Path: utzoo!attcan!uunet!husc6!rice!sun-spots-request
From: greg@lbl-csam.arpa (Greg Ward)
Newsgroups: comp.sys.sun
Subject: Re: Asking for root passwd when booting single user
Message-ID: <1491@helios.ee.lbl.gov>
Date: 24 Dec 88 21:51:24 GMT
References: <8812061032.AA03037@cgchx.cgch.uucp>
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 83
Approved: Sun-Spots@rice.edu
Original-Date: 16 Dec 88 16:59:21 GMT
X-Sun-Spots-Digest: Volume 7, Issue 75, message 7 of 11

Since using /bin/login in /.profile has numerous problems already
mentioned, such as timing out if not execed and booting mulituser without
repairing the filesystem otherwise, I have written a simple C program to
block until the user enters the correct password.  I have installed it as
/etc/checkpass under 3.5, and the -l option tells the program to loop
until the correct password is entered.  By default, it simply returns a
status indicating whether the password entered was correct.  I don't know
about using this with yellow pages, since it reads /etc/passwd to do the
check.

First, compile the program:

	cc -O -n -s checkpass.c -o /etc/checkpass

Then, insert this line (early) in /.profile:

	/etc/checkpass -l root

When the machine boots singleuser, the program will set raw mode, block
signals, and prompt the user for the root password.  If it is entered
incorrectly, it simply repeats the prompt.  Note that this has the same
benefits and hazards of the 4.0 security lockout, namely an inability to
fix a busted or forgotton root password without booting from tape!

This software is public domain and as is...

------------------------ CUT HERE -----------------------------
/*
 *  checkpass.c - Verify password.
 *
 *	4/20/88
 *	Greg Ward
 */

#include <stdio.h>
#include <signal.h>
#include <pwd.h>

extern char	*crypt(), *strcat(), *getpass();


main(argc, argv)
int	argc;
char	*argv[];
{
	static char	prompt[64] = "Password for ";
	int	loop = 0;
	struct passwd	*pwd;
	int	i;
					/* block signals */
	sigsetmask(~0);
					/* get arguments */
	for (i = 1; i < argc; i++)
		if (!strcmp(argv[i], "-l"))
			loop++;
		else
			break;
	if (i != argc-1)
		usage(argv[0]);
	pwd = getpwnam(argv[i]);	/* get password entry */
	if (pwd == NULL) {		/* bad user name */
		fputs(argv[i], stderr);
		fputs(": unknown login\n", stderr);
		exit(1);
	}
	strcat(prompt, pwd->pw_name);
	strcat(prompt, ":");
	do				/* check password */
		if (!strcmp(pwd->pw_passwd, crypt(getpass(prompt), pwd->pw_passwd)))
			exit(0);
	while (loop);
	exit(2);			/* fail */
}


usage(progname)
char	*progname;
{
	fputs("Usage: ", stderr);
	fputs(progname, stderr);
	fputs(" [-l] logname\n", stderr);
	exit(1);
}