Mail Archives: cygwin/2000/05/20/02:43:39
--0-1025202362-958804981=:1138
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I'm by no means a shell script expert, but I've
attached an IMO decent login replacement that uses
bash, sed, grep, and crypt. Since it isn't dependent
on any NT security stuff, it will work on Win9X - just
put it in your /usr/bin directory and you're set.
The basic algorithm is extremely simple, and is fairly
well documented in the code. As I note in the file,
use this at your own risk. If you find any bugs
and/or security issues, please let me know. You are
not bound to do so, but I'd appreciate it.
Hope it's useful!
- Ken.
ken_coleman AT iname DOT com
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
--0-1025202362-958804981=:1138
Content-Type: text/plain; name=login
Content-Description: login
Content-Disposition: inline; filename=login
#!/bin/bash
# Use at your own risk. I make no guarantees about the security or stability
# of this code. It is intended to be an ultra-lightweight login script for
# use with telnetd and other login daemons.
#
# You can use it for any purposes, and you need not notify me of any changes
# that you make. I would appreciate notification, however, particularly if
# there are any security issues.
#
# Ken Coleman
# ken_coleman AT iname DOT com
# 2000/05/19
# read the login name
echo -n "Login: "
read LOGIN
# read the password in non-echoing characters
echo -n "Password: "
stty -echo
read PASSWORD
stty echo
# output an empty line since the newline was non-echoing
echo
# I'm removing any characters not in the A-Z, a-z, and 0-9 range from both the
# login and password. This is to avoid any potential weirdness when passing
# the text as arguments to grep and crypt, since you could do redirection of
# the data or crash the commands by passing them something invalid. If you
# insist on having some other characters as legal ones, you can simply extend
# the regexs to compensate.
LOGIN=$(echo $LOGIN | sed -e "s/[^A-Za-z0-9]//g")
PASSWORD=$(echo $PASSWORD | sed -e "s/[^A-Za-z0-9]//g")
# grep for the login name at the beginning of a line, followed by a :
GREPRESULT=$(grep "^$LOGIN:" /etc/passwd)
if [ -z $GREPRESULT ] ; then
# login name unknown
echo "Invalid login"
else
# these two lines will pull the encrypted password out of the grep result.
# It's the second entry
PASSWD_PASSWORD=${GREPRESULT#*:}
PASSWD_PASSWORD=${PASSWD_PASSWORD%%:*}
# if they didn't type a password, set CRYPT_PASSWORD to nothing. Then if
# there is no password entry, it will accept it as a no-password logon.
if [ -z $PASSWORD ] ; then
CRYPT_PASSWORD=""
else
# run crypt on the entered password with characters 4 & 5 of the passwd
# file's password entry as the salt. This seems to be how it works
CRYPT_PASSWORD=$(crypt ${PASSWD_PASSWORD:3:2} "$PASSWORD")
fi
# got a match
if [ $PASSWD_PASSWORD = $CRYPT_PASSWORD ] ; then
# grab the 6th entry from the passwd file entry. This is the home
# directory
HOMEDIR=${GREPRESULT#*:*:*:*:*:}
HOMEDIR=${HOMEDIR%%:*}
# grab the 7th entry from the passwd file entry. This is the desired
# shell
SHELLFILE=${GREPRESULT#*:*:*:*:*:*:}
SHELLFILE=${SHELLFILE%%:*}
# "cd" to the home directory, defaulting to / if no home dir is present
if [ ! -z $HOMEDIR ] ; then
builtin cd $HOMEDIR
else
builtin cd /
fi
# exec the shell, defaulting to /bin/sh if no shell entry is present
if [ ! -z $SHELLFILE ] ; then
exec $SHELLFILE
else
exec /bin/sh
fi
else
# not a password match
echo "Invalid login"
fi
fi
--0-1025202362-958804981=:1138
Content-Type: text/plain; charset=us-ascii
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
--0-1025202362-958804981=:1138--
- Raw text -