
so I prompt an input dialog box( in Qt password mode ).
if user enters a wrong password it must exit.
else the program would proceed.
but what the problem is :
How will I validate root's password.
If password found valid how will I change user only for current program and after exiting this program user should automatically come in its previous state.
( Something like when you click 'Add/Remove Applications' in 'Systems Settings' in RedHat 9 as a normal user it prompts for root password and after finishing the task you came in your previous state )
See the man page of getpwent/getpwnam. The structure that these system calls return also has the encrypted password. Your program can use this to validate the password that the user enters and then go ahead with a 'setuid' call. Once this is one, you are running with root privs.
You have to encrypt the password that you take from the user and compare it with the encrypted password. I think that the password encryption header files/libraries will be system dependent, but I am not so sure.
--EDIT--
Could you post your uname -a output anyways? This will help anyone who wants to help you.
--/EDIT--
Just use:
su root -c /some/script/or/program
and the above line can be placed in a (very short) script. When the user runs the script, su will prompt for the root password.
I guess you have me there. Ok, on HP-UX, I changed a old user's password to the terrible password of "password". This changed his encrypted password to "O26nQUAUM2vLA". I copied that string into a program to sidestep the problem of obtaining it. This varies from system to system. Most systems have an /etc/shadow file, but HP-UX does not. And anyway, your question centered around testing a supplied password against the encrypted string. This program works on HP-UX and Solaris...
#ifdef __STDC__
#define PROTOTYPICAL
#endif
#ifdef __cplusplus
#define PROTOTYPICAL
#endif
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <crypt.h>
#define ENCRYPT "O26nQUAUM2vLA"
#ifdef PROTOTYPICAL
int main(int argc, char *argv[], char *envp[])
#else
main(argc,argv,envp)
int argc;
char *argv[];
char *envp[];
#endif
{
static char e[] = ENCRYPT;
static char pass[9];
strcpy(pass, getpass("Enter password - "));
printf(" You entered %s which is %d chars in length \n", pass, strlen(pass));
if (!strcmp(crypt(pass, e), e)) {
printf("That is the correct password\n");
} else {
printf("That is the wrong password\n");
}
exit(0);
}
but this way I have to know the encrypted password of root in advance ( I think that also need root priveleges ) and if root change its password then!
( Actually I want to develop an interface, something like : when you click 'Add/Remove Applications' in 'Systems Settings' in RedHat 9 as a normal user it prompts for root password and after finishing the task you came in your previous state )
That's right. You need access to the encrypted password in order to verify that the user typed in a password that matches it. What did you expect? Do you think that su can verify that you typed in the root password without looked at the encrypted password? Well, here's a clue..su obtains the encrypted string and verifies the entered password using exactly this method.
Hi Perderbo,
I am going to look foolish asking this question, but it is bothering me.
"Well, here's a clue..su obtains the encrypted string"
where does su obtain this encrypted string from ?
lets say root password is "unix.com". Lets also assume that su has somehow got the encrypted string for "unix.com". But what is the key it has used for encryption?
Since this is not known, if I have to simulate su, how do I get this encrypted string ?
so for eg su internal encrypted "unix.com" using key say "linuxpenguin", and encrypted key is "perderabo"
Now, I am simulating su, I have the encrypted string "perderabo" (dunno where i got it from, somehow I got it), my program prompts for password, which the user enters as say "unix.com" (hacker huh!! ), so now how do I encrypt this. Essentially I need to know the encrypted password and encryption key, both ? well then I would have even encrypted the root password
Can you please explain me understand this.