nss-mysql-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nss-mysql-users] command line password changer tool

From: Guillaume Morin
Subject: Re: [Nss-mysql-users] command line password changer tool
Date: Tue, 29 Jan 2002 13:59:11 +0100
User-agent: Mutt/1.3.27i 
Dans un message du 28 jan à 15:55, Daniel Drotos écrivait :
> If somebody interested, I wrote a simple command line tool to change
> passwords handled by nss-mysql:
> 
> http://mazsola.iit.uni-miskolc.hu/~drdani/prj/mysqlpasswd
 
I had a quick look of your code. I have some remarks

Compile: cc -DUSE_SHADOW -DUSE_GROUP -I$$HOME/nss-mysql-0.35 -ggdb \
            -o mysqlpasswd mysqlpasswd.c -lcrypt -lmysqlclient
            -lnss_mysql

I think you should not link your binary against nss-mysql but compile
some nss-mysql objects (like parser.o and lib.o)

  euid= geteuid();
  ruid= getuid();
  if (euid != 0)
    {
      fprintf(stderr, "Insufficient permissions\n");
      return(30);
    }
  if (debug) printf("real uid=%d effective uid=%d\n",ruid,euid);

  _nss_mysql_read_conf_file("users",
                            &nss_options, NULL, NULL);
  /*_nss_mysql_read_conf_file("groups",
  &nss_options, &nss_goptions, &nss_soptions);*/
  _nss_mysql_read_conf_file("shadow",
                            /*&nss_options*/NULL,
                            /*&nss_goptions*/NULL,
                            &nss_soptions);


Do not trust geteuid or getuid. e.g

address@hidden:~$ cat te.c
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <errno.h>

int main(void) {
        printf("%d %d\n",geteuid(),getuid());
        if (! fopen("/etc/shadow","r"))
                perror("fopen");
        return 0;
}
address@hidden:~$ ./te
1000 1000
fopen: Permission denied
address@hidden:~$ fakeroot ./te
0 0
fopen: Permission denied
address@hidden:~$ su
Password:
siri:/home/guillaum# ./te
0 0
siri:/home/guillaum# exit
address@hidden:~$

It is easy to work around gete?uid... Test the return value of
_nss_mysql_read_conf_file, it is much better and should have done it
anyway :-)

You might want to use readline to read the password. It would ease your
task..

-- 
Guillaume Morin <address@hidden>

   I'm unclean, a libertine, every time you vent your spleen, I seem to lose
    the power of speech, you're slipping slowly from my reach, you grow me
        like an evergreen, you've never seen me lonely at all. (Placebo)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]