benson031397
asked on
Create user account programmatically
Dear all,
I would like to use C language to write an application to create an user account. Can any one tell me the procedure or the protocol?
Thanks!
Benson
I would like to use C language to write an application to create an user account. Can any one tell me the procedure or the protocol?
Thanks!
Benson
ASKER
YUP! I have implemented successully that pass the parameter ti adduser command. However, how to set the user's password?
The version we are using is Solaris 2.6
Benson
The version we are using is Solaris 2.6
Benson
Benson,
Assuming you are doing this as root (or have similar permissions), I only know 2 ways to do this:
1. Call the UNIX passwd command with the name of the user as a parameter, eg:
passwd $USERID
where the USERID environment variable contains the name of the user. You will then be prompted to manually enter the password twice. If this is not acceptable, you could try...
2. Editting the /etc/security/passwd file. Eg: with sed (or similar) you could replace the old passwd (not sure what this is, or if it even exists for a new user) with one you enter or generate, then pass it through an algorithmn which encrypts it into a format suitable for the passwd file. I've done this myself - someone gave me the executable which does the encryption, but I used it for changing passwords for existing users. The algorithmn is probably freeware on the Internet.
Let me know how you get on.
Assuming you are doing this as root (or have similar permissions), I only know 2 ways to do this:
1. Call the UNIX passwd command with the name of the user as a parameter, eg:
passwd $USERID
where the USERID environment variable contains the name of the user. You will then be prompted to manually enter the password twice. If this is not acceptable, you could try...
2. Editting the /etc/security/passwd file. Eg: with sed (or similar) you could replace the old passwd (not sure what this is, or if it even exists for a new user) with one you enter or generate, then pass it through an algorithmn which encrypts it into a format suitable for the passwd file. I've done this myself - someone gave me the executable which does the encryption, but I used it for changing passwords for existing users. The algorithmn is probably freeware on the Internet.
Let me know how you get on.
PS: In option 1 of my previous answer, you may be able to automatically redirect input to passwd somehow, to save you manually entering a password twice - not sure how - maybe someone else can help if this is what you want to do.
ASKER
I am interested in the option 1, but I don't think it is feasible.
PS: Could you tell me clearly how to do it?
Benson
PS: Could you tell me clearly how to do it?
Benson
Are you happy to manually enter the password twice? I'll be back in a few days.
ASKER
No! I am not happy.
In fact, I am curious the operation of the freemail service, such as yahoo and hotmail.
How the user can create an account dynamically, set their password and change their profile? All the action the user can do is through the CGI program. Therefore, I think to do this action, understanding how to create an account dynamically is the elementary concept.
right?
Can u give me more detail?
In fact, I am curious the operation of the freemail service, such as yahoo and hotmail.
How the user can create an account dynamically, set their password and change their profile? All the action the user can do is through the CGI program. Therefore, I think to do this action, understanding how to create an account dynamically is the elementary concept.
right?
Can u give me more detail?
You can pass the passwd also as a parameter to passwd command. So from C you can execute a shell command
passwd username newpassword
after creating the user.
passwd username newpassword
after creating the user.
There's also nothing stopping you from taking the passwd program and having it accept the new password on the command line. If you're using linux, you have the source... so...
Additionally, I think it's highly unlikely that free email systems use the standard unix user account system for their users. Much more likely is that the user names and passwords reside exclusively in a database. For one thing, the unix password system doesn't scale very well. Two, actually adding a new user to the system can lead to security issues if you're not careful. And three - you only need user information when you're running a CGI script - and since you're taking a database hit no matter what, you may as well just store everything in the database...
Additionally, I think it's highly unlikely that free email systems use the standard unix user account system for their users. Much more likely is that the user names and passwords reside exclusively in a database. For one thing, the unix password system doesn't scale very well. Two, actually adding a new user to the system can lead to security issues if you're not careful. And three - you only need user information when you're running a CGI script - and since you're taking a database hit no matter what, you may as well just store everything in the database...
To change user password programmicaly, I have to know your operating system. Changing password mechanics depends on if we are in Solaris, Linux, or FreeBSD.
maxkir,
Benson said in his 2nd message, that he's using Solaris 2.6.
Benson said in his 2nd message, that he's using Solaris 2.6.
Af far as I know, there is no way of setting password from command line for 'passwd' command. Passwd reads its input directly from terminal device (something like /dev/tty ) and doesn't support redirects like ><. To store passwords Solaris uses /etc/shadow file which is much like /etc/shadow in linux. And, Solaris uses DES crypt() function to crypt passwords.
To operate with login information (except passords) in C language take a look at getpwent/setpwent functions (man). To setup password, i'm afraid, you'll have to parse /etc/shadow file in your program manually and set password. You'll have to use function
#include <crypt.h>
char* crypt(const char* password, const char* salt)
to encrypt passwords.
password - password
salt - two character array to select algorithm way.
Format of /etc/shadow in Solaris is documented, so no problem here,
Regards,
To operate with login information (except passords) in C language take a look at getpwent/setpwent functions (man). To setup password, i'm afraid, you'll have to parse /etc/shadow file in your program manually and set password. You'll have to use function
#include <crypt.h>
char* crypt(const char* password, const char* salt)
to encrypt passwords.
password - password
salt - two character array to select algorithm way.
Format of /etc/shadow in Solaris is documented, so no problem here,
Regards,
ASKER
maxkir,
Do you mean that I have to use function crypt() to crypt password and then store it to the shadow file?
right?
However, How do I know Solaris use which type of algorithm? I mean pass what argument to the second argument, salt.
Benson
Do you mean that I have to use function crypt() to crypt password and then store it to the shadow file?
right?
However, How do I know Solaris use which type of algorithm? I mean pass what argument to the second argument, salt.
Benson
Yes, that's what i mean.
As far as I know, Solaris uses standard variant for salt, i.e.
two bytes without _ at the beginning. Probably it supports also
_ - variant, but definetely not MD5 (i used FreeBSD docs for
crypt(), which supports all three).
Any way, you can simply test it to be sure.
As far as I know, Solaris uses standard variant for salt, i.e.
two bytes without _ at the beginning. Probably it supports also
_ - variant, but definetely not MD5 (i used FreeBSD docs for
crypt(), which supports all three).
Any way, you can simply test it to be sure.
ASKER
More precise,
Sorry, I am not familiar to use this function, crypt(), would you give me an example?
Thanks a lot!
Benson
Sorry, I am not familiar to use this function, crypt(), would you give me an example?
Thanks a lot!
Benson
Here is fairly simple example:
#include <crypt.h>
#include <stdlib.h>
main()
{
char passwd[14] = {0};
char salt[3] = {0};
srand(time(NULL));
salt[0] = 'A' + (('Z' - 'A')*rand()) / RAND_MAX;
salt[1] = 'A' + (('Z' - 'A')*rand()) / RAND_MAX;
strcpy(passwd, crypt("my passwd", salt));
printf("%s\n", passwd);
}
#include <crypt.h>
#include <stdlib.h>
main()
{
char passwd[14] = {0};
char salt[3] = {0};
srand(time(NULL));
salt[0] = 'A' + (('Z' - 'A')*rand()) / RAND_MAX;
salt[1] = 'A' + (('Z' - 'A')*rand()) / RAND_MAX;
strcpy(passwd, crypt("my passwd", salt));
printf("%s\n", passwd);
}
ASKER
maxkir,
Thanks for your example?
But how to derive the equation for salt[0] and salt[1]? It is the main point.
Benson
Thanks for your example?
But how to derive the equation for salt[0] and salt[1]? It is the main point.
Benson
It is random values to select one of the ways for DES algorithm. IMHO, the algorithm in the example is
sufficient for you, i.e. you don't need something more complicated.
Regards,
KIR
Well. I've done this some years ago. and the trick is to interact with the passwd command. As stated in another comment, this command communicates directly with /dev/tty which certenly complicates things.
But, the "espect" program does the trick!
You can make a small expect script to set the user passwd. Currently , this is the only way to do it "correctly".
(There should be alot of dfferent expect versions out there, as far as i can remeber i used the TCL version, ie. you would have to write a small TCL/EXPECT script ( <10 lines ?? ) )
The other options of changing the passwd file yourself needs root privileges of some sort, either running as root or thru a SUID program/script. If your system uses NIS og some other netlogin, you would be in deep **** anyway.
/bo.
But, the "espect" program does the trick!
You can make a small expect script to set the user passwd. Currently , this is the only way to do it "correctly".
(There should be alot of dfferent expect versions out there, as far as i can remeber i used the TCL version, ie. you would have to write a small TCL/EXPECT script ( <10 lines ?? ) )
The other options of changing the passwd file yourself needs root privileges of some sort, either running as root or thru a SUID program/script. If your system uses NIS og some other netlogin, you would be in deep **** anyway.
/bo.
ASKER
bobell:
Would you tell me how to get the epect program?
And pls give me an example to me.
Thanks a lot!
Benson
Would you tell me how to get the epect program?
And pls give me an example to me.
Thanks a lot!
Benson
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Expect.pm - Expect for Perl
I have no idea how to do this in C (I don't know C). I would have expected that the easiest way to do this, if you must use C at all, is to have C pass the necessary parameters to a UNIX script or directly to the UNIX mkuser command (or whatever the UNIX command is in your flavour of UNIX). To start with, do a "man mkuser" to find out if this command exists and what parameters it takes.
What flavour/version are you using?