login_linux.c

建立一个模拟数据库来存储你的登录用户名、密码

/* gcc -Wall -g -o mylogin login.linux.c -lcrypt */

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <stdio_ext.h>
#include <string.h>
#include <signal.h>
#include <pwd.h>
#include <sys/types.h>
#include <crypt.h>
/* Uncomment next line in step 2 */
#include "pwent.h"

#define TRUE 1
#define FALSE 0
#define LENGTH 16


void sighandler()
{
  /* add signalhandling routines here */
  /* see 'man 3 signal' */
  void msg()
      {
       printf("Operation denied.\n");
      }
  signal(SIGINT, msg);

}


int main(int argc, char  *argv[])
{

  //struct passwd *passwddata;     /* this has to be redefined in step 2 */
                                 /* see pwent.h */
  mypwent *passwddata;
  char   important[LENGTH] = "***IMPORTANT***";
  char   user[LENGTH];
  char   *c_pass; //you might want to use this variable later...
  char   prompt[] = "password: ";
  char   *user_pass;


  sighandler();

   while ( TRUE )
    {
      /* check what important variable contains - do not remove, part of buffer overflow test */ 
      printf("Value of varible 'important' before input of login name: %s\n", important);

      printf("login: ");
      fflush(NULL);            /* Flush all  output buffers */
      __fpurge(stdin);	       /* Purge any data in stdin buffer */

      if (fgets(user,LENGTH,stdin) == NULL)
      //if (gets(user) == NULL)   /* gets() is vulnerable to buffer */
	exit(0);       		/*  overflow attacks.  */ 
      user[strlen(user)-1] = '\0';

      /* check to see if important variable is intact after input of login name - do not remove */
      printf("Value of varible 'important' after input of login name: %*.*s\n", LENGTH - 1, LENGTH - 1, important);
      

      user_pass = getpass(prompt);
      passwddata = mygetpwnam(user);

      if (passwddata != NULL) 
	{                          
	  /* You have to encrypt user_pass for this to work */
	  /* Don't forget to include the salt */
          c_pass = crypt(user_pass, passwddata->passwd_salt);

          if (passwddata->pwfailed > 3)
	    {
	      printf("Wrong password too many times. User blocked.\n");
            }
	  else 
            {
                //if (!strcmp(user_pass, passwddata->pw_passwd )) //step1
	        //if (!strcmp(user_pass, passwddata->passwd ))    //step2
                if (!strcmp(c_pass, passwddata->passwd ))
	          {

	            printf("You're in !\n");
                    printf("Number if failed login attempts: %d\n",passwddata->pwfailed);
                    passwddata->pwfailed = 0;
                    passwddata->pwage = passwddata->pwage + 1; 
                    mysetpwent(user, passwddata);
                    
                    if (passwddata->pwage > 10) 
                      {
		         printf("Password expired. Please swap.\n");
		      }
	            /*  check UID, see setuid(2) */ 
	            /*  start a shell, use execve(2) */
	      
	          }
                 else 
                   {
                     passwddata->pwfailed = passwddata->pwfailed + 1;
		     mysetpwent(user, passwddata);
                     printf("Login Incorrect \n");
                   }
	    } 
         }
    }
   return 0;
}