https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673836#M917097 Hi:<BR /><BR />All is is saying is that my baby example was not very robust.<BR /><BR />char *the_user; <BR />int status; <BR />char s_cmd[256]; <BR /><BR />(void) sprintf(s_cmd,"userdel -r s",the_user); <BR />cc = system(userdel); <BR /><BR />The problem is that is is conceivable (though very unlikely) that the length of the command might exceed the size of s_cmd [256] characters - a buffer overflow.<BR /><BR /># ----------------------------------------<BR />The nit-picky though really not need method:<BR /><BR />#define CMD "/sbin/userdel -r "<BR /><BR />extern int errno;<BR /><BR />int remove_user(char *the_user)<BR />{<BR /> int cc = 0;<BR /><BR /> if (the_user != NULL)<BR /> {<BR /> int len = 4; /* cushion */<BR /> char *s_cmd = NULL;<BR /><BR /> len += (int) strlen(the_user);<BR /> len += (int) strlen(CMD);<BR /> s_cmd = (char *) malloc(size_t) len);<BR /> if (s_cmd != NULL)<BR /> {<BR /> (void) sprintf(s_cmd,<BR /> "%s %s",CMD,the_user);<BR /> cc = system(s_cmd);<BR /> free ((void *) s_cmd));<BR /> }<BR /> else cc = (errno != 0) ? errno : -2;<BR /> }<BR /> else cc = -1;<BR /> return(cc);<BR />} /* remove_user */ <BR /> <BR />-----------------------------------------<BR /><BR />cc = remove_user("clay");<BR /> <BR />Barring any typo's that should be a fully robust version. In real life, as long as you make sure that the length of the user name is no more than ~220 the baby example will be perfectly robust.<BR /><BR /> <BR />Regards, Clay<BR /> Fri, 01 Mar 2002 16:03:31 GMT A. Clay Stephenson 2002-03-01T16:03:31Z https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673832#M917093 Dear all,<BR /><BR />Is there a C API for removing a user?<BR /><BR />Thanks. Thu, 28 Feb 2002 20:58:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673832#M917093 Helen Gao 2002-02-28T20:58:14Z https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673833#M917094 Hi:<BR /><BR />By far the easiest method is to call the userdel command via system. e.g.<BR /><BR />char *the_user;<BR />int status;<BR />char s_cmd[256];<BR /><BR />(void) sprintf(s_cmd,"userdel -r %s",the_user);<BR />cc = system(userdel);<BR /><BR />Clay<BR /> Thu, 28 Feb 2002 21:16:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673833#M917094 A. Clay Stephenson 2002-02-28T21:16:51Z https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673834#M917095 I would put an absolute path on that userdel for security purposes.<BR /><BR />You might want to consider protecting that from buffer overflows too. Thu, 28 Feb 2002 22:21:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673834#M917095 Eric Ladner 2002-02-28T22:21:21Z https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673835#M917096 Thanks, guys.<BR /><BR />&gt;&gt;You might want to consider protecting that &gt;&gt;from buffer overflows too. <BR /><BR />Eric, could you give me more detail on this?<BR /> <BR /> <BR /> <BR /> <BR /> Fri, 01 Mar 2002 15:45:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673835#M917096 Helen Gao 2002-03-01T15:45:43Z https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673836#M917097 Hi:<BR /><BR />All is is saying is that my baby example was not very robust.<BR /><BR />char *the_user; <BR />int status; <BR />char s_cmd[256]; <BR /><BR />(void) sprintf(s_cmd,"userdel -r s",the_user); <BR />cc = system(userdel); <BR /><BR />The problem is that is is conceivable (though very unlikely) that the length of the command might exceed the size of s_cmd [256] characters - a buffer overflow.<BR /><BR /># ----------------------------------------<BR />The nit-picky though really not need method:<BR /><BR />#define CMD "/sbin/userdel -r "<BR /><BR />extern int errno;<BR /><BR />int remove_user(char *the_user)<BR />{<BR /> int cc = 0;<BR /><BR /> if (the_user != NULL)<BR /> {<BR /> int len = 4; /* cushion */<BR /> char *s_cmd = NULL;<BR /><BR /> len += (int) strlen(the_user);<BR /> len += (int) strlen(CMD);<BR /> s_cmd = (char *) malloc(size_t) len);<BR /> if (s_cmd != NULL)<BR /> {<BR /> (void) sprintf(s_cmd,<BR /> "%s %s",CMD,the_user);<BR /> cc = system(s_cmd);<BR /> free ((void *) s_cmd));<BR /> }<BR /> else cc = (errno != 0) ? errno : -2;<BR /> }<BR /> else cc = -1;<BR /> return(cc);<BR />} /* remove_user */ <BR /> <BR />-----------------------------------------<BR /><BR />cc = remove_user("clay");<BR /> <BR />Barring any typo's that should be a fully robust version. In real life, as long as you make sure that the length of the user name is no more than ~220 the baby example will be perfectly robust.<BR /><BR /> <BR />Regards, Clay<BR /> Fri, 01 Mar 2002 16:03:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/c-api-for-removing-a-user/m-p/2673836#M917097 A. Clay Stephenson 2002-03-01T16:03:31Z