- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Masking a password within a C prog in UNIX
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2001 10:03 AM
тАО04-05-2001 10:03 AM
Masking a password within a C prog in UNIX
So far, I have not found a UNIX system programming book that contains this information so any contributions will be gratefully appreciated.
Joseph.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2001 10:29 AM
тАО04-05-2001 10:29 AM
Re: Masking a password within a C prog in UNIX
I assume that you are trying in some way to safely embed a password into the execuatable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2001 12:04 PM
тАО04-05-2001 12:04 PM
Re: Masking a password within a C prog in UNIX
The following isn't pretty, but appears to work:#include
#include
#include
int main() {
int fd;
char buf[BUFSIZ];
struct termios ts;
fd = open( "/dev/tty", O_RDWR | O_NOCTTY );
printf( "Please enter your password: " );
tcgetattr( fd, &ts );
ts.c_lflag ^= ECHO;
tcsetattr( fd, TCSANOW, &ts );
fgets( buf, BUFSIZ, stdin );
putchar( '\n' );
ts.c_lflag |= ECHO;
tcsetattr( fd, TCSANOW, &ts );
printf( "Password is %s\n", buf );
}
This opens the controlling TTY for your process (/dev/tty), and then uses the tcgetattr() and tcsetattr() calls to turn off and turn on local echo.
More information is available in the man pages for termio(7), tcgetattr(2) and tcsetattr(2).
I hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2001 12:11 PM
тАО04-05-2001 12:11 PM
Re: Masking a password within a C prog in UNIX
Please see the attached code. The idea is to create a very simple random number generator
with a known seed. The output of successive calls to the RNG is xor'ed to each sucessive character of the plaintext password. In the encode phase, a small piece of c source is written to stdout to be included in your application. Your application then includes this piece of c code which is actually an initialized variable declaration containing octal representation of the xor'ed bytes of your plaintext password. You then call the decode function which converts the data in the declaration back into the original string by again xor'ing the data and using the same RNG
with the same seed value. Please seed the attached c source.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2001 12:33 PM
тАО04-05-2001 12:33 PM
Re: Masking a password within a C prog in UNIX
char *pw;
pw = getpass("Enter your password");
man getpass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2001 10:52 PM
тАО04-05-2001 10:52 PM
Re: Masking a password within a C prog in UNIX
Please explain your threat model in more detail.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2001 09:53 AM
тАО04-07-2001 09:53 AM
Re: Masking a password within a C prog in UNIX
The Threat:
I have 8 servers that can be accessed from the 2 central servers and 2 Ignite servers as root, i.e. the entries are roots .rhosts file.
So that there is some type of audit trail, I want the System Administrators to log in using their own user id and su to root when required. The problem is that the System Administrators are logging onto the 8 servers from the 2 central servers which means that I do not have a decent audit trail of who is using the 8 servers and at what times, e.t.c.
Therefore, a small amendment to /etc/profile will require a 2nd level password if the user is root and they are not logging in from the console.
Unfortunately, I could not think of any other way of doing it.
The password itself will be in the binary. One thing I tend to do is define an array such as:
char *letters[] = {"a","b","c","d","e","f","g"};
I keep this as a global variable and if I want the password to be 'cde' for example, I issue the following in the main code
char pw[8];
sprintf(pw, "%s%s%s", letters[2], letters[3], letters[4]);
Running a strings on this does not reveal the password of the characters in the array. However, if you know of any way that this could be hacked, please could you let me know.
Cheers.
Joseph.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-09-2001 10:26 AM
тАО04-09-2001 10:26 AM
Re: Masking a password within a C prog in UNIX
The easiest thing I could think of would be to use the UNIX password encryption facilities:
#include
#include
/* Use the standard UNIX "passwd" command to set the password for a "dummy" user, then cut & paste the entry in the "passwd" file to the below array. In this case I used "Testing" */
char passwd[] = "LIWwCntiH/JGs";
char *attempt;
char *encrypt;
attempt = getpass( "Please enter password: " );
encrypt = crypt( attempt, passwd );
if ( strcmp( encrypt, passwd ) != 0 ) {
/* Failed attempt */
} else {
/* Successful attempt */
}
More information can be found in the man pages for crypt(3).
I hope this helps.