I can get the list of running process from the this source code on mac.
Now, I want to filter these processes for different users or at least for current user session.
You can just extend your code like this..
kinfo_proc *mylist;
size_t mycount = 0;
mylist = (kinfo_proc *)malloc(sizeof(kinfo_proc));
GetBSDProcessList(&mylist, &mycount);
char *user = getenv("USER");
for (int i = 0; i < mycount; i++)
{
uid_t uid = mylist[i].kp_eproc.e_pcred.p_ruid;
struct passwd * pwd = getpwuid(uid);
char * username = pwd->pw_name;
if(strcmp(username, user) == 0)
{
printf(" %d - %s \n", mylist[i].kp_proc.p_pid, mylist[i].kp_proc.p_comm);
}
}
To be more precise you can get username buy this technique
SCDynamicStoreRef store;
store = SCDynamicStoreCreate(NULL, CFSTR("com.apple.dts.ConsoleUser"), NULL, NULL);
CFStringRef currentConsoleUser = CopyCurrentConsoleUsername(store);
const int kBufferSize = 256;
char logedinusername[kBufferSize];
CFStringGetCString(currentConsoleUser,logedinusername,kBufferSize,kCFStringEncodingMacRoman);
as getenv("USER"); may not work if you are running as root user and want logged in user.
Related
I apologize for the naive question, Iam new to Net-SNMP. I have tried using this simple SNMP demo app given in Net-SNMP website.
This code performs a SNMP-GET and manipulates the response to check if the value returned is a ASN_OCTET_STRING, and if yes, access the string using vars->val.string and assigned to a character pointer sp.
But Iam unable to figure out how to access this value if the type is anything other than ASN_OCTET_STRING. For example how do I take this value and, say, assign it to a variable if it is of type 'ASN_INTEGER' or 'ASN_OBJECT_ID'.
#include <net-snmp/net-snmp-config.h>
#include <net-snmp/net-snmp-includes.h>
#include <string.h>
#define DEMO_USE_SNMP_VERSION_3
#ifdef DEMO_USE_SNMP_VERSION_3
const char *our_v3_passphrase = "MD5Password";
#endif
int main(int argc, char ** argv)
{
netsnmp_session session, *ss;
netsnmp_pdu *pdu;
netsnmp_pdu *response;
oid anOID[MAX_OID_LEN];
size_t anOID_len;
netsnmp_variable_list *vars;
int status;
int count=1;
init_snmp("snmpdemoapp");
snmp_sess_init( &session );
session.peername = strdup("localhost:161");
#ifdef DEMO_USE_SNMP_VERSION_3
session.version=SNMP_VERSION_3;
session.securityName = strdup("user2");
session.securityNameLen = strlen(session.securityName);
session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
session.securityAuthProto = usmHMACMD5AuthProtocol;
session.securityAuthProtoLen = sizeof(usmHMACMD5AuthProtocol)/sizeof(oid);
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) our_v3_passphrase, strlen(our_v3_passphrase),
session.securityAuthKey,
&session.securityAuthKeyLen) != SNMPERR_SUCCESS) {
snmp_perror(argv[0]);
snmp_log(LOG_ERR,
"Error generating Ku from authentication pass phrase. \n");
exit(1);
}
#else /* we'll use the insecure (but simplier) SNMPv1 */
session.version = SNMP_VERSION_1;
session.community = "demopublic";
session.community_len = strlen(session.community);
#endif /* SNMPv1 */
SOCK_STARTUP;
ss = snmp_open(&session);
if (!ss) {
snmp_sess_perror("ack", &session);
SOCK_CLEANUP;
exit(1);
}
pdu = snmp_pdu_create(SNMP_MSG_GET);
anOID_len = MAX_OID_LEN;
if (!snmp_parse_oid("ip.21.1.8.xx.xx.xx.xx", anOID, &anOID_len)) {
snmp_perror("ip.21.1.8.xx.xx.xx.xx");
SOCK_CLEANUP;
exit(1);
}
snmp_add_null_var(pdu, anOID, anOID_len);
status = snmp_synch_response(ss, pdu, &response);
if (status == STAT_SUCCESS && response->errstat == SNMP_ERR_NOERROR) {
for(vars = response->variables; vars; vars = vars->next_variable)
print_variable(vars->name, vars->name_length, vars);
/* manipuate the information ourselves */
for(vars = response->variables; vars; vars = vars->next_variable) {
if (vars->type == ASN_OCTET_STR) {
char *sp = (char *)malloc(1 + vars->val_len);
memcpy(sp, vars->val.string, vars->val_len);
sp[vars->val_len] = '\0';
printf("value #%d is a string: %s\n", count++, sp); //Here sp now has the string - But this doesnt work when the string is for eg."HOST-RESOURCES-MIB::hrSWInstalledDate.1953 = STRING: 0-1-1,0:0:0.0"
free(sp);
}
else if(vars->type == ASN_INTEGER) {
printf("value is an Integer\n");
int ObjVal;
// How do I get the Integer value and assign it to 'ObjVal'
}
else if(vars->type == ASN_OBJECT_ID) {
printf("value is an OID\n");
// How do I get the OID and assign it to some variable
}
else if(vars->type == ASN_TIMETICKS) {
printf("value is in Timeticks\n");
// How do I get the Timeticks and assign it to some variable for further processing
}
}
} else {
if (status == STAT_SUCCESS)
fprintf(stderr, "Error in packet\nReason: %s\n",
snmp_errstring(response->errstat));
else if (status == STAT_TIMEOUT)
fprintf(stderr, "Timeout: No response from %s.\n",
session.peername);
else
snmp_sess_perror("snmpdemoapp", ss);
}
if (response)
snmp_free_pdu(response);
snmp_close(ss);
SOCK_CLEANUP;
return (0);
}
Tried vars->val.integer or vars->val.object_id, but that doesnot contain the value. What am I missing here?
My another question is, even when it is of type ASN_OCTET_STRING, when the GET reply is something like this,
HOST-RESOURCES-MIB::hrSWInstalledDate.1953 = STRING: 0-1-1,0:0:0.0
then vars->val.string doesnt have "0-1-1,0:0:0.0" as string.
Basically my question is How does the value get stored in the response structure from which I can retrieve the values?
Thanks in Advance!!
P.S: Makefile link from Net-SNMP website.
Edit1:
For Integers, i can read using *vars->val->string as pointed out by immibis. Any Ideas about how to access other datatypes?
As you can see in /usr/include/net-snmp/types.h file or similar on your system, net-snmp vars->val has the following union type:
typedef union {
long *integer;
u_char *string;
oid *objid;
u_char *bitstring;
struct counter64 *counter64;
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
float *floatVal;
double *doubleVal;
/*
* t_union *unionVal;
*/
#endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */
} netsnmp_vardata;
also *vars has val_len field, where the length of data stored.
So you can access integer as *vars->val.integer, string as pointer to u_char vars->val.string with vars->val_len chars, oid as pointer to oid vars->val.objid with vars->val_len/sizeof(oid) oid elements and so on.
I can't figure out why my program is outputting seemingly random Windows paths as shown below.
\maven, : ORS=4 (id: 4677968)
m32\cmd.exe, ò: Æ (id: 5525087)
, : (id: 4653392)
It does this when looping through an array of structures I have and displaying the values inside. Funny thing is though that it works perfectly. If I add 5 entries, it still displays all of them accurately. Yet it prints the random paths shown above before everything else.
I'm going to attach the whole program because I honestly don't know where to narrow the problem down to. I'm new to C and especially new to manually handling memory. So that may be where the problem lies. Thanks ahead of time.
The program:
#include<stdio.h>
#include<string.h>
// Define structures
typedef struct Contact
{
int id;
char fname[24];
char lname[24];
char number[16];
} Contact;
typedef struct Phonebook
{
Contact* contacts;
int contacts_length;
int id_tracking;
} Phonebook;
// Define prototypes
Phonebook addContact(Phonebook);
Phonebook removeContact(Phonebook); // removeContact() prompts the user for information about whom they want to remove.
void viewContacts(Phonebook);
void exportContacts(Phonebook);
Contact findEntry(int, Phonebook);
Phonebook removeEntry(int, Phonebook); // removeEntry() can be called to explicitly remove the entry with the passed in integer id.
int main()
{
// Define variables
int menuChoice = 0, status = 1;
Phonebook phonebook;
phonebook.contacts = (Contact*) malloc(sizeof(Contact));
// Check memory allocation
if(phonebook.contacts == NULL)
{
printf("\nFatal error: Out of memory... now exiting.");
return;
}
// Handle the user
do
{
// Begin collecting and assigning data
printf("\nContact Menu\n");
printf("\n(1.) Add contact");
printf("\n(2.) Remove contact");
printf("\n(3.) View contacts");
printf("\n(4.) Export contacts");
printf("\n(5.) Exit");
printf("\n\nPlease choose a menu option (enter the number): ");
scanf("%d", &menuChoice);
// Interpret menu choice
switch(menuChoice)
{
case 1:
// Begin adding contact
phonebook = addContact(phonebook);
status = 1;
break;
case 2:
phonebook = removeContact(phonebook);
status = 1;
break;
case 3:
viewContacts(phonebook);
status = 1;
break;
case 4:
exportContacts(phonebook);
status = 1;
break;
case 5:
// Free memory
free(phonebook.contacts);
// See ya!
printf("\nGoodbye!");
status = 0;
break;
default:
printf("I'm sorry, I didn't quite understand that. Please try again.");
status = 1;
break;
}
}
while(status != 0);
// Return 0 for exit
return 0;
}
Phonebook addContact(Phonebook phonebook)
{
// Clear screen first
system("cls");
// Define contact and set random id
Contact entry;
entry.id = phonebook.id_tracking;
phonebook.id_tracking++;
// Obtain information
printf("First name (24 characters max): ");
scanf("%s", &entry.fname);
printf("Last name (24 characters max): ");
scanf("%s", &entry.lname);
printf("Telephone number (recommended format: ###-###-####): ");
scanf("%s", &entry.number);
// Handle memory allocation
if(phonebook.contacts_length > 1)
{
phonebook.contacts = (Contact*) realloc(phonebook.contacts, sizeof(Contact) * (phonebook.contacts_length + 1));
}
// Save the contact to the array and count up
phonebook.contacts[phonebook.contacts_length] = entry;
phonebook.contacts_length++;
printf("Contact saved!\n");
return phonebook;
}
Phonebook removeContact(Phonebook phonebook)
{
// First check to make sure they have saved contacts
if(phonebook.contacts_length < 1)
{
// No contacts saved, tell them
printf("\nYou haven't saved any contacts.\n");
return;
}
// Define variables
int i, chosenId = 0;
// Display contacts with their ids
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
printf("\n%s, %s (id: %d)", entry.lname, entry.fname, entry.id);
}
// Handle removal
printf("\n\nPlease enter the ID of the contact you would like to remove: ");
scanf("%d", &chosenId);
// Remove
Phonebook updatedPhonebook = removeEntry(chosenId, phonebook);
printf("Contact removed!\n");
return updatedPhonebook;
}
void viewContacts(Phonebook phonebook)
{
// First check to make sure they have saved contacts
if(phonebook.contacts_length < 1)
{
// No contacts saved, tell them
printf("\nYou haven't saved any contacts.\n");
return;
}
// Define variables
int i;
// Display contacts with their ids
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
printf("\n%s, %s: %s (id: %d)", entry.lname, entry.fname, entry.number, entry.id);
}
printf("\n");
return;
}
/*
* Experimenting with I/O in C
*/
void exportContacts(Phonebook phonebook)
{
// First check to make sure they have saved contacts
if(phonebook.contacts_length < 1)
{
// No contacts saved, tell them
printf("\nYou have no contacts to be exported.\n");
return;
}
// Define and initialize variables
int i;
char outputName[] = "contacts.txt";
FILE *contactFile = fopen(outputName, "w");
// Print message
printf("\nExporting contacts to .txt file... ");
// Print to the file
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
fprintf(contactFile, "%s, %s (id: %d): %s\n", entry.lname, entry.fname, entry.id, entry.number);
}
// Close the file
fclose(contactFile);
// Done
printf("Done!");
printf("\nData exported to contacts.txt located where this program was launched.");
}
Contact findEntry(int id, Phonebook phonebook)
{
int i;
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
if(entry.id == id)
{
return entry;
}
}
}
Phonebook removeEntry(int id, Phonebook phonebook)
{
// Define variables
int i, positionToFree;
// Search for the index of the entry to remove
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
if(entry.id == id)
{
positionToFree = i; // This is the position to be freed
}
// We've found what we need, break now
break;
}
// Loop starting at that entry and remove
for(i = positionToFree; i < phonebook.contacts_length; i++)
{
Contact temp = phonebook.contacts[i + 1];
phonebook.contacts[i] = temp;
}
// Count down for contacts_length
phonebook.contacts_length--;
// Return the updated contacts
return phonebook;
}
This sounds like undefined behaviour.
You never initialise phonebook.contacts_length. It could have any value. When you go to add an entry, it's quite possible that the realloc call fails. You don't check the return value, so you wouldn't know.
Bad juju.
I can get the subject alternative name like
X509_NAME_get_text_by_NID(X509_get_subject_name(x), NID_subject_alt_name, hc->https_domain_name, 256)
With same method by changing 2. parameter to NID_issuer_alt_name I am expecting to get issuer name like;
X509_NAME_get_text_by_NID(X509_get_subject_name(x), NID_issuer_alt_name, hc->https_ca_name, 256);
But instead I am getting a empty string . How can I retrieve issuer alternative name correctly?
You could try the following solution, as recommended in https://github.com/iSECPartners/ssl-conservatory :
static HostnameValidationResult matches_subject_alternative_name (const char *hostname, const X509 *server_cert) {
HostnameValidationResult result = MatchNotFound;
int i;
int san_names_nb = -1;
STACK_OF(GENERAL_NAME) *san_names = NULL;
// Try to extract the names within the SAN extension from the certificate
san_names = X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
if (san_names == NULL) {
return NoSANPresent;
}
san_names_nb = sk_GENERAL_NAME_num(san_names);
// Check each name within the extension
for (i=0; i<san_names_nb; i++) {
const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
if (current_name->type == GEN_DNS) {
// Current name is a DNS name, let's check it
char *dns_name = (char *) ASN1_STRING_data(current_name->d.dNSName);
// Make sure there isn't an embedded NUL character in the DNS name
if (ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
result = MalformedCertificate;
break;
}
else { // Compare expected hostname with the DNS name
if (strcasecmp(hostname, dns_name) == 0) {
result = MatchFound;
break;
}
}
}
}
sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
return result;
}
Hope it helps !
In your call to X509_NAME_get_text_by_NID with the NID_issuer_alt_name constant, I would have replaced X509_get_subject_name(x) by X509_get_issuer_name(x). I think this should do the trick you are after.
Is there an API in Windows similar to Linux's chown?
Taken from here: http://www.perlmonks.org/?node_id=70562
// #includes omitted for the sake of sanity
HANDLE token;
char *filename = "somefile.txt";
char *newuser = "someuser";
DWORD len;
PSECURITY_DESCRIPTOR security = NULL;
PSID sidPtr = NULL;
int retValue = 1;
// Get the privileges you need
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)) {
SetPrivilege(token, "SeTakeOwnershipPrivilege", 1);
SetPrivilege(token, "SeSecurityPrivilege", 1);
SetPrivilege(token, "SeBackupPrivilege", 1);
SetPrivilege(token, "SeRestorePrivilege", 1);
} else retValue = 0;
// Create the security descriptor
if (retValue) {
GetFileSecurity(filename, OWNER_SECURITY_INFORMATION, security, 0, &len);
security = (PSECURITY_DESCRIPTOR)malloc(len);
if (!InitializeSecurityDescriptor(security, SECURITY_DESCRIPTOR_REVISION))
retValue = 0;
}
// Get the sid for the username
if (retValue) {
char domainbuf[4096];
DWORD sidSize = 0;
DWORD bufSize = 4096;
SID_NAME_USE sidUse;
LookupAccountName(NULL, newuser, sidPtr, &sidSize, domainbuf, &bufSize, &sidUse);
sid = (PSID)malloc(sidSize);
if (!LookupAccountName(NULL, string, (PSID)sid, &sidSize, domainbuf, &bufSize, &sidUse))
retValue = 0;
}
}
// Set the sid to be the new owner
if (retValue && !SetSecurityDescriptorOwner(security, sidPtr, 0))
retValue = 0;
// Save the security descriptor
if (retValue)
retValue = SetFileSecurity(filename, OWNER_SECURITY_INFORMATION, security);
if (security) free(security);
if (sid) free(sid);
return retValue;
`
You might find the cacls or icacls commands useful... They're not exactly straightforward to use though
Can you provide a bit more information on what you're trying to do?
Currently I have a graphical application that has two levels of access, operator and administrator. The login and authentication is all homebrewed and I'd like to switch the application to use PAM instead. I'm not sure what the right way to do that is.
Correct me if I'm wrong, but it seems that PAM boils down to a "yes" or "no" check--yes you can access this service, or no you can't. There's no provision for having various levels of access based on which user is logging in. I need to be able to tell who's an operator and who's an admin, though, and I want to be able to do it strictly through PAM if possible.
So my thought is that I'd set up two services with two different configurations, /etc/pam.d/pamdemo for operators and /etc/pam.d/pamdemo-admin for administrators. My application would then try to authenticate against pamdemo-admin first, and if that fails then pamdemo. If both fails, access is denied. Am I on the right track or am I completely off the rails?
Here's some sample C code I've written up as a proof of concept. When I do the login I don't want to prompt the user for his credentials twice. I've got it so it remembers the username across the two pam_start() calls but I can't access pam_get_item(PAM_AUTHTOK) from the application level to do the same caching for the password. And it was in trying to do so that I realized that there might be a totally different way to do this. I would like this application to work no matter what the authentication method, be it username/password or Kerberos tickets or fingerprints, whatever.
pam_handle_t *try_login(const char *service, int *retval)
{
static char * username = NULL;
struct pam_conv pam_conversation = { conv, NULL };
pam_handle_t * pamh;
*retval = pam_start(service, username, &pam_conversation, &pamh);
if (*retval == PAM_SUCCESS) *retval = pam_authenticate(pamh, 0);
if (*retval == PAM_SUCCESS) *retval = pam_acct_mgmt (pamh, 0);
if (*retval == PAM_SUCCESS) *retval = pam_open_session(pamh, 0);
if (username == NULL) {
if (pam_get_item(pamh, PAM_USER, (const void **) &username) == PAM_SUCCESS) {
username = strdup(username);
}
}
if (*retval != PAM_SUCCESS) {
fprintf(stderr, "%s: %s\n", service, pam_strerror(pamh, *retval));
pam_end(pamh, *retval);
pamh = NULL;
}
return pamh;
}
int main(void)
{
pam_handle_t *pamh = NULL;
int retval;
const char *service, *username;
if (!pamh) pamh = try_login("pamdemo-admin", &retval);
if (!pamh) pamh = try_login("pamdemo", &retval);
if (!pamh) {
fprintf(stderr, "Access denied.\n");
return 1;
}
pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
pam_get_item(pamh, PAM_USER, (const void **) &username);
printf("Logged into %s as %s.\n", service, username);
pam_close_session(pamh, 0);
pam_end (pamh, retval);
return 0;
}
As written this demo program repeats the "password:" prompt. I don't want it to ask twice!
I believe one right way to do this might be:
Set up the "pamdemo" service to do account, authentication and session functions.
Set up the "pamdemo-admin" service to only do account (and possibly session) functions. No authentication.
When logging in, first make them pass "pamdemo" (to ensure they are who they say they are) - if this fails, kick them out.
Then, once authenticated, hand them to "pamdemo-admin". This just checks to see if they're allowed to be admin - if they are, this check succeeds, if they aren't, it doesn't. Because this check doesn't do auth modules, they aren't prompted for a password again.
Per caf's suggestion, here is my solution:
#define PAM_CALL(call) \
do { \
if ((retval = (call)) != PAM_SUCCESS) { \
goto pam_error; \
} \
} while (0)
int check_admin_login(const char *user)
{
pam_handle_t * pamh = NULL;
struct pam_conv pam_conversation = { conv, NULL };
int retval;
PAM_CALL(pam_start ("pamdemo-admin", user, &pam_conversation, &pamh));
PAM_CALL(pam_acct_mgmt(pamh, 0));
PAM_CALL(pam_end (pamh, retval));
return 1;
pam_error:
pam_end(pamh, retval);
return 0;
}
int main(void)
{
pam_handle_t * pamh = NULL;
struct pam_conv pam_conversation = { conv, NULL };
int retval;
const char * user;
int is_admin;
PAM_CALL(pam_start ("pamdemo", NULL, &pam_conversation, &pamh));
PAM_CALL(pam_authenticate (pamh, 0));
PAM_CALL(pam_acct_mgmt (pamh, 0));
PAM_CALL(pam_open_session (pamh, 0));
PAM_CALL(pam_get_item (pamh, PAM_USER, (const void **) &user));
is_admin = check_admin_login(user);
printf("Logged in as %s (%s).\n", user, is_admin ? "administrator" : "operator");
PAM_CALL(pam_close_session(pamh, 0));
pam_end (pamh, retval);
return 0;
pam_error:
fprintf(stderr, "%s\n", pam_strerror(pamh, retval));
pam_end(pamh, retval);
return 1;
}
you can just use the command "groups " or "id " and get the groups for the user, then grep the groups and if you hit admin first, then it's an admin user otherwise it's a demo user.
The groups / id commands (tested on Linux) will get the groups for non-local users as well (e.g PAM / LDAP)
So, instead of checking against a service, check the group in which the user belongs.