[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Authentication-related information



On Mon, 2001-12-10 at 15:14, Kris Deugau wrote:
> I've got my app talking happily to PAM, but one of the things I'd like
> to do in the interests of security is for my software to drop all root
> priviledges as soon as it has authenticated the user.
> 
> However, it appears that there is no direct method to find out what the
> user's localhost UID is unless you know for sure what type of local
> authentication is used- which sort of defeats the whole point of PAM.

#include <pwd.h>

struct passwd *user;

user = getpwuid(geteuid());
printf("login = %s\n", user->pw_name);
...
printf("shell = %s\n", user->pw_shell);


The passwd structure is typically defined as this...

     struct passwd {
         char *pw_name;      /* user's login name */
         char *pw_passwd;    /* no longer used */
         uid_t pw_uid;       /* user's uid */
         gid_t pw_gid;       /* user's gid */
         char *pw_age;       /* not used */
         char *pw_comment;   /* not used */
         char *pw_gecos;     /* typically user's full name */
         char *pw_dir;       /* user's home dir */
         char *pw_shell;     /* user's login shell */
     };

Most modern implmentations will not have the password in the pw_passwd
field.  If a valid password is there, it is typically in hashed using
crypt(), or is an MD5 hash of the actual password.

Mike





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []