dpasswd utility (was Re: Use of /etc/dialups and /etc/d_passwd)

Lenny Tropiano lenny at icus.islp.ny.us
Tue May 2 14:22:25 AEST 1989


In article <5041 at b11.ingr.com> linwood at b11.UUCP (Linwood Varney) writes:
|>In article <245 at chip.UUCP> mparker at chip.UUCP (M. D. Parker) writes:
|>>In a system V environment, I'd be interested in knowing how these files
|>>are used, their formats, etc.
|>
|>Actually these files are quite useful, especially if you are worried about
|>security.
|>
|>The format of the /etc/dialups file is just a list of devices on
|>separate lines that are concidered dailup ports, for example
|>"/dev/tty00".  If the port that login is running on is found in dialups
...

I wrote this a while back, and it'll be useful for those playing with
Dialup Passwords.  This should compile with most compilers, and System V
systems.  Any problems should be reported to:  lenny at icus.islp.ny.us.
"unshar" and read the README ...

-Lenny Tropiano

-- cut here  -- -- cut here  -- -- cut here  -- -- cut here  -- -- cut here  --
#! /bin/sh
# This is a shell archive.  Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file".  To overwrite existing
# files, type "sh file -c".  You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g..  If this archive is complete, you
# will see the following message at the end:
#		"End of shell archive."
# Contents:  README Makefile dpasswd.c
# Wrapped by lenny at icus on Tue May  2 00:19:23 1989
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f README -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"README\"
else
echo shar: Extracting \"README\" \(3434 characters\)
sed "s/^X//" >README <<'END_OF_README'
X-------------------
XREADME for dpasswd:     By Lenny Tropiano (ICUS Software Systems) ...icus!lenny
X-------------------
X
XThis program was written from inspiration I got at the UNIX System V release 4.0
XSoftware Developer's conference I attended this past week in Chicago, Il.
XDuring the "Q&A" session I asked the following question:
X
XQ:	"Will the previously undocumented feature of /bin/login for
X	 Dialup Passwords be documented, as well as, having appropriate
X	 utilities to manage adding and removing dialup passwords?"
X
XA:	 No, it will remain undocumented and therefore will have nothing
X	 on the system to manage those passwords.
X
XSpending about 20 minutes, I decided to write my own.  Previously I had to
Xkludge it by adding the program/pathname to /etc/passwd, executing the
X"passwd" command and then moving the encrypted password to /etc/d_passwd.
XThis was quite a pain, especially as a system administrator.  Enclosed
Xis a program I call, "dpasswd".  It basically handles the undocumented feature
Xthat was in AT&T's UNIX System V release 2.0 and beyond (/bin/login).
X
XFor those who are unsure what I'm talking about, here's a brief explanation.
X/bin/login will look in a file called /etc/dialups for tty devices that
Xare to be declared as "dialups".  The format of the file is /dev/tty names
Xterminated by newline.   If the login tty is found in /etc/dialups, it will
Xthen go to /etc/d_passwd, and look for your "login-default shell" in there.
XThe format of this file is:
X	login_default_shell_path:encrypted_passwd:
X
XIf your shell is there, it will then prompt you for "Dialup Password:" after
Xyou enter your initial password correctly.  If you enter the dialup password
Xincorrectly, you will be denied login.
X 
XWhat you can do with this, is allow everything but /bin/sh, and /bin/ksh to
Xget in without a secondary passwords.  (This will prevent having to give
Xpeople with uucp logins another password -- you can give them one, if you
Xso desire with login shell /usr/lib/uucp/uucico).
X
XSample files are as follows:
X
X/etc/dialups:
X-------------
X/dev/tty000
X/dev/ph1
X
X/etc/d_passwd:
X--------------
X/bin/sh:xeH0weIpa941Q:
X/bin/ksh:UeH0wlIpW0gyQ:
X
XUsage:  dpasswd [-v] [-d] -p program -t terminal
X
X-v		turn verbose on
X-d		delete restriction
X-p program	add (or delete) restriction for program (use full pathname)
X-t terminal	add (or delete) restriction for terminal (don't use "/dev/")
X
Xeg.
X
X# dpasswd -t tty001 -p /bin/sh
X# dpasswd -t /dev/ph1
X# dpasswd -p /bin/ksh
X
X# dpasswd -v -t tty001
Xdpasswd: Dialup terminal restriction added for /dev/tty001.
X
X# dpasswd -v -t tty001
Xdpasswd: Terminal /dev/tty001 already found in /etc/dialups.
X
X# dpasswd -v -t ph1 -p /bin/ksh
XNew Dialup Password:
XRetype Dialup Password:
Xdpasswd: Dialup terminal restriction added for /dev/ph1.
Xdpasswd: Dialup program restriction added for /bin/ksh.
X
X# dpasswd -v -d -t ph1 -p /bin/ksh
Xdpasswd: Dialup terminal restriction removed for /dev/ph1.
Xdpasswd: Dialup program restriction removed for /bin/ksh.
X
XAppropriate diagnostics will be given for all cases (hopefully).
X
XAny problems, corrections, criticisms (only good) :-) should be directed
Xto me.
X
XLenny Tropiano             ICUS Software Systems         [w] +1 (516) 582-5525
Xlenny at icus.islp.ny.us      Telex; 154232428 ICUS         [h] +1 (516) 968-8576
X{talcott,decuac,boulder,hombre,pacbell,sbcs}!icus!lenny  attmail!icus!lenny
X        ICUS Software Systems -- PO Box 1; Islip Terrace, NY  11752
END_OF_README
if test 3434 -ne `wc -c <README`; then
    echo shar: \"README\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f Makefile -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"Makefile\"
else
echo shar: Extracting \"Makefile\" \(586 characters\)
sed "s/^X//" >Makefile <<'END_OF_Makefile'
X#
X# Makefile to compile dpasswd.c  (Dialup Password Administration)
X# By Lenny Tropiano
X# (c)1988 ICUS Software Systems  UUCP: ...icus!lenny -or- lenny at icus.islp.ny.us
X#
XCFLAGS=-O
XLDFLAGS=-s
XLIBS=
XDEST=/usr/lbin/
X#
Xall:	dpasswd
X#
Xdpasswd:  dpasswd.o
X	@echo "Loading ..."
X	$(CC) $(LDFLAGS) -o dpasswd dpasswd.o $(LIBS) 
X#
Xdpasswd.o:
X	$(CC) $(CFLAGS) -c dpasswd.c
X#
X# Need to be root for this
X#
X/usr/lbin:
X	mkdir /usr/lbin
X#
Xinstall: dpasswd /usr/lbin
X	cp dpasswd ${DEST}
X	chown root ${DEST}/dpasswd
X	chgrp bin  ${DEST}/dpasswd
X	chmod 750 ${DEST}/dpasswd
X#
Xclean:
X	rm -f dpasswd *.o core
END_OF_Makefile
if test 586 -ne `wc -c <Makefile`; then
    echo shar: \"Makefile\" unpacked with wrong size!
fi
# end of overwriting check
fi
if test -f dpasswd.c -a "${1}" != "-c" ; then 
  echo shar: Will not over-write existing file \"dpasswd.c\"
else
echo shar: Extracting \"dpasswd.c\" \(5766 characters\)
sed "s/^X//" >dpasswd.c <<'END_OF_dpasswd.c'
X/***************************************************************************
X * dpasswd.c
X *
X * Program to administer the "undocumented" feature /bin/login Dialup 
X * Password's that is part of most UNIX System V releases 
X *
X * By Lenny Tropiano  ICUS Software Systems     December 4, 1988
X *
X * Permission granted to redistribute without profit in the public domain
X * only.  This header must remain in-tact as is.  This program carries
X * no warranties, express or implied, and all consequences resulting from
X * the use of this program are the sole responsibility of the user.
X *
X ***************************************************************************/
X
X#include <stdio.h>
X#include <sys/types.h>
X#include <pwd.h>
X#include <string.h>
X
X/* 
X * preprocessor parameters 
X */
X
X#ifndef MAX_DIALUP
X#define	MAX_DIALUP	10		/* maximum # of dialups on system   */
X#endif
X
X#ifndef MAX_PROGS
X#define	MAX_PROGS	20		/* maximum # of program shells      */
X#endif
X
X#ifndef TTYLEN
X#define TTYLEN		15		/* tty device length "/dev/ttyXXX"  */
X#endif
X
X#ifndef PROGLEN
X#define PROGLEN		35		/* program pathname length          */
X#endif
X
X
X/*
X * global variables
X */
X
Xint	delete,				/* remove dialup information        */
X	verbose;			/* print verbose replies            */
Xchar	terminal[TTYLEN],		/* device to declare as dialup line */
X	program[30];			/* pathname to give dialup password */
Xchar	*thisprg;
Xstatic  char *dttyfile = "/etc/dialups";
Xstatic  char *dpswfile = "/etc/d_passwd";
X
Xmain(argc, argv)
Xint argc;
Xchar **argv;
X{
X	int c, errflg, chgterm, chgprog;
X	extern int optind;
X	extern char *optarg;
X	void   manage_dialup(),
X	       manage_program();
X
X
X	/* 
X	 * initialize program parameters 
X	 */
X
X	thisprg = argv[0];
X	verbose = chgterm = chgprog = 0;
X	terminal[0] = program[0] = '\0';
X	
X	/* 
X	 * read command line options
X	 */
X
X	while ((c = getopt(argc, argv, "?vdt:p:")) != EOF) {
X	    switch (c) {
X	    case 'v':
X		verbose = 1;
X		break;
X	    case 'd':
X		delete = 1;
X		break;
X	    case 't':
X		if (strchr(optarg,'/') == NULL) {
X			chgterm = 1;
X			sprintf(terminal,"/dev/%s",optarg);
X		} else
X			errflg++;
X		break;
X	    case 'p':
X		chgprog = 1;
X		sprintf(program,"%s",optarg);
X		break;
X	    case '?':
X		errflg++;
X		break;
X	    }	/* end switch */
X	} /* end while */
X
X	if (errflg || (!chgterm && !chgprog)) {
X	    fprintf(stderr,
X		"Usage: %s [-v] [-d] -p program -t terminal\n", argv[0]);
X	    exit(1);
X	}
X
X	if (chgterm)
X		manage_dialup();
X
X	if (chgprog)
X		manage_program();
X
X	exit(0);
X}
X
Xvoid manage_dialup()
X{
X	FILE *fp, *fopen(), *fdopen();
X	int  fd, found;
X	int  ttyno, i;
X	char dialtty[MAX_DIALUP][TTYLEN],
X	     buffer[TTYLEN], *fgets(), *c;
X	
X	if ((fp = fopen(dttyfile, "r")) == NULL) {
X		if ((fd = creat(dttyfile, 0644)) < 0) {
X			perror(dttyfile);
X			exit(1);
X		}
X		fp = fdopen(fd, "r");
X	}
X	found = ttyno = 0;
X	while ((fgets(buffer, TTYLEN, fp) != NULL) && ttyno < MAX_DIALUP)  {
X		c = strrchr(buffer,'\n');
X		*c = '\0';
X		if (strcmp(buffer, terminal) == 0)
X			found=ttyno+1;
X		sprintf(dialtty[ttyno++], "%s", buffer);
X	}
X	fclose(fp);
X
X	if (found && delete) {
X		if ((fp = fopen(dttyfile,"w")) == NULL) {
X			perror(dttyfile);
X			exit(1);
X		}
X		found--;
X		for (i=0;i<ttyno;i++) 
X			if (i != found)
X				fprintf(fp, "%s\n", dialtty[i]);
X		fclose(fp);
X
X		if (verbose)
X		    printf("%s: Dialup terminal restriction removed from %s.\n",
X			thisprg, terminal);
X	} else if (!found && !delete) {
X		if ((fp = fopen(dttyfile,"w")) == NULL) {
X			perror(dttyfile);
X			exit(1);
X		}
X		for (i=0;i<ttyno;i++) 
X			fprintf(fp, "%s\n", dialtty[i]);
X		fprintf(fp, "%s\n", terminal);
X		fclose(fp);
X
X		if (verbose)
X		    printf("%s: Dialup terminal restriction added for %s.\n",
X			thisprg, terminal);
X	} else if (!found && delete && verbose) 
X		printf("%s: Terminal %s not found in %s.\n",
X			thisprg, terminal, dttyfile);
X	else if (found && !delete && verbose)
X		printf("%s: Terminal %s already found in %s.\n",
X			thisprg, terminal, dttyfile);
X
X}		
X
Xvoid manage_program()
X{
X	FILE *fp, *fopen(), *fdopen();
X	int  fd, found;
X	int  bad, match;
X	int  pswno, i;
X	char dialpsw[MAX_PROGS][PROGLEN],
X	     buffer[PROGLEN], *fgets(), *c,
X	     *getpass(), *crypt(), passwd[20], retype[20];
X	
X	if ((fp = fopen(dpswfile, "r")) == NULL) {
X		if ((fd = creat(dpswfile, 0644)) < 0) {
X			perror(dpswfile);
X			exit(1);
X		}
X		fp = fdopen(fd, "r");
X	}
X	found = pswno = 0;
X	while ((fgets(buffer, PROGLEN, fp) != NULL) && pswno < MAX_PROGS)  {
X		c = strrchr(buffer,'\n');
X		*c = '\0';
X		if (strncmp(buffer, program, strlen(program)) == 0)
X			found=pswno+1;
X		sprintf(dialpsw[pswno++], "%s", buffer);
X	}
X	fclose(fp);
X
X	if (found && delete) {
X		if ((fp = fopen(dpswfile,"w")) == NULL) {
X			perror(dpswfile);
X			exit(1);
X		}
X		found--;
X		for (i=0;i<pswno;i++) 
X			if (i != found)
X				fprintf(fp, "%s\n", dialpsw[i]);
X		fclose(fp);
X
X		if (verbose)
X		    printf("%s: Dialup program restriction removed from %s.\n",
X			thisprg, program);
X	} else if (!delete) {
X		if ((fp = fopen(dpswfile,"w")) == NULL) {
X			perror(dpswfile);
X			exit(1);
X		}
X		bad = 0;
X		do {
X		    sprintf(passwd,"%s",getpass("New Dialup Password:"));
X		    sprintf(retype,"%s",getpass("Retype Dialup Password:"));
X		    if ((match = strcmp(passwd, retype)) != 0) {
X			printf("They don't match; try again.\n\n");
X			bad++;
X		    }
X		} while (match != 0 && bad < 3);
X		if (bad == 3) {
X			printf("Too many tries; try again later.\n\n");
X			return;
X		}
X
X		found--;
X		for (i=0;i<pswno;i++) 
X			if (i != found)
X				fprintf(fp, "%s\n", dialpsw[i]);
X		fprintf(fp, "%s:%s:\n", program, crypt(passwd, passwd));
X			
X		fclose(fp);
X
X		if (verbose)
X		    printf("%s: Dialup program restriction added for %s.\n",
X			thisprg, program);
X
X	} else if (!found && delete && verbose) 
X		printf("%s: Program %s not found in %s.\n",
X			thisprg, program, dpswfile);
X
X}
END_OF_dpasswd.c
if test 5766 -ne `wc -c <dpasswd.c`; then
    echo shar: \"dpasswd.c\" unpacked with wrong size!
fi
# end of overwriting check
fi
echo shar: End of shell archive.
exit 0
-- 
Lenny Tropiano             ICUS Software Systems         [w] +1 (516) 582-5525
lenny at icus.islp.ny.us      Telex; 154232428 ICUS         [h] +1 (516) 968-8576
{talcott,decuac,boulder,hombre,pacbell,sbcs}!icus!lenny  attmail!icus!lenny
        ICUS Software Systems -- PO Box 1; Islip Terrace, NY  11752



More information about the Comp.unix.wizards mailing list