cap/check_password_caps.c

This is cap/check_password_caps.c (Listing 39-1, page 808), an example from the book, The Linux Programming Interface.

The source code file is copyright 2024, Michael Kerrisk, and is licensed under the GNU General Public License, version 3.

This page shows the "distribution" or "book" version of the file (why are there two versions?), or the differences between the two versions. You can switch between the views using the tabs below.

In the listing below, the names of Linux system calls and C library functions are hyperlinked to manual pages from the Linux man-pages project, and the names of functions implemented in the book are hyperlinked to the implementations of those functions.

  Cover of The Linux Programming Interface
+/* check_password_caps.c
+
+   This program provides an example of the use of capabilities to create a
+   program that performs a task that requires privileges, but operates without
+   the full power of 'root'. The program reads a username and password and
+   checks if they are valid by authenticating against the (shadow) password
+   file.
+
+   The program executable file must be installed with the CAP_DAC_READ_SEARCH
+   permitted capability, as follows:
+
+        $ sudo setcap "cap_dac_read_search=p" check_password_caps
+
+   This program is Linux-specific.
+
+   See also check_password.c.
+*/
 #define _BSD_SOURCE             /* Get getpass() declaration from <unistd.h> */
+#ifndef _XOPEN_SOURCE
 #define _XOPEN_SOURCE           /* Get crypt() declaration from <unistd.h> */
+#endif
 #include <sys/capability.h>
 #include <unistd.h>
 #include <limits.h>
 #include <pwd.h>
+#include <crypt.h>
 #include <shadow.h>
 #include "tlpi_hdr.h"
 
 /* Change setting of capability in caller's effective capabilities */
 
 static int
 modifyCap(cap_value_t capability, int setting)
 {
     cap_t caps;
     cap_value_t capList[1];
 
     /* Retrieve caller's current capabilities */
 
     caps = cap_get_proc();
     if (caps == NULL)
         return -1;
 
     /* Change setting of 'capability' in the effective set of 'caps'. The
        third argument, 1, is the number of items in the array 'capList'. */
 
     capList[0] = capability;
     if (cap_set_flag(caps, CAP_EFFECTIVE, 1, capList, setting) == -1) {
         cap_free(caps);
         return -1;
     }
 
     /* Push modified capability sets back to kernel, to change
        caller's capabilities */
 
     if (cap_set_proc(caps) == -1) {
         cap_free(caps);
         return -1;
     }
 
     /* Free the structure that was allocated by libcap */
 
     if (cap_free(caps) == -1)
         return -1;
 
     return 0;
 }
 
 static int              /* Raise capability in caller's effective set */
 raiseCap(cap_value_t capability)
 {
     return modifyCap(capability, CAP_SET);
 }
 
 /* An analogous dropCap() (unneeded in this program), could be
    defined as: modifyCap(capability, CAP_CLEAR); */
 
 static int              /* Drop all capabilities from all sets */
 dropAllCaps(void)
 {
     cap_t empty;
     int s;
 
     empty = cap_init();
     if (empty == NULL)
         return -1;
 
     s = cap_set_proc(empty);
 
     if (cap_free(empty) == -1)
         return -1;
 
     return s;
 }
 
 int
 main(int argc, char *argv[])
 {
     char *username, *password, *encrypted, *p;
     struct passwd *pwd;
     struct spwd *spwd;
     Boolean authOk;
     size_t len;
     long lnmax;
 
+    /* Determine size of buffer required for a username, and allocate it */
+
     lnmax = sysconf(_SC_LOGIN_NAME_MAX);
     if (lnmax == -1)                        /* If limit is indeterminate */
         lnmax = 256;                        /* make a guess */
 
     username = malloc(lnmax);
     if (username == NULL)
         errExit("malloc");
 
     printf("Username: ");
     fflush(stdout);
     if (fgets(username, lnmax, stdin) == NULL)
         exit(EXIT_FAILURE);                 /* Exit on EOF */
 
     len = strlen(username);
     if (username[len - 1] == '\n')
         username[len - 1] = '\0';           /* Remove trailing '\n' */
 
+    /* Look up password record for username */
+
     pwd = getpwnam(username);
     if (pwd == NULL)
         fatal("couldn't get password record");
 
     /* Only raise CAP_DAC_READ_SEARCH for as long as we need it */
 
     if (raiseCap(CAP_DAC_READ_SEARCH) == -1)
         fatal("raiseCap() failed");
 
+    /* Look up shadow password record for username */
+
     spwd = getspnam(username);
     if (spwd == NULL && errno == EACCES)
         fatal("no permission to read shadow password file");
 
     /* At this point, we won't need any more capabilities,
        so drop all capabilities from all sets */
 
     if (dropAllCaps() == -1)
         fatal("dropAllCaps() failed");
 
     if (spwd != NULL)           /* If there is a shadow password record */
         pwd->pw_passwd = spwd->sp_pwdp;     /* Use the shadow password */
 
     password = getpass("Password: ");
 
     /* Encrypt password and erase cleartext version immediately */
 
     encrypted = crypt(password, pwd->pw_passwd);
     for (p = password; *p != '\0'; )
         *p++ = '\0';
 
     if (encrypted == NULL)
         errExit("crypt");
 
     authOk = strcmp(encrypted, pwd->pw_passwd) == 0;
     if (!authOk) {
         printf("Incorrect password\n");
         exit(EXIT_FAILURE);
     }
 
     printf("Successfully authenticated: UID=%ld\n", (long) pwd->pw_uid);
 
     /* Now do authenticated work... */
 
     exit(EXIT_SUCCESS);
 }

Note that, in most cases, the programs rendered in these web pages are not free standing: you'll typically also need a few other source files (mostly in the lib/ subdirectory) as well. Generally, it's easier to just download the entire source tarball and build the programs with make(1). By hovering your mouse over the various hyperlinked include files and function calls above, you can see which other source files this file depends on.

Valid XHTML 1.1