Asking for root passwd when booting single user

Greg Ward greg at lbl-csam.arpa
Sun Dec 25 07:51:24 AEST 1988 

Since using /bin/login in /.profile has numerous problems already
mentioned, such as timing out if not execed and booting mulituser without
repairing the filesystem otherwise, I have written a simple C program to
block until the user enters the correct password.  I have installed it as
/etc/checkpass under 3.5, and the -l option tells the program to loop
until the correct password is entered.  By default, it simply returns a
status indicating whether the password entered was correct.  I don't know
about using this with yellow pages, since it reads /etc/passwd to do the
check.

First, compile the program:

	cc -O -n -s checkpass.c -o /etc/checkpass

Then, insert this line (early) in /.profile:

	/etc/checkpass -l root

When the machine boots singleuser, the program will set raw mode, block
signals, and prompt the user for the root password.  If it is entered
incorrectly, it simply repeats the prompt.  Note that this has the same
benefits and hazards of the 4.0 security lockout, namely an inability to
fix a busted or forgotton root password without booting from tape!

This software is public domain and as is...

------------------------ CUT HERE -----------------------------
/*
 *  checkpass.c - Verify password.
 *
 *	4/20/88
 *	Greg Ward
 */

#include <stdio.h>
#include <signal.h>
#include <pwd.h>

extern char	*crypt(), *strcat(), *getpass();


main(argc, argv)
int	argc;
char	*argv[];
{
	static char	prompt[64] = "Password for ";
	int	loop = 0;
	struct passwd	*pwd;
	int	i;
					/* block signals */
	sigsetmask(~0);
					/* get arguments */
	for (i = 1; i < argc; i++)
		if (!strcmp(argv[i], "-l"))
			loop++;
		else
			break;
	if (i != argc-1)
		usage(argv[0]);
	pwd = getpwnam(argv[i]);	/* get password entry */
	if (pwd == NULL) {		/* bad user name */
		fputs(argv[i], stderr);
		fputs(": unknown login\n", stderr);
		exit(1);
	}
	strcat(prompt, pwd->pw_name);
	strcat(prompt, ":");
	do				/* check password */
		if (!strcmp(pwd->pw_passwd, crypt(getpass(prompt), pwd->pw_passwd)))
			exit(0);
	while (loop);
	exit(2);			/* fail */
}


usage(progname)
char	*progname;
{
	fputs("Usage: ", stderr);
	fputs(progname, stderr);
	fputs(" [-l] logname\n", stderr);
	exit(1);
}

More information about the Comp.sys.sun mailing list