Very Computer

No.  /bin/passwd reads the password directly from /dev/tty in most
versions of Unix, to prevent it being spoofed by another program.
Some versions of /bin/passwd will read from stdin only if they are run
as root; others don't care who you are, and always read from /dev/tty.
This is why you need to use ptys.

Changing the user's password is not at all difficult to do directly
from a C program; it's just a bit system-specific, since you need to
know things like whether /etc/shadow is being used and so forth.  I
would suggest that this discussion does not really belong in
comp.unix.wizards, and therefore have redirected followups to
comp.unix.programmer.  Please continue the discussion there.

--
Marc Unangst                | You know that funny-looking bump on your

<backbone>!sharkey!mudos!mju|

I'd use getpwent(3C) to read the password file and get the old password and
the other fields necessary to re-write the entry to the password file.  Use
crypt(3C) to encrypt the new password before writing it to the password file.
Of course your program would have to be owned by root with setuid.

John

How about using TIOCSTI (in termio.h) to insert the chars on the terminal
stream for input ?

This works (I think) but how portable is this mechenism ?

Dom

   How about using TIOCSTI (in termio.h) to insert the chars on the terminal
   stream for input ?

   This works (I think) but how portable is this mechenism ?

1) No, it doesn't work, because the getpass(3) routine, and hence the
"passwd" program, flushes all pending input right before reading the
password.  Any characters stuffed into the buffer are flushed once
"passwd" starts.

*Maybe* you could fork and exec "passwd" in the child and do TIOCSTI
in the parent after waiting enough time for "passwd" to start up, but
that's hideous.  Using pty's or modifying the passwd file directly
would be much more reasonable.

As someone has already pointed out once, it's usually a good idea to
TRY a suggestion before posting it to the entire world.

2) It's "mechanism".

--

MIT Information Systems/Athena              Moderator, news.answers
    (Send correspondence related to the news.answers newsgroup
        {and ONLY correspondence related to the newsgroup}

This discussion of password encryption leads me to ask a related (and possibly
redundant) question.  When using crypt to generate an encrypted password to be
compared with the entry in passwd, what is the 2 char string which is needed to
salt the key?

All I need to do at the moment is verify a password string inside an X application.
I'm guessing the 2 arguments to crypt() are the unencrypted password followed
by _what_?

Or is there a simpler (documented) way?
--

|
| N=1 -> P=NP           703 883-7940

If you're generating a new password, the salt is any two characters chosen
from the set [a-zA-z0-9./].

If you're validating a password, the salt should be the first two characters
from the encrypted password you want to compare against.  You then compare
the returned value against the entire already-encrypted password.

Actually, I think for maximum portability[*] you should pass the entire
encrypted password as the salt when validating.  On Sun systems using
password.adjunct (Sun's shadow password mechanism), the password field of a
passwd entry is "##username".  When crypt(3) sees that the first two
characters are "##" it performs the validation for you (by calling
pwdauth(3), which uses the salt as a key in the passwd.adjunct file) and
returns the salt argument itself if the comparison succeeded (a similar
thing is done with passwords of the form "#$groupname" and the
group.adjunct file).  If the salt string doesn't begin with "#" then
everything after the first two characters will be ignored.  In general, the
following should always work to validate a password;

    int passwd_ok = 0; char *entered_passwd, *encrypted_passwd;
    entered_passwd = getpass("Password:");
    encrypted_passwd = crypt(entered_passwd, passwd.pw_passwd);
    if (encrypted_passwd != NULL)
        passwd_ok = (strcmp(passwd.pw_passwd, encrypted_passwd) == 0);

[*] I supposed it's possible that this technique isn't really upward
compatible on all systems, so you might need to use conditional compilation
for *really* maximum portability.
--
Barry Margolin
System Manager, Thinking Machines Corp.

The first 2 characters in the password field of /etc/passwd are the salt
that was used by crypt() to encrypt the original password.  So to encrypt
a user supplied password for comparison to the password in /etc/passwd,
use the 2 salt characters obtained from the password field.  If the user
supplied password is correct, crypt() will yield a string identical to
that in the password field.

John