Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender: cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID: <20000520064301.3404.qmail@web206.mail.yahoo.com>
Date: Fri, 19 May 2000 23:43:01 -0700 (PDT)
From: Ken Coleman <kcoleman AT yahoo DOT com>
Subject: Fairly decent login script for use on Win9X...
To: cygwin AT sourceware DOT cygnus DOT com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1025202362-958804981=:1138"

--0-1025202362-958804981=:1138
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I'm by no means a shell script expert, but I've
attached an IMO decent login replacement that uses
bash, sed, grep, and crypt.  Since it isn't dependent
on any NT security stuff, it will work on Win9X - just
put it in your /usr/bin directory and you're set.

The basic algorithm is extremely simple, and is fairly
well documented in the code.  As I note in the file,
use this at your own risk.  If you find any bugs
and/or security issues, please let me know.  You are
not bound to do so, but I'd appreciate it.

Hope it's useful!
- Ken.
ken_coleman AT iname DOT com



__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
--0-1025202362-958804981=:1138
Content-Type: text/plain; name=login
Content-Description: login
Content-Disposition: inline; filename=login

#!/bin/bash

# Use at your own risk.  I make no guarantees about the security or stability
# of this code.  It is intended to be an ultra-lightweight login script for
# use with telnetd and other login daemons.
#
# You can use it for any purposes, and you need not notify me of any changes
# that you make.  I would appreciate notification, however, particularly if
# there are any security issues.
#
# Ken Coleman
# ken_coleman AT iname DOT com
# 2000/05/19

# read the login name
echo -n "Login: "
read LOGIN

# read the password in non-echoing characters
echo -n "Password: "
stty -echo
read PASSWORD
stty echo

# output an empty line since the newline was non-echoing
echo

# I'm removing any characters not in the A-Z, a-z, and 0-9 range from both the
# login and password.  This is to avoid any potential weirdness when passing
# the text as arguments to grep and crypt, since you could do redirection of
# the data or crash the commands by passing them something invalid.  If you
# insist on having some other characters as legal ones, you can simply extend
# the regexs to compensate.
LOGIN=$(echo $LOGIN | sed -e "s/[^A-Za-z0-9]//g")
PASSWORD=$(echo $PASSWORD | sed -e "s/[^A-Za-z0-9]//g")

# grep for the login name at the beginning of a line, followed by a :
GREPRESULT=$(grep "^$LOGIN:" /etc/passwd)

if [ -z $GREPRESULT ] ; then

    # login name unknown
    echo "Invalid login"

else
    
    # these two lines will pull the encrypted password out of the grep result.
    # It's the second entry
    PASSWD_PASSWORD=${GREPRESULT#*:}
    PASSWD_PASSWORD=${PASSWD_PASSWORD%%:*}

    # if they didn't type a password, set CRYPT_PASSWORD to nothing.  Then if
    # there is no password entry, it will accept it as a no-password logon.
    if [ -z $PASSWORD ] ; then
        CRYPT_PASSWORD=""
    else
        # run crypt on the entered password with characters 4 & 5 of the passwd
        # file's password entry as the salt.  This seems to be how it works
        CRYPT_PASSWORD=$(crypt ${PASSWD_PASSWORD:3:2} "$PASSWORD")
    fi

    # got a match
    if [ $PASSWD_PASSWORD = $CRYPT_PASSWORD ] ; then

	# grab the 6th entry from the passwd file entry.  This is the home 
	# directory
    	HOMEDIR=${GREPRESULT#*:*:*:*:*:}
	HOMEDIR=${HOMEDIR%%:*}

	# grab the 7th entry from the passwd file entry.  This is the desired
	# shell
    	SHELLFILE=${GREPRESULT#*:*:*:*:*:*:}
	SHELLFILE=${SHELLFILE%%:*}

	# "cd" to the home directory, defaulting to / if no home dir is present
	if [ ! -z $HOMEDIR ] ; then
	    builtin cd $HOMEDIR
	else
	    builtin cd /
	fi

	# exec the shell, defaulting to /bin/sh if no shell entry is present
	if [ ! -z $SHELLFILE ] ; then
	    exec $SHELLFILE
	else
	    exec /bin/sh
	fi

    else

	# not a password match
	echo "Invalid login"

    fi
fi


--0-1025202362-958804981=:1138
Content-Type: text/plain; charset=us-ascii

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com
--0-1025202362-958804981=:1138--