HPE Community
Operating System - HP-UX
1753505 Members
5195 Online
108794 Solutions
New Discussion юеВ

Re: C API for removing a user

 
SOLVED
Go to solution
Helen Gao
Occasional Contributor

тАО02-28-2002 12:58 PM

тАО02-28-2002 12:58 PM

C API for removing a user

Dear all,

Is there a C API for removing a user?

Thanks.
0 Kudos
Reply
4 REPLIES 4
A. Clay Stephenson
Acclaimed Contributor

тАО02-28-2002 01:16 PM

тАО02-28-2002 01:16 PM

Solution

Re: C API for removing a user

Hi:

By far the easiest method is to call the userdel command via system. e.g.

char *the_user;
int status;
char s_cmd[256];

(void) sprintf(s_cmd,"userdel -r %s",the_user);
cc = system(userdel);

Clay
If it ain't broke, I can fix that.
Reply
Eric Ladner
Trusted Contributor

тАО02-28-2002 02:21 PM

тАО02-28-2002 02:21 PM

Re: C API for removing a user

I would put an absolute path on that userdel for security purposes.

You might want to consider protecting that from buffer overflows too.
Reply
Helen Gao
Occasional Contributor

тАО03-01-2002 07:45 AM

тАО03-01-2002 07:45 AM

Re: C API for removing a user

Thanks, guys.

>>You might want to consider protecting that >>from buffer overflows too.

Eric, could you give me more detail on this?




0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО03-01-2002 08:03 AM

тАО03-01-2002 08:03 AM

Re: C API for removing a user

Hi:

All is is saying is that my baby example was not very robust.

char *the_user;
int status;
char s_cmd[256];

(void) sprintf(s_cmd,"userdel -r s",the_user);
cc = system(userdel);

The problem is that is is conceivable (though very unlikely) that the length of the command might exceed the size of s_cmd [256] characters - a buffer overflow.

# ----------------------------------------
The nit-picky though really not need method:

#define CMD "/sbin/userdel -r "

extern int errno;

int remove_user(char *the_user)
{
int cc = 0;

if (the_user != NULL)
{
int len = 4; /* cushion */
char *s_cmd = NULL;

len += (int) strlen(the_user);
len += (int) strlen(CMD);
s_cmd = (char *) malloc(size_t) len);
if (s_cmd != NULL)
{
(void) sprintf(s_cmd,
"%s %s",CMD,the_user);
cc = system(s_cmd);
free ((void *) s_cmd));
}
else cc = (errno != 0) ? errno : -2;
}
else cc = -1;
return(cc);
} /* remove_user */

-----------------------------------------

cc = remove_user("clay");

Barring any typo's that should be a fully robust version. In real life, as long as you make sure that the length of the user name is no more than ~220 the baby example will be perfectly robust.


Regards, Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.